Privacy policy

Our website uses cookies to enhance your online experience by; measuring audience engagement, analyzing how our webpage is used, improving website functionality, and delivering relevant, personalized marketing content.
Your privacy is important to us. Thus, you have full control over your cookie preferences and can manage which ones to enable. You can find more information about cookies in our Cookie Policy, about the types of cookies we use on Atos Cookie Table, and information on how to withdraw your consent in our Privacy Policy.

Our website uses cookies to enhance your online experience by; measuring audience engagement, analyzing how our webpage is used, improving website functionality, and delivering relevant, personalized marketing content. Your privacy is important to us. Thus, you have full control over your cookie preferences and can manage which ones to enable. You can find more information about cookies in our Cookie Policy, about the types of cookies we use on Atos Cookie Table, and information on how to withdraw your consent in our Privacy Policy.

Skip to main content

Opening the Critical National Infrastructure umbrella

The UK’s Critical National Infrastructure (CNI) spans 13 distinct sectors, from energy and utilities to transport, healthcare and public broadcasting. Each has its own unique challenges, regulatory frameworks and operational demands. Yet, despite these differences, there’s a growing recognition that adopting a unified ‘umbrella’ approach to securing, monitoring and managing critical national infrastructure could benefit all by improving resilience, establishing a secure baseline, fostering collaboration and driving innovation across the board.

But how? If each sector is so specialized, can a single framework really work? The answer lies in identifying shared challenges, sharing learnings across sectors, and delivering scalable solutions that tackle those shared challenges.

A huge misconception about CNI is that its sectors operate in isolation. In reality, they’re deeply interconnected and interdependent. A hospital can’t function without electricity. A logistics network depends on roads and telecommunications networks. A national broadcaster relies on energy and digital infrastructure.

This interdependency means that a failure or compromise in one sector can cascade into others, something we’ve seen play out in real time. Take the impact of Storm Arwen in November 2021, when major power outages left some without access to their digital land lines, and no way of contacting emergency services. Also in 2021, a problem with railway drainage caused by blockages in the wastewater network almost caused the National Blood Bank to flood.

A single umbrella approach wouldn’t erase sector-specific needs, but it would create a framework for shared resilience, allowing for standardized security baselines aligned with frameworks like the NCSC’s Cyber Assessment Framework, while still accommodating sector-specific regulations. It would enable cross-sector threat intelligence, so an attack on a utility company could trigger pre-emptive defences in transport or healthcare. And it would support proactive risk modelling, identifying choke points before they cause systemic failures.

Breaking down the silos

While it’s clear that interdependencies exist, there continues to be little cross-sector collaboration right now. CNI leaders rarely meet to discuss shared challenges or potential solutions. That needs to change. Industry can pioneer mechanisms to foster collaboration, such as CNI roundtables that bring together CTOs and senior leaders from utilities, energy and transport to tackle common issues like IT and OT convergence and exposure to cybersecurity threats.

These cross-industry discussions have proven value. For example, during a recent workshop with a rail sector client, we demonstrated an intelligent wastewater network monitoring solution we have built for a utilities company, which uses IoT sensors to detect blockages in pipelines. There were immediate parallels for monitoring rail track conditions, proving that solutions from one sector can be adapted to another with the right framework.

Introducing the CNI Passport

Another major efficiency barrier in CNI is security clearance. Today, each sector, and sometimes each department within a sector, has its own vetting process. Moving a specialist from a transport project to a defence contract can take weeks, if not months, of re-clearance.

A standardized CNI passport would enable engineers to move between sectors without repeated background checks, enabling burst capacity for critical projects, such as pulling in a Geographic Information System (GIS) expert for a two-week rail construction task. It would also help retain institutional knowledge, as teams could rotate across related CNI projects rather than being siloed.

Anyone who works within the sector will have seen the need for this flexibility firsthand. One example is when specialized skills are required for short-term projects, like GIS system optimization, but onboarding experts quickly under the current clearance system is a struggle. A unified passport would remove these bottlenecks while maintaining rigorous security standards.

Learning from the AI frontrunners

In terms of driving shared innovation across CNI, it’s clear not all sectors innovate at the same pace. That is especially visible with relatively new technologies like AI. Our work in the defence sector is a prime example of a frontrunner in this space. One of our partners was able to automate cost estimation, previously an eight-month consultant-led process, using trained agentic AI teams to deliver results in under 20 minutes. This same approach is now being explored in the rail sector, where AI promises to revolutionize construction planning and risk assessment.

Despite the potential benefits of AI, 74% of companies struggle to scale AI projects according to data from Statistica, and 50% never make it to production according to Gartner. Taking an umbrella approach could help lagging sectors avoid reinventing the wheel by creating shared AI blueprints, such as adapting the defence sector’s agentic AI for rail or utilities, and pooling data governance best practices to accelerate safe deployment.

Some of the most transferable innovations come from the deployment of digital twins and IoT solutions. As noted above, our work with utilities had direct applications in transport. Similarly, the converse is true where rail clients have developed synthetic environments, these are digital twins of rail sections, that could inspire similar models in water or energy networks. But business cases for digital twins can be hard to justify due to upfront costs. A unified CNI approach could help spread risk and share ROI models, making investment easier for all.

The UK’s CNI doesn’t need a one-size-fits-all overhaul; it needs a collaborative backbone. By creating shared threat intelligence pools, standardized security frameworks and cross-sector innovation hubs, we can build a resilient, adaptive CNI ecosystem because there are more similarities between sectors than you might think.

We just need to get the right people in the room and joining the dots. The umbrella isn’t about control, it’s about connection. And in an era of escalating cyber threats and climate pressures, that connection could be the UK’s biggest infrastructure advantage.

A version of this article first appeared in the September 2025 editions of UC Advanced magazine and Construction & Civil Engineering magazine

 

Tony Long

Chief Technology Officer, Resource Services and TMT, Atos UK&I

View detailsof Tony Long >
  • Email Tony Long
  • Follow Tony Long on LinkedIn

Share this blog article