Skip to content

Making Critical Infrastructure More Resilient: Recommendations from Penetration Testers

In a nutshell: Penetration testers identify concrete measures that operators of critical infrastructure should implement to effectively hinder attackers.

The British National Cyber Security Centre surveyed penetration testers on how operators of critical infrastructure can significantly improve their security. The findings are directed at organisations seeking to strengthen their defence against real-world attack scenarios.

The National Cyber Security Centre (NCSC) has collected insights from experienced penetration testers who regularly test critical national infrastructure (CNI) under realistic conditions. The goal was to document practical knowledge about effective defensive measures that demonstrably make it harder for attackers to penetrate systems or spread laterally.

For CISOs and infrastructure managers, these insights provide prioritised guidance. While compliance frameworks such as the NIS2 Directive define fundamental requirements, penetration testers in the field show which implementations are actually effective against professional attack scenarios and where many organisations still have gaps today.

The results support risk-based resource allocation: instead of generic hardening measures, organisations can prioritise defensive elements that provide the greatest resistance against real threats. This is particularly relevant for operators of critical infrastructure who face both increased pressure from regulatory requirements and threats from advanced state and organised actors.


Source: www.ncsc.gov.uk · Published 1 July 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: