Remote and hybrid working fundamentally altered the attack surface for CNI organisations. Securing distributed workforces requires rethinking clearance protocols, endpoint security, and the talent to operate hybrid SOC models.
← Back to Insights
The shift to remote and hybrid working reshaped every sector. For critical national infrastructure, it did something more — it fundamentally altered the attack surface. Most organisations adapted quickly during 2020, spinning up VPNs and deploying collaboration tools overnight. But for CNI operators in energy, defence, transport, and financial services, the security implications ran far deeper than a new laptop policy. They touched clearance protocols, OT network access, and the physical security of sensitive environments.
When employees work from home, every residential broadband connection becomes a potential entry point to your organisation. For CNI organisations handling classified or sensitive material, this is not theoretical. The NCSC has repeatedly warned that remote access to operational technology environments introduces risks that traditional IT security controls were never designed to manage.
Endpoint detection and response (EDR) has largely replaced legacy antivirus as the baseline. But EDR alone doesn't address the human factors: staff using personal devices for work communications, unverified callers exploiting remote workers through vishing attacks, or the simple absence of physical oversight that on-site environments provide.
For roles requiring SC or DV clearance, remote working introduces a particular challenge. Much of the work demanding vetting also demands controlled environments — secure facilities, accredited networks, and supervised access to classified material. Hybrid models have to balance operational flexibility with non-negotiable security policy requirements.
Organisations that got this right didn't treat it as an IT problem. They treated it as a workforce architecture challenge — redesigning which roles could operate remotely, which required periodic site presence, and which had to remain fully on-site. That redesign required security leadership at the table, not just HR decisions.
Hybrid working expanded the geographic talent pool for some roles but also created new recruitment challenges. Candidates with active clearances may be tied to specific regions by their sponsoring organisation. Security professionals with operational technology experience may need physical access to industrial environments that cannot be virtualised.
Simultaneously, demand has grown significantly for professionals who understand both IT and OT security — and who can design controls for hybrid operating models. These aren't skills you find on a generic job board. They require specialist networks and domain-specific search capability.
First, invest in continuous security awareness training addressing remote-specific threats like vishing and social engineering over video calls. Second, deploy managed endpoint detection across every device with access to corporate or operational networks. No exceptions.
Third, enforce patch management rigorously. The 2017 Equifax breach, caused by a single unpatched vulnerability, remains a stark reminder of what complacency costs. Fourth, segment OT and IT networks so remote access to one doesn't create a pathway to the other.
Fifth, review clearance and access policies to reflect how people actually work now, not five years ago. And sixth, hire the right people. Remote security architecture, zero-trust implementation, and hybrid SOC operations all require specialist talent most organisations cannot develop internally at the pace the threat landscape demands.
Remote and hybrid working is not going away. For CNI organisations, the question is no longer whether to allow it but how to secure it without degrading operational capability. That requires a deliberate approach to both technology and talent — and recognition that the people designing and operating these controls are as critical as the controls themselves.
The demand for experienced CISOs in critical national infrastructure far outstrips supply. We examine what's driving the gap, how organisations can compete for scarce talent, and why traditional hiring approaches are failing.
AI spending on network automation will reach $20 billion by 2028. For CNI operators, deploying AI effectively requires professionals who understand both the technology and the operational context of critical infrastructure.
Trusted by security leaders at
"I can't recommend Gyles and the team at Foundations enough. We struggled to find a suitable candidate for 5 months, Foundations found 3 perfect candidates in 24 hours."
Manager of EMEA & APAC Network Engineering, Equinix
