Last week, cyber security leaders from across the UK gathered in central London for the third CNI Cyber Security Summit. As the UK’s leading cyber security event for Critical National Infrastructure (CNI), this year focused on the pressing theme of ‘Defending CNI: Stories from the Frontline’.
Bringing together operators of essential services (OES), regulators, CNI cyber security experts and technology providers, the summit provided a forum to discuss the latest threats, issues and challenges facing CNI. We were also joined by a range of speakers, from organisations such as Transport for London (TfL), Bupa, Anglian Water and the NCSC, who each shared their take on this year’s theme.
Read on for more information about key topics from the day as well as the talks, panels, and breakout sessions.
Key Themes
Throughout the day, as our presenters and delegates shared their stories from the frontline, several key themes emerged:
Collaboration and Connection
As in previous years, the summit made clear that operators of essential services across sectors face many of the same challenges. Throughout the day, numerous questions from our audience asked to compare approaches to risk management, building cyber security culture, and navigating a complex regulatory landscape.
These conversations highlighted that there is no one-size-fits-all approach that will work for every CNI organisation. However, by sharing best practices and lessons learned from their own experiences, operators can collectively improve their own cyber security practices. Many of our speakers also spoke of the importance of expanding cyber security culture beyond its traditional domains and including the wider business, from the C-suite down to everyday employees.
Public Safety and Trust
A clear consensus from the day was a collective awareness of the impact a cyber incident could have on public safety. While we heard differing opinions on exactly how a cyber attack may affect the public, there was clear agreement that the decisions made by cyber security leaders had ripple effects far beyond their own organisation.
Our attendees shared concerns around both short term, direct threats to public health as well as the long-term erosion of trust. Many attendees also affirmed the mutual interdependence of CNI, recognising that an impact to one sector would also ripple outwards to others.
The Real Threat of AI
Much of the day was also spent separating AI hype from reality. Amongst all the clamour of AI upending how cyber attacks are both carried out and defended against, delegates expressed reassurance by the more grounded picture presented by our speakers.
Broadly, our speakers concluded that while AI wasn’t introducing anything new, it was making certain activities carried out by attackers and defenders faster and easier. These included the development of exploit code, the discovery of vulnerabilities, generating contextual information for defenders and conversation analysis for risk signals in real time.
Regulation
Regulation was a recurring topic across many of our talks and questions from participants. Many attendees recognised the value provided by existing regulations and frameworks – with the CAF, NIST 800-53 and IEC 62443 receiving specific recognition. However, concerns were also raised over the number of regulations coming into force and whether there was any redundancy, given the amount of overlap in controls.
Talk Summaries
TfL | Keeping Everything Moving
Our opening keynote of the day was presented by Jules Gascoigne, CISO at TFL. Reflecting on the challenges of defending the world’s largest integrated transport network, he discussed how CNI organisations can defend their OT environments. Among his recommendations was promoting awareness and training for first line defenders and engineers, building a community of interest around cyber, and applying NIST 800-53 and IEC 62443.
Bridewell | Time to Respond
Next, our Incident Response Manager, James John, presented on what makes or breaks incident response. In his talk, he focused on the critical first 24 hours of incident response, stressing the need to quickly understand impact, stakeholders, containment and next steps. He also advocated for pre-defined, practiced layered containment strategies, where decisive action and coordination matter more than perfection.
Bupa | SecOps Reimagined
Rounding off our talks for the morning was Emma Leith, Chief Security and Controls Officer at Bupa, who educated attendees about how they can take a product operating model mindset to security operations. Her talk advocated for an approach that embeds cyber security from the very start of planning, aligned around a clear, unified goal, where early integration ensures security is built in, not bolted on, to reduce risk and friction later.
Anglian Water | Securing CNI
Sharing his insights from Anglian Water, Steve Trippier, Group CISO, shared the practical challenges of protecting an essential public service. He highlighted the long-term complexity of securing CNI, where decades-long project timelines clash with rapidly evolving cyber threats. Steve also stressed that compliance doesn’t equal security, and success depends on strong business alignment, retaining skilled teams, and prioritising progress over perfection.
NCSC | Competition, Crisis, Conflict
A senior representative from the NCSC joined us to share their view of cyber threats today. They warned that rising geopolitical tensions are increasing threats to CNI, with a broader range of threat actors than ever before. Despite this, attackers still exploit basic weaknesses like phishing and poor credentials, reinforcing the need for strong foundational security and resilience.
Bridewell | The Adversary Has Copilot Too
Kieran B., our Head of Security Engineering, was joined on stage by ChatGPT for a back-and-forth discussion about how AI could have changed prominent cyber attacks in recent memory, from both an attacker and defender’s perspective. His talk demonstrated how AI can be used to expose human vulnerabilities and hidden dependency risks, while also raising critical questions around trust in supply chains, particularly how far it extends beyond organisational visibility
Armis | Moving to Continuous Exposure Management for Risk Reduction
Barry O’Brien, Principal Architect OT at Armis, later joined us to discuss a new approach for managing risk exposure. His talk explained how CNI organisations can step off the broken vulnerability treadmills and instead move towards risk-prioritised resilience in high-stakes environments.
Bridewell | Inside OT
Glenn Warwick, Head of OT Cyber Security, looked at whether a cyber attack can cause a loss of safety. Exploring whether cyber attacks can translate into real-world safety risks, he used examples from water treatment systems to illustrate potential consequences. He emphasised the need for built-in safety controls and safeguards to prevent dangerous outcomes, even if systems are compromised.
Breakout Sessions
Our delegates then spread out across the venue to attend one of four breakout sessions covering insider risk, OSINT, incident response, and bridging IT and OT.
Fern Trading, SSE, Centrica | Securing the Energy Supply Chain
The panel stressed that managing third-party and supply chain risk in energy requires far greater industry-wide collaboration, particularly around standardising supplier assessments and contracts. With regulation like CSRB still years away, organisations must act now to build closer vendor relationships, strengthen public-private partnerships and enforce baseline standards such as Cyber Essentials to meaningfully reduce risk.
Geoff White | The Trailer Park Spy Ring
Bringing his experience as an author, speaker and investigative journalist to bear, Geoff discussed North Korea’s increasing involvement in the world of cyber crime. In his talk, he looked at how their tactics had changed over the years leading to a large-scale spy ring being run from an unassuming trailer park in Minnesota.
Time For Networking
Following the conclusion of the Summit, delegates enjoyed a drinks and canapés reception with the chance to network with fellow CNI cyber professionals, as well as members of Bridewell's team and our partner, Armis.
Keep an eye out for news on the date for the 2027 CNI Cyber security Summit over the coming months.
Charlie Kahn
Content and Communications Manager
