News broke today that ministers are failing to act with “a meaningful sense of purpose or urgency” in the face of a growing cyber threat to the UK’s critical national infrastructure (CNI), a parliamentary committee has warned. The joint committee on national security strategy said at a time when states such as Russia were expanding their capability to mount disruptive cyber-attacks, the UK’s level of ministerial oversight was “wholly inadequate”.
Israel Barak, Chief Information Security Officer at Cybereason:
“The spectrum of cyberattacks against critical infrastructure providers in the UK and the profile of adversaries who targeting these environments continues to broaden. Critical infrastructure is generally old, poorly patched and managed, and was designed before cyber threats were a significant concern. This means the ability to cause damage is significant, if the attacker knows what they are doing. Power grids are vulnerable to cascading failures and if attackers know which substation to take offline or cause a surge in, they can take down significant portions of grids without conducting a large number of intrusions.
Beyond power generation, there are significant localized effects a hacker can create by going after sewage/water treatment, industrial chemical production, or the transportation system. As it stands right now, public-private partnerships are the lynchpin of keeping critical infrastructure safe. More often than not, security measures come in the form of recommendations rather than edicts from the government and it is up to each individual provider to adopt or ignore. Strengthening that connection and creating a real understanding within the private sector of the real risk they face is key to building a more resilient sector.”