Hostile states are attacking the UK’s national infrastructure supply chain in an ongoing cyber campaign, the National Cyber Security Centre (NCSC), part of GCHQ, has said.
The campaign, which is focused on engineering and industrial control companies has been ongoing since March last year, an advisory report has revealed.
NCSC’s report did not name the hostile states involved but referenced a US Department of Homeland Security technical alert, which was published on 15 March, that identified the Russian government as the source of similar attacks in the America.
Last month National Grid was told to increase its security measures in the face of an increased threat of a Russian cyber-attack, The Times reported. The latest warning comes amid deteriorating international relations following a nerve agent attack on a former Russian spy in Salisbury.
The advisory note said: “The NCSC is aware of an ongoing attack campaign against multiple companies involved in the Critical National Infrastructure (CNI) supply chain. These attacks have been ongoing since at least March 2017. The targeting is focused on engineering and industrial control companies.”
The government defines CNI as infrastructure that, if lost or compromised, “would result in major detrimental impact on the availability, delivery or integrity of essential services, leading to severe economic or social consequences or to loss of life.”
The increased connectivity of the UK’s critical infrastructure could leave it vulnerable to a cyber attack, experts have warned. “The new digital reality is a highly connected world, and with that comes multiple threats of attacks,” Atkins technical director Ian Buffey told New Civil Engineer in January. “As increasing interconnectivity leads to more complex systems, ensuring the safety and security of assets or services becomes more challenging.”
The World Economic Forum’s Global Risk Report published in January identified cybersecurity as one of the biggest threats the world will face this year.