Increased interconnectivity could leave the UK’s critical infrastructure vulnerable to a cyberattack, experts have warned.
Last week, defence secretary Gavin Williamson told the Telegraph that an attack on the UK’s gas, electricity or internet networks could cause economic devestation and result in “thousands and thousands of deaths.” Meanwhile, the World Economic Forum’s (WEF) Global Risks Report, published this month, warned that cybersecurity is one of the biggest threats the world faces this year.
Atkins technical director Ian Buffey agreed that a combination increasing interconnectivity and aging infrastructure make the UK’s assets more vulnerable to attack than ever before.
“The new digital reality is a highly connected world, and with that comes multiple threats of attacks,” he explained. ”As increasing interconnectivity leads to more complex systems, ensuring the safety and security of assets or services becomes more challenging.
“Securing critical national infrastructure also poses several problems. Some technologies which underpin our infrastructure are legacy assets that may not have been upgraded for generations. Often these weren’t built with the internet in mind, less still cyber security.
“Replacing the old technology can be extremely difficult, both from a process and cost perspective”.
Cyberattacks and massive data fraud both ranked in the top five global risks by perceived likelihood in the latest WEF risk report; it warned that “in a worst-case scenario attackers [they] could trigger a breakdown in the systems that keep societies functioning.”
The Centre for the Protection of National Infrastructure (CPNI) has also issued warnings over the growing threat. The UK government’s advisory body has identified foreign states as being best able to conduct the most damaging cyber espionage and computer network attacks and warned that cyber espionage can target the government, military, business and individuals. Last year the government set up a National Cyber Security Centre to combat the threat.
In December 2015, Russian hackers targeted Ukraine’s power system, leaving 225,000 people without power in what was thought to be the first successful hack aimed at utilities.
“I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack”, National Cyber Security Centre head Ciaran Martin told the Guardian last week.
However Energy and Climate Intelligence Unit analyst Dr Jonathan Marshall said an attack on electricity and gas interconnectors would not lead to the panic described by the defence secretary and that the UK has enough capacity to cope without imports.
Speaking to NCE, he said: “As with any large system, defence mechanisms are built in to the UK grid, providing resilience against unexpected events. The increasing decentralisation of the UK energy system will add further security to the network, as the dependency on a small number of large power stations is reduced.”
Atkins’ Buffey said that security concerns should be considered during the construction of new infrastructure, adding that awareness of risks should be more central to business culture.
He said: “The key to making national and private infrastructure and networks more secure in the long term is to take security concerns into account right from the start. If security resilience is designed in from the beginning, it is much cheaper and easier but for existing systems there is still a lot we can do.
“Embedding cyber awareness into business culture is key to the protection of systems and networks. There is a real need to change perceptions so that organisations treat it with the importance that it deserves. There is not substitute for a full analysis of the risks faced by a system, including those related to people and processes, leading to a programme to address those risks which is sustained and re-evaluated over time”.