The threat of a cyber attack on UK infrastructure is imminent and engineers need to do more to ensure critical infrastructure remains protected, according to industry experts.
During a recent debate on the issue organised by Kaspersky Lab, speakers agreed that the UK government had a good grip on cyber security to protect the country’s critical infrastructure, but that as advances were made towards smarter and more connected cities, more would have to be done by the “typical” engineer to protect every day systems.
Buro Happold partner – cities Andrew Comer said: “Civil, structural and building services engineers will need to become familiar with design to guard against an attack pretty quickly and use it in their day-to-day life.
“Thinking about the way in which you plan and design a building, you need to build in redundancy to prevent failure and the same is true for ICT (information and communications technology) for critical infrastructure.”
Comer called for engineers to be trained in computer programming and said that potentially university courses needed to change to reflect the way the industry needed to advance.
“We should be encouraging computer sciences to run alongside engineering degrees as it’s only going to become more valuable,” he said.
“At the moment, I would say that there is only a limited degree of understanding of technology and its effects. We are starting to see a bigger and better collaboration with it and cyber specialists but as an industry we need to rethink the way we train our engineers.”
He said that, at present, if there was to be an attack, although the effects could be extremely damaging, quite a few of the aspects of cities are not ”smart” and therefore life would still be able to function. However, as cities become smarter and rely more on networks, resilience needs to be built in.
“Most buildings in our cities are dumb – we would continue to be able to drive around our cities if the ICT networks go down, albeit with potential gridlocks but it would still function,” he said.
“But we need to have a broader knowledge of how these will be affected and be able to understand much more about how to deal with those threats.”
Telefonica chief technology officer of eleven paths Jose Palazon said that one of the lines of defence was rather than to protect every individual part, overarching systems could be taught daily patterns and therefore recognise any abnormal activity which was taking place.
Major cyber attacks on critical infrastructure
Ukrainian power network
A major cyber attack on the Ukrainian power network occurred on 23 December 2015 and saw cyber criminals hack into the station’s systems, turn off the power and subsequently wipe the data from a proportion of the networks ensuring that rebooting the system would have no effect. Power was managed to be restored to the people affected as manual switches were able to be used to override the system. However, Kaspersky Lab chief executive and founder Eugene Kaspersky said that in the UK or other areas of Europe, the consequences could be far worse as there are no manual backup systems to combat the attack.
A cyber-attack on oil and gas giants Saudi Aramco in 2012 left the company paralysed for almost two weeks. A self-replicating virus swept through the company and wiped data on its hard drives resulting in chaos across the business.