Cyberattacks are typically carried out to steal money, corporate secrets, and personal identities – using information in the virtual world to profit in the real world. Slowly though, the realization is growing that as more and more of the real world is made virtual, increasingly interesting and serious physical targets are becoming the targets of cyberattack. According to the head of the World Energy Council, the UK is now at risk of a potentially devastating attack against its energy infrastructure.
Christopher Frei, director general at the World Energy Council, told City AM the UK was one of several countries facing a growing threat. “In the last two years this issue has really come close to – if not to the top of – the issues keeping energy leaders awake at night,” he said.
Nation-state hackers now have the ability to disrupt the UK's national power grid and other critical national infrastructure. And while nation state threats, while very real, may seem a rare and remote ‘Hollywood’ possibility to ‘ordinary people’, any increase in the possibility of such attacks will lead to an inevitable escalation in disruption as 'opportunistic' attackers jump on the bandwagon and exploit vulnerabilities for their own ends.
And be assured this isn’t a Hollywood scenario anymore. In December last year, a successful attack against the Ukrainian power grid caused power outages that impacted over 200,000 people. The power companies, caught in the middle of the hack, described it as a sophisticated attack comprised of a vicious cocktail of phishing and a form of malware named 'BlackEnergy'.
It is certainly concerning that cyberattackers derailing critical infrastructure isn’t the stuff of fiction anymore. Today, this threat is real – and growing – and it is crucial that robust cybersecurity defences are in place to safeguard our vital services from this growing risk.
How does this come about?
As 'software eats the world' and everything becomes data driven – even those things made of concrete, steel and flesh – we will find that there is increasingly little difference between attacking the digital world and the real world. It is crucial to recognise that civil infrastructure providers and heavy industry are not building their own networking, data handling and security technologies. Rather, to achieve the future smart and green connected cities that we want – at the speed we want them – they must reuse what the IT industry has already provided, both on premise or increasingly in the cloud. That means that without expert adaptation they get the same kinds of problems we've been seeing for years in IT, but more worryingly in this example, with more serious repercussions if things go wrong. We have experience here, but we need to adapt our data protection strategies to fit the nuanced needs of these newly digital industries.
Now is the time for those in charge of defending our country’s critical infrastructure to ensure our cyber defences are robust and secure. With hackers developing more advanced methods of gaining access to and stealing important data, we simply cannot afford to put our citizens’ vital services at risk.
Download the SANS Institute whitepaper to learn more about using trusted crypto to thwart advanced threats.