What are the most dangerous cybersecurity risks to the UK national infrastructure?
Ransomware and supply chain attacks are one of the biggest risks today. The world witnessed the biggest global ransomware attack on record in July, demanded by REvil for $70 million, which shows how lucrative these attacks can be for hackers.
When I read through the diagnostics of strikes like the Colonial Pipeline or SolarWinds attacks, two things are evident: these types of attacks are not going away anytime soon, and they are also becoming more sophisticated and more complex. Today’s attacks have thousands of skilled developers working towards specific targets. Many of the attacks appear to have state backing because the level of sophistication that we’re seeing would require that level of sponsorship. These state-backed attacks present a huge ongoing risk for a nations’ critical infrastructure, which can become an easy target for state-backed cybercriminals.
Modern security controls which have proven to be effective in reducing the risk of exposure are difficult to apply to the legacy operational technology (OT) systems on which critical infrastructure providers deliver services, making them far more susceptible to compromise and making it harder for security teams to detect and respond to threats.
What parts of the UK national infrastructure could be most vulnerable to cyberthreat, and why?
The sheer number of transport control systems that are now connected online has vastly increased the number of vulnerabilities in the system, making the potential for a cyberattack to cause a major disruption to the physical transport networks very high.
The knock-on effect of such an attack would be far-reaching, from the national disruption to the impact on international trade.
The NHS is also vulnerable due to the abundance of devices connected to the IT network, and any one of them can have vulnerabilities in either the hardware or software used by such devices. Not to mention the fact that the NHS is also beholden to old operating systems that are expensive to maintain and couldn’t help mitigate against a ransomware attack.
None of this escapes the attention of hackers who know that, if they manage to incapacitate those systems, government and public service decision-makers could be forced to pay a high ransom. And that’s a very worrying thought.
What is the ideal interplay between public and private initiatives when it comes to best protect the UK’s cyber infrastructure?
There is already a good collaboration between the UK public and private sectors to develop cybersecurity resources, with bodies like the National Cyber Security Centre (NCSC) which provide useful guidelines and free tools. The UK also has a thriving private sector in banking, insurance, manufacturing or energy, with companies that have a huge global footprint and collect a lot of intelligence. Those companies see threats coming from the US, India, other countries – and they are able to feed that intelligence back to the UK government.
While intelligence sharing is happening in pockets, it is not yet streamlined and there aren’t any procedures or processes in place that would make it consistent and automatic. The NCSC has launched an initiative to invite organisations to participate in Industry 100 – an initiative which promotes close collaborative working between the NCSC and 100 industry personnel. And there are different public and private initiatives such as the Five Eyes agreements which helps Australia, Canada, New Zealand, the UK and the US share intelligence. As well as individuals like Troy Hunt who collects data on public data breaches and is able to tell governments and individuals if their details have been part of these leaks. But those aren’t brought together in a virtuous circle of knowledge sharing and automatic renewal of cyber security resources and strategy. That’s the next step if the UK is to be ready for what’s coming.
Peter Dutton, regional VP, public sector at Elastic
