Resilience Is Essential To Protecting Critical Infrastructure

Uploaded on 2022-12-07 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

The ongoing narrative of precarious energy security and the vulnerability of critical national infrastructure (CNI) - made acutely clear following the British energy regulator Ofgem’s recent warnings of potential grid blackouts across the country, begs the question of how secure we really are as a nation.

As the winter months beckon, with the UK and Europe living through the worst energy crisis in a generation, exacerbated by the continued armed conflict in Ukraine, inflationary pressures, and recession looming, never before has a robust defence to cyber threats been more important, and our vulnerability more poignant.

Making the United Kingdom cyber resilient, from the ground up, is key here, as is protecting vital national services and the bottom line.  

The last year has seen a level of escalation in geopolitical tensions likely not seen since the end of the Cold War, with powerful states at loggerheads: Britain, NATO and the West, Russia, Iran and China, flexing (or in the case of Russia, actively employing) not just military might but soft power influence and aggressively mercantile trade tactics around the world. 

With the energy market in crisis, the UK Chancellor’s Autumn Budget saw an increase in the windfall tax on fossil fuel energy companies from 25% to 35% and extended for a further two years (until 2028). Furthermore, the current energy bill cap for households is twice what it was last winter, tightening the squeeze on consumers more than ever.

The National Grid has already warned people across the country to prepare for blackouts this winter due to gas and electricity shortages. This is not just an issue in the UK, with gas prices in Europe rising by more than 200% and coal by more than 100% in 2021. 

With such unprecedented instability, it is vital that any vulnerabilities in the UK’s energy infrastructure are secured. One of the largest threats to the energy sector is cyber malware attacks - the UK’s energy sector was the target of 24% of all cybersecurity incidents in 2021, making it the most targeted industry for cyber criminals and agents.

Therefore, investment in cybersecurity is crucial to protect our national infrastructure and keep the lights on. 

Geopolitical Risks

With demand rapidly increasing for energy and supply becoming scarce, energy sabotage is a likely prospect. The attacks on the Nord Stream pipeline in September highlight the precarious situation of Europe’s energy supply. While the culprits for the explosions are unknown, Russia has accused the UK; conversely, Russia may very well be the insidious actor here. 

The fallout of the Russia-Ukraine conflict has seen cyber attacks increase - 7 out of 10 of the UK’s CNI cyber security decision makers saw cyber attacks become more common since the outbreak of the war. Should Russia attempt to inflict a blow on the UK, attacks on our national energy infrastructure are highly likely. And it is energy companies and their employees that are increasingly becoming a target for malevolent actors, especially as many stations and facilities migrate their systems into the cloud, thus massively opening up their vulnerable attack surface with sensitive data at risk of espionage. 

Bolstering Infrastructure

The UK Government’s 2022 Energy Security Strategy outlines how we can reduce reliance on Russian imports, while simultaneously moving closer to net zero. Much of this is built on expanding the UK’s domestic energy supply. As part of the transition from fossil fuels to clean, sustainable energy, the UK has been building new nuclear power stations. However, it must be a high priority to safeguard new infrastructure from cyber attacks.

Hinkley Point C, the most recently commissioned nuclear power plant in the UK, has been under close scrutiny. Completion of the project is much needed, with nuclear power in the UK set to decline until the new power station is online, and the station due to provide electricity for some 7 million homes. However, concerns have escalated over its French developer EDF, who were fined for providing false information to the UK Government over the cost of the project, while cracks have been detected in other reactors in France developed by EDF. A lax attitude towards safety can extend to inadequate cybersecurity, and EDF are currently under investigation from the Office for Nuclear Regulation (ONR), due to “identified shortfalls in governance, risk and compliance and certain technical controls.” 

Upskilling Workers

Following the pandemic, digital transformation has accelerated at an unprecedented pace. As the UK’s national infrastructure becomes increasingly interconnected and digitised, the risk of cyber threats will continue to increase. An increased reliance on technology and a larger area to target makes cyber attacks a more attractive prospect for insidious actors and criminals, state sponsored or not.

Furthermore, as technology develops to improve digitisation, so will the technology for cyber attacks to match. 

With our national infrastructure a key target of cyber attacks, we must invest in cyber resilience throughout all elements of an organisation, not just IT, in order to keep up with the development of cyber threats. It is not enough to improve mitigating technology - enterprises need a holistic approach to addressing cyber risk that includes employee cyber hygiene and transferring financial risk through vehicles like insurance. 

By remaining vigilant to the threats at hand, we can ensure that cyber attacks are unsuccessful on the UK’s energy infrastructure. With the energy crisis escalating, now, more than ever, is the time to protect our national energy sector.

Simon West is Cyber Advisory Lead at Resilience

You Might Also Read: 

Running Out Of Cyber Gas:

 

« Top Cybersecurity Advice For In-House Counsel
The Role Of Policies In Driving ‘Secured Productivity’ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

ControlCase

ControlCase

ControlCase provide solutions that address all aspects of IT-GRCM (Governance, Risk Management and Compliance Management).

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

Appdome

Appdome

Appdome is the industry's first mobile integration as a service company, providing solutions for enterprise mobility and mobile application security.

SwiftSafe

SwiftSafe

SwiftSafe is a cybersecurity consulting company providing auditing, pentesting, compliance and managed security services.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

Greylock Partners

Greylock Partners

Greylock Partners is a leading venture capital firm based in Silicon Valley. We invest in all sectors of enterprise software technology including applications, cloud/SaaS, networking and security.

Carson McDowell

Carson McDowell

Carson McDowell are one of Northern Ireland's leading law firms. We are the law firm of choice for many of Northern Ireland's Top 100 companies as well as international companies doing business here.

Nostra

Nostra

Nostra are a next generation managed services provider with a constant focus on Security and Business Continuity.

StateRAMP

StateRAMP

StateRAMP reduces risk from unsecure cloud solutions and protects data by providing State and local governments a standardized approach for verifying and monitoring security postures.

Xscale Accelerator

Xscale Accelerator

Xscale's vision is to create world-class startups out of India by transforming sales and providing access to global markets.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

Novem CS

Novem CS

Novem CS are bespoke cyber security specialists providing a highly effective and specialised approach to solving your cyber security challenges.