Resilience Is Essential To Protecting Critical Infrastructure

The ongoing narrative of precarious energy security and the vulnerability of critical national infrastructure (CNI) - made acutely clear following the British energy regulator Ofgem’s recent warnings of potential grid blackouts across the country, begs the question of how secure we really are as a nation.

As the winter months beckon, with the UK and Europe living through the worst energy crisis in a generation, exacerbated by the continued armed conflict in Ukraine, inflationary pressures, and recession looming, never before has a robust defence to cyber threats been more important, and our vulnerability more poignant.

Making the United Kingdom cyber resilient, from the ground up, is key here, as is protecting vital national services and the bottom line.  

The last year has seen a level of escalation in geopolitical tensions likely not seen since the end of the Cold War, with powerful states at loggerheads: Britain, NATO and the West, Russia, Iran and China, flexing (or in the case of Russia, actively employing) not just military might but soft power influence and aggressively mercantile trade tactics around the world. 

With the energy market in crisis, the UK Chancellor’s Autumn Budget saw an increase in the windfall tax on fossil fuel energy companies from 25% to 35% and extended for a further two years (until 2028). Furthermore, the current energy bill cap for households is twice what it was last winter, tightening the squeeze on consumers more than ever.

The National Grid has already warned people across the country to prepare for blackouts this winter due to gas and electricity shortages. This is not just an issue in the UK, with gas prices in Europe rising by more than 200% and coal by more than 100% in 2021. 

With such unprecedented instability, it is vital that any vulnerabilities in the UK’s energy infrastructure are secured. One of the largest threats to the energy sector is cyber malware attacks - the UK’s energy sector was the target of 24% of all cybersecurity incidents in 2021, making it the most targeted industry for cyber criminals and agents.

Therefore, investment in cybersecurity is crucial to protect our national infrastructure and keep the lights on. 

Geopolitical Risks

With demand rapidly increasing for energy and supply becoming scarce, energy sabotage is a likely prospect. The attacks on the Nord Stream pipeline in September highlight the precarious situation of Europe’s energy supply. While the culprits for the explosions are unknown, Russia has accused the UK; conversely, Russia may very well be the insidious actor here. 

The fallout of the Russia-Ukraine conflict has seen cyber attacks increase - 7 out of 10 of the UK’s CNI cyber security decision makers saw cyber attacks become more common since the outbreak of the war. Should Russia attempt to inflict a blow on the UK, attacks on our national energy infrastructure are highly likely. And it is energy companies and their employees that are increasingly becoming a target for malevolent actors, especially as many stations and facilities migrate their systems into the cloud, thus massively opening up their vulnerable attack surface with sensitive data at risk of espionage. 

Bolstering Infrastructure

The UK Government’s 2022 Energy Security Strategy outlines how we can reduce reliance on Russian imports, while simultaneously moving closer to net zero. Much of this is built on expanding the UK’s domestic energy supply. As part of the transition from fossil fuels to clean, sustainable energy, the UK has been building new nuclear power stations. However, it must be a high priority to safeguard new infrastructure from cyber attacks.

Hinkley Point C, the most recently commissioned nuclear power plant in the UK, has been under close scrutiny. Completion of the project is much needed, with nuclear power in the UK set to decline until the new power station is online, and the station due to provide electricity for some 7 million homes. However, concerns have escalated over its French developer EDF, who were fined for providing false information to the UK Government over the cost of the project, while cracks have been detected in other reactors in France developed by EDF. A lax attitude towards safety can extend to inadequate cybersecurity, and EDF are currently under investigation from the Office for Nuclear Regulation (ONR), due to “identified shortfalls in governance, risk and compliance and certain technical controls.” 

Upskilling Workers

Following the pandemic, digital transformation has accelerated at an unprecedented pace. As the UK’s national infrastructure becomes increasingly interconnected and digitised, the risk of cyber threats will continue to increase. An increased reliance on technology and a larger area to target makes cyber attacks a more attractive prospect for insidious actors and criminals, state sponsored or not.

Furthermore, as technology develops to improve digitisation, so will the technology for cyber attacks to match. 

With our national infrastructure a key target of cyber attacks, we must invest in cyber resilience throughout all elements of an organisation, not just IT, in order to keep up with the development of cyber threats. It is not enough to improve mitigating technology - enterprises need a holistic approach to addressing cyber risk that includes employee cyber hygiene and transferring financial risk through vehicles like insurance. 

By remaining vigilant to the threats at hand, we can ensure that cyber attacks are unsuccessful on the UK’s energy infrastructure. With the energy crisis escalating, now, more than ever, is the time to protect our national energy sector.

Simon West is Cyber Advisory Lead at Resilience

You Might Also Read: 

Running Out Of Cyber Gas:

 

« Top Cybersecurity Advice For In-House Counsel
The Role Of Policies In Driving ‘Secured Productivity’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

Advisen

Advisen

Advisen is the leading provider of data, media, and technology solutions for the commercial property and casualty insurance market including cyber risk.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Carson & SAINT

Carson & SAINT

Carson & SAINT is an award-winning consulting firm with deep experience in cybersecurity technology, software, and management consulting.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

GLESEC

GLESEC

GLESEC offer a complete range of Cyber Security services from Operations & Intelligence Services to Auditing & Compliance and Simulation and Training.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

Pacific Global Security Group

Pacific Global Security Group

Pacific Global Security Group offers an intelligence-driven focus on all aspects of cybersecurity for IT/ICS/OT.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

Vorlon

Vorlon

Vorlon's agentless patent-pending solution facilitates risk profiling of apps, and provides AI-driven behavioral analytics with response recommendations.