Resilience Is Essential To Protecting Critical Infrastructure

The ongoing narrative of precarious energy security and the vulnerability of critical national infrastructure (CNI) - made acutely clear following the British energy regulator Ofgem’s recent warnings of potential grid blackouts across the country, begs the question of how secure we really are as a nation.

As the winter months beckon, with the UK and Europe living through the worst energy crisis in a generation, exacerbated by the continued armed conflict in Ukraine, inflationary pressures, and recession looming, never before has a robust defence to cyber threats been more important, and our vulnerability more poignant.

Making the United Kingdom cyber resilient, from the ground up, is key here, as is protecting vital national services and the bottom line.  

The last year has seen a level of escalation in geopolitical tensions likely not seen since the end of the Cold War, with powerful states at loggerheads: Britain, NATO and the West, Russia, Iran and China, flexing (or in the case of Russia, actively employing) not just military might but soft power influence and aggressively mercantile trade tactics around the world. 

With the energy market in crisis, the UK Chancellor’s Autumn Budget saw an increase in the windfall tax on fossil fuel energy companies from 25% to 35% and extended for a further two years (until 2028). Furthermore, the current energy bill cap for households is twice what it was last winter, tightening the squeeze on consumers more than ever.

The National Grid has already warned people across the country to prepare for blackouts this winter due to gas and electricity shortages. This is not just an issue in the UK, with gas prices in Europe rising by more than 200% and coal by more than 100% in 2021. 

With such unprecedented instability, it is vital that any vulnerabilities in the UK’s energy infrastructure are secured. One of the largest threats to the energy sector is cyber malware attacks - the UK’s energy sector was the target of 24% of all cybersecurity incidents in 2021, making it the most targeted industry for cyber criminals and agents.

Therefore, investment in cybersecurity is crucial to protect our national infrastructure and keep the lights on. 

Geopolitical Risks

With demand rapidly increasing for energy and supply becoming scarce, energy sabotage is a likely prospect. The attacks on the Nord Stream pipeline in September highlight the precarious situation of Europe’s energy supply. While the culprits for the explosions are unknown, Russia has accused the UK; conversely, Russia may very well be the insidious actor here. 

The fallout of the Russia-Ukraine conflict has seen cyber attacks increase - 7 out of 10 of the UK’s CNI cyber security decision makers saw cyber attacks become more common since the outbreak of the war. Should Russia attempt to inflict a blow on the UK, attacks on our national energy infrastructure are highly likely. And it is energy companies and their employees that are increasingly becoming a target for malevolent actors, especially as many stations and facilities migrate their systems into the cloud, thus massively opening up their vulnerable attack surface with sensitive data at risk of espionage. 

Bolstering Infrastructure

The UK Government’s 2022 Energy Security Strategy outlines how we can reduce reliance on Russian imports, while simultaneously moving closer to net zero. Much of this is built on expanding the UK’s domestic energy supply. As part of the transition from fossil fuels to clean, sustainable energy, the UK has been building new nuclear power stations. However, it must be a high priority to safeguard new infrastructure from cyber attacks.

Hinkley Point C, the most recently commissioned nuclear power plant in the UK, has been under close scrutiny. Completion of the project is much needed, with nuclear power in the UK set to decline until the new power station is online, and the station due to provide electricity for some 7 million homes. However, concerns have escalated over its French developer EDF, who were fined for providing false information to the UK Government over the cost of the project, while cracks have been detected in other reactors in France developed by EDF. A lax attitude towards safety can extend to inadequate cybersecurity, and EDF are currently under investigation from the Office for Nuclear Regulation (ONR), due to “identified shortfalls in governance, risk and compliance and certain technical controls.” 

Upskilling Workers

Following the pandemic, digital transformation has accelerated at an unprecedented pace. As the UK’s national infrastructure becomes increasingly interconnected and digitised, the risk of cyber threats will continue to increase. An increased reliance on technology and a larger area to target makes cyber attacks a more attractive prospect for insidious actors and criminals, state sponsored or not.

Furthermore, as technology develops to improve digitisation, so will the technology for cyber attacks to match. 

With our national infrastructure a key target of cyber attacks, we must invest in cyber resilience throughout all elements of an organisation, not just IT, in order to keep up with the development of cyber threats. It is not enough to improve mitigating technology - enterprises need a holistic approach to addressing cyber risk that includes employee cyber hygiene and transferring financial risk through vehicles like insurance. 

By remaining vigilant to the threats at hand, we can ensure that cyber attacks are unsuccessful on the UK’s energy infrastructure. With the energy crisis escalating, now, more than ever, is the time to protect our national energy sector.

Simon West is Cyber Advisory Lead at Resilience

You Might Also Read: 

Running Out Of Cyber Gas:

 

« Top Cybersecurity Advice For In-House Counsel
The Role Of Policies In Driving ‘Secured Productivity’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Digital Gurus Recruitment

Digital Gurus Recruitment

Digital Gurus provide specialist recruitment services in areas including IT and information security

Teneo

Teneo

Teneo is a Solutions Provider focused on reducing complexity. We combine leading technology with deep expertise to create new ideas on how to simplify IT operations.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

CyberDefcon

CyberDefcon

CyberDefcon is an independent organization dedicated to the pursuit of making the internet a safer place.

Cybernance

Cybernance

Cybernance provide an enterprise-wide, web-based software solution for managing and mitigating cyber risk based on key compliance frameworks.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Pelta Cyber Security

Pelta Cyber Security

Pelta Cyber Security is the cyber security consulting and solutions division of Softworld Inc. We provide staffing and recruitment services as well as consulting and solutions for outsourced projects.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Virtual Infosec Africa (VIA)

Virtual Infosec Africa (VIA)

Virtual InfoSec Africa (VIA) is a wholly-owned Ghanaian company specializing in information security and cybersecurity solutions and services.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs

Wattlecorp Cybersecurity Labs are a group of IT security specialists, ethical hackers, and researchers driven to identify security flaws before cyber threat actors does.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.