Resilience Is Essential To Protecting Critical Infrastructure

The ongoing narrative of precarious energy security and the vulnerability of critical national infrastructure (CNI) - made acutely clear following the British energy regulator Ofgem’s recent warnings of potential grid blackouts across the country, begs the question of how secure we really are as a nation.

As the winter months beckon, with the UK and Europe living through the worst energy crisis in a generation, exacerbated by the continued armed conflict in Ukraine, inflationary pressures, and recession looming, never before has a robust defence to cyber threats been more important, and our vulnerability more poignant.

Making the United Kingdom cyber resilient, from the ground up, is key here, as is protecting vital national services and the bottom line.  

The last year has seen a level of escalation in geopolitical tensions likely not seen since the end of the Cold War, with powerful states at loggerheads: Britain, NATO and the West, Russia, Iran and China, flexing (or in the case of Russia, actively employing) not just military might but soft power influence and aggressively mercantile trade tactics around the world. 

With the energy market in crisis, the UK Chancellor’s Autumn Budget saw an increase in the windfall tax on fossil fuel energy companies from 25% to 35% and extended for a further two years (until 2028). Furthermore, the current energy bill cap for households is twice what it was last winter, tightening the squeeze on consumers more than ever.

The National Grid has already warned people across the country to prepare for blackouts this winter due to gas and electricity shortages. This is not just an issue in the UK, with gas prices in Europe rising by more than 200% and coal by more than 100% in 2021. 

With such unprecedented instability, it is vital that any vulnerabilities in the UK’s energy infrastructure are secured. One of the largest threats to the energy sector is cyber malware attacks - the UK’s energy sector was the target of 24% of all cybersecurity incidents in 2021, making it the most targeted industry for cyber criminals and agents.

Therefore, investment in cybersecurity is crucial to protect our national infrastructure and keep the lights on. 

Geopolitical Risks

With demand rapidly increasing for energy and supply becoming scarce, energy sabotage is a likely prospect. The attacks on the Nord Stream pipeline in September highlight the precarious situation of Europe’s energy supply. While the culprits for the explosions are unknown, Russia has accused the UK; conversely, Russia may very well be the insidious actor here. 

The fallout of the Russia-Ukraine conflict has seen cyber attacks increase - 7 out of 10 of the UK’s CNI cyber security decision makers saw cyber attacks become more common since the outbreak of the war. Should Russia attempt to inflict a blow on the UK, attacks on our national energy infrastructure are highly likely. And it is energy companies and their employees that are increasingly becoming a target for malevolent actors, especially as many stations and facilities migrate their systems into the cloud, thus massively opening up their vulnerable attack surface with sensitive data at risk of espionage. 

Bolstering Infrastructure

The UK Government’s 2022 Energy Security Strategy outlines how we can reduce reliance on Russian imports, while simultaneously moving closer to net zero. Much of this is built on expanding the UK’s domestic energy supply. As part of the transition from fossil fuels to clean, sustainable energy, the UK has been building new nuclear power stations. However, it must be a high priority to safeguard new infrastructure from cyber attacks.

Hinkley Point C, the most recently commissioned nuclear power plant in the UK, has been under close scrutiny. Completion of the project is much needed, with nuclear power in the UK set to decline until the new power station is online, and the station due to provide electricity for some 7 million homes. However, concerns have escalated over its French developer EDF, who were fined for providing false information to the UK Government over the cost of the project, while cracks have been detected in other reactors in France developed by EDF. A lax attitude towards safety can extend to inadequate cybersecurity, and EDF are currently under investigation from the Office for Nuclear Regulation (ONR), due to “identified shortfalls in governance, risk and compliance and certain technical controls.” 

Upskilling Workers

Following the pandemic, digital transformation has accelerated at an unprecedented pace. As the UK’s national infrastructure becomes increasingly interconnected and digitised, the risk of cyber threats will continue to increase. An increased reliance on technology and a larger area to target makes cyber attacks a more attractive prospect for insidious actors and criminals, state sponsored or not.

Furthermore, as technology develops to improve digitisation, so will the technology for cyber attacks to match. 

With our national infrastructure a key target of cyber attacks, we must invest in cyber resilience throughout all elements of an organisation, not just IT, in order to keep up with the development of cyber threats. It is not enough to improve mitigating technology - enterprises need a holistic approach to addressing cyber risk that includes employee cyber hygiene and transferring financial risk through vehicles like insurance. 

By remaining vigilant to the threats at hand, we can ensure that cyber attacks are unsuccessful on the UK’s energy infrastructure. With the energy crisis escalating, now, more than ever, is the time to protect our national energy sector.

Simon West is Cyber Advisory Lead at Resilience

You Might Also Read: 

Running Out Of Cyber Gas:

 

« Top Cybersecurity Advice For In-House Counsel
The Role Of Policies In Driving ‘Secured Productivity’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

BMC Software

BMC Software

BMC provide solutions for IT service management, Cloud management, IT workload automation, IT operations, and mainframe system management.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

BlackBerry Security Services

BlackBerry Security Services

Blackberry provides intelligent security software and services to enterprises and governments around the world.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

SecureNinja

SecureNinja

SecureNinja provides professional training, certifications & professional services related to all facets of Information Technology and Cyber Security.

Fischer Identity

Fischer Identity

Fischer Identity provide identity & access management and identity governance administration solutions.

Cyberport

Cyberport

Cyberport is focused on facilitating the growth of major technology trends such as FinTech and cybersecurity as well as the emerging technologies of AI, big data and blockchain.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

Stealth-ISS Group

Stealth-ISS Group

Stealth–ISS Group is your extended IT, cyber security, risk and compliance team, providing strategic guidance, engineering and audit services, along with technical remediation and security operations.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

Toka Group

Toka Group

Toka empowers government agencies with critical and previously out-of-reach digital forensics, force protection and Intelligence capabilities, tackling the fields' most pressing challenges.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

GuardYoo

GuardYoo

GuardYoo's SaaS platform allows cybersecurity professionals to perform Compromise Assessment remotely from anywhere in the world.