Resilience Is Essential To Protecting Critical Infrastructure

The ongoing narrative of precarious energy security and the vulnerability of critical national infrastructure (CNI) - made acutely clear following the British energy regulator Ofgem’s recent warnings of potential grid blackouts across the country, begs the question of how secure we really are as a nation.

As the winter months beckon, with the UK and Europe living through the worst energy crisis in a generation, exacerbated by the continued armed conflict in Ukraine, inflationary pressures, and recession looming, never before has a robust defence to cyber threats been more important, and our vulnerability more poignant.

Making the United Kingdom cyber resilient, from the ground up, is key here, as is protecting vital national services and the bottom line.  

The last year has seen a level of escalation in geopolitical tensions likely not seen since the end of the Cold War, with powerful states at loggerheads: Britain, NATO and the West, Russia, Iran and China, flexing (or in the case of Russia, actively employing) not just military might but soft power influence and aggressively mercantile trade tactics around the world. 

With the energy market in crisis, the UK Chancellor’s Autumn Budget saw an increase in the windfall tax on fossil fuel energy companies from 25% to 35% and extended for a further two years (until 2028). Furthermore, the current energy bill cap for households is twice what it was last winter, tightening the squeeze on consumers more than ever.

The National Grid has already warned people across the country to prepare for blackouts this winter due to gas and electricity shortages. This is not just an issue in the UK, with gas prices in Europe rising by more than 200% and coal by more than 100% in 2021. 

With such unprecedented instability, it is vital that any vulnerabilities in the UK’s energy infrastructure are secured. One of the largest threats to the energy sector is cyber malware attacks - the UK’s energy sector was the target of 24% of all cybersecurity incidents in 2021, making it the most targeted industry for cyber criminals and agents.

Therefore, investment in cybersecurity is crucial to protect our national infrastructure and keep the lights on. 

Geopolitical Risks

With demand rapidly increasing for energy and supply becoming scarce, energy sabotage is a likely prospect. The attacks on the Nord Stream pipeline in September highlight the precarious situation of Europe’s energy supply. While the culprits for the explosions are unknown, Russia has accused the UK; conversely, Russia may very well be the insidious actor here. 

The fallout of the Russia-Ukraine conflict has seen cyber attacks increase - 7 out of 10 of the UK’s CNI cyber security decision makers saw cyber attacks become more common since the outbreak of the war. Should Russia attempt to inflict a blow on the UK, attacks on our national energy infrastructure are highly likely. And it is energy companies and their employees that are increasingly becoming a target for malevolent actors, especially as many stations and facilities migrate their systems into the cloud, thus massively opening up their vulnerable attack surface with sensitive data at risk of espionage. 

Bolstering Infrastructure

The UK Government’s 2022 Energy Security Strategy outlines how we can reduce reliance on Russian imports, while simultaneously moving closer to net zero. Much of this is built on expanding the UK’s domestic energy supply. As part of the transition from fossil fuels to clean, sustainable energy, the UK has been building new nuclear power stations. However, it must be a high priority to safeguard new infrastructure from cyber attacks.

Hinkley Point C, the most recently commissioned nuclear power plant in the UK, has been under close scrutiny. Completion of the project is much needed, with nuclear power in the UK set to decline until the new power station is online, and the station due to provide electricity for some 7 million homes. However, concerns have escalated over its French developer EDF, who were fined for providing false information to the UK Government over the cost of the project, while cracks have been detected in other reactors in France developed by EDF. A lax attitude towards safety can extend to inadequate cybersecurity, and EDF are currently under investigation from the Office for Nuclear Regulation (ONR), due to “identified shortfalls in governance, risk and compliance and certain technical controls.” 

Upskilling Workers

Following the pandemic, digital transformation has accelerated at an unprecedented pace. As the UK’s national infrastructure becomes increasingly interconnected and digitised, the risk of cyber threats will continue to increase. An increased reliance on technology and a larger area to target makes cyber attacks a more attractive prospect for insidious actors and criminals, state sponsored or not.

Furthermore, as technology develops to improve digitisation, so will the technology for cyber attacks to match. 

With our national infrastructure a key target of cyber attacks, we must invest in cyber resilience throughout all elements of an organisation, not just IT, in order to keep up with the development of cyber threats. It is not enough to improve mitigating technology - enterprises need a holistic approach to addressing cyber risk that includes employee cyber hygiene and transferring financial risk through vehicles like insurance. 

By remaining vigilant to the threats at hand, we can ensure that cyber attacks are unsuccessful on the UK’s energy infrastructure. With the energy crisis escalating, now, more than ever, is the time to protect our national energy sector.

Simon West is Cyber Advisory Lead at Resilience

You Might Also Read: 

Running Out Of Cyber Gas:

 

« Top Cybersecurity Advice For In-House Counsel
The Role Of Policies In Driving ‘Secured Productivity’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

PakCERT

PakCERT

PakCERT is the national Computer Emergency Response Team for Pakistan.

NNIT

NNIT

NNIT​ is one of Denmark’s leading consultancies in IT development, implementation and operations, including cyber security.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

Netsecurity AS

Netsecurity AS

Netsecurity is a Norwegian owned company focused and specialised within IT security and cybersecurity-as-a service.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

VLC Solutions

VLC Solutions

VLC Solutions is an independent solutions and technology service provider offering Cloud Services, Cybersecurity, ERP Services, Network Management Services, and Compliance Solutions.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

Yarix

Yarix

Yarix is the leading company in Var Group’s Digital Security division and one of the most recognised, innovative and authoritative Italian companies in the IT security sector.

SolidityScan

SolidityScan

SolidityScan is an advanced smart contract scanning tool designed to uncover vulnerabilities and proactively address risks within your code.