U.K. NCSC Head Warns of Russian Cyber Threats to Critical Infrastructure


Ciaran Martin, CEO of the U.K.'s National Cyber Security Centre (NCSC), recently stated that hostile states present a significant cyber threat to the country's critical infrastructure security.

"I can confirm that Russian interference, seen by the National Cyber Security Centre, has included attacks on the U.K. media, telecommunications and energy sector," Martin said.

"That is clearly a cause for concern -- Russia is seeking to undermine the international system," he said.

A recent Tripwire Twitter poll asking what services are most likely to experience an outage due to hackers received 373 responses -- 47 percent of respondents said water, electricity and gas utilities are the most likely to be hit, followed by transport services (22 percent), and emergency services (20 percent).

"Before the Internet brought almost universal connectivity, industrial security was very different from what it is today," Tripwire chief research officer David Meltzer said in a statement. "Traditional industrial and critical infrastructure organizations had no Internet as we know it today. Perimeter defense typically meant physical security -- gates, fences, barriers and guards. Nowadays, these systems are Internet-connected, more virtualized in many cases, and more remotely accessible than ever before."

"There is no dispute that connectivity provides many business advantages, such as centralized management and control, remote engineering access and resource consolidation," Meltzer added. "However, it's important to remember that it also brings with it a large number of additional risks, mainly increased attack vectors, exposure of inherently insecure and sometimes obsolete IT systems, and the opportunity for attackers to exploit vulnerabilities that have not been patched."

Operational Risks

Earlier this year, a Ponemon Institute survey [PDF] of 377 U.S. professionals responsible for securing or overseeing cyber risk in oil and gas operations found that just 35 percent of respondents rated their organization's operational technology (OT) cyber readiness as high, and 59 percent believe there's a greater risk in the OT environment than the IT environment.

The survey, sponsored by Siemens, also found that 68 percent of respondents admitted their operations had suffered at least one security compromise in the past year that resulted in the loss of confidential information or OT disruption -- and 61 percent said their organization's industrial control systems (ICS) protection and security remain inadequate.

"The fact that nearly 70 percent of oil and gas companies were hacked in the past year must serve as a call to action," Siemens USA CEO Judy Marks said in a statement. "As oil and gas producers use digitalization to become safer and more efficient, there is a clear need to bulk up defenses for operational technology, which is even more vulnerable to attacks than the IT environment."

Nozomi Networks founder and chief product officer Andrea Carcano told eSecurity Planet by email that everyone tasked with protecting energy plants, communication channels, media platforms and other critical infrastructure must assume it's being probed for vulnerabilities 24 hours a day. "It is essential that critical infrastructure operators take steps to increase the visibility into their ICS networks and deploy new innovations that enable early detection of advanced persistent threats, whoever is making them," he said.

UEBA, SIEM and threat intelligence are among the technologies that might help, and incident response plans and security risk assessments are also critical tools.

The U.S. Department of Homeland Security (DHS) has designated November as Critical Infrastructure Security and Resilience Month -- a 14-page toolkit offers advice to public and private sector organizations on promoting awareness of the importance of critical infrastructure.

"Critical infrastructure is highly interconnected and any single system may rely on other critical infrastructure to run at normal operations," the toolkit states. "In particularly, nearly all critical infrastructure relies heavily on network and other cyber support to operate essential systems. Today's critical infrastructure functions are inseparable from the information technology and control systems that support them."