Infrastructure Archives - Security IT Summit | Forum Events Ltd
Posts Tagged :


MPs concerned over hacking threat to critical national infrastructure

960 640 Stuart O'Brien

Two thirds of MPs consider the compromise of critical national infrastructure to be the biggest cyber security threat facing the UK.

A year on from the cyber attack on parliamentary emails, a YouGov survey commissioned by NCC Group has gauged the opinions of MPs in the House of Commons with regards to their personal cyber security, the cyber risks associated with national security and societal wellbeing, and the consequences of a successful attack on parliament.

The results revealed that 62% of MPs across all regions, including 70% of Conservatives and 57% of Labour MPs, consider a compromise of critical national infrastructure to be the biggest risk.

Despite this common ground between MPs across parties on the threat to critical national infrastructure, the survey indicated divides with regards to the severity of other cyber threats. 42% of Conservatives said that they consider a compromise of nuclear capabilities to be one of the top two threats, compared to just 14% of Labour MPs, while 44% of Labour MPs considered democratic interference to be a significant threat, compared to 16% of Conservative MPs.

Alongside this, the survey highlighted that 75% of all MPs are concerned that a breach of their personal email could negatively affect the cyber security of the House of Commons, highlighting that most MPs understand the crucial role they personally play in enhancing the UK Parliament’s security posture.

It was also revealed that, in the event of a successful cyber attack, 73% of all MPs considered the breach of constituents’ privacy to be their biggest concern, alongside a leak of sensitive information relating to parliamentary business (46%).

These results have been released ahead of a meeting at the House of Commons, which addressed the cyber threats challenging the UK political landscape and outlined how MPs can best contribute towards tackling this growing threat.

Ollie Whitehouse, global chief technical officer at NCC Group: “It’s very positive to see that a majority of MPs are aware of the different threats we face and realise the gravitas of a successful attack, particularly with regards to our resilience as a nation.

“In recent years, the government has been proactive in implementing initiatives to strengthen the UK’s stance against evolving technical and geopolitical threats which attempt to compromise the integrity of our nations. MPs play a significant role in these initiatives, so it’s important to maintain continued education around modern threats and informed dialogue amongst all stakeholders. This will ensure that parliamentary staff at all levels understand the steps they need to take, in both their professional and personal lives, in order to address cyber risk head on.”

A third of UK infrastructure fails to meet basic cyber security standards

960 640 Stuart O'Brien

According to Freedom of Information requests by Corero Network Security, over a third of the UK’s critical infrastructure doesn’t meet the most basic cybersecurity standards.

The fact that so many infrastructure organisations have not completed the ’10 Steps to Cyber Security’ programme indicates a lack of cyber resilience within organisations which are critical to the functioning of UK society. It also suggests that some of these organisations could be liable for fines of up to £17m, or four per cent of global turnover, under the UK Government’s proposals to implement the EU’s Network and Information Systems (NIS) directive, from May 2018.

The Freedom of Information requests were sent by Corero, in March 2017, to 338 critical infrastructure organisations in the UK, including fire and rescue services, police forces, ambulance trusts, NHS trusts, energy suppliers and transport organisations. In total, 163 responses were received, with 63 organisations (39%) admitting to not having completed the ’10 Steps’ programme. Among responses from NHS Trusts, 42% admitted not having completed the programme.

Sean Newman, Director of Product Management at Corero, said: “Cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society. These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.”

Worryingly, the Freedom of Information data revealed that most UK critical infrastructure organisations (51%) are potentially vulnerable to these attacks, because they do not detect or mitigate short-duration surgical DDoS attacks on their networks. As a result, just 5% of these infrastructure operators admitted to experiencing DDoS attacks on their networks in the past year (to March 2017). However, if 90% of the DDoS attacks on their networks are also shorter than 30 minutes, as experienced by Corero customers, the real figure could be considerably higher.

Newman continued: “In the face of a DDoS attack, time is of the essence. Delays of minutes, tens-of-minutes, or more, before a DDoS attack is mitigated is not sufficient to ensure service availability, and could significantly impact the essential services provided by critical infrastructure organisations.

“By not detecting and investigating these short, surgical, DDoS attacks on their networks, infrastructure organisations could also be leaving their doors wide open for malware or ransomware attacks, data theft or more serious cyber attacks. To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it’s essential that organisations maintain comprehensive visibility across their networks, to instantly and automatically detect and block any potential DDoS incursions, as they arise.”