The issue of cybersecurity and the protection of Critical National Infrastructure (CNI) has become a matter of utmost importance, both nationally and internationally. With the increasing interconnectivity of the world and reliance on digital systems, a cyberattack on CNI has the potential to cause devastating consequences, including physical harm and loss of life.
Recognizing the severity of the situation, the UK Government has recently issued a national statement warning organizations about the potential for cyberattacks on CNI. The 2023 Edition of the National Risk Register predicts a 5 to 25% chance of a devastating attack targeting critical infrastructure and causing physical harm within the next two years. This prediction is based on an internal National Security Risk assessment that considers malicious risks such as terrorism and cyber-attacks, as well as non-malicious risks like severe weather incidents.
The report highlights several cyber-related risks, including attacks on gas and energy infrastructure, fuel supply infrastructure, health and social care systems, the transport sector, financial infrastructure, and retail banks. The interconnectedness of these infrastructures means that an attack on one could have far-reaching consequences unless proper security controls are in place.
The gas infrastructure in the UK is responsible for delivering gas to individual users and businesses across the nation. A cyberattack targeting this infrastructure could potentially lead to a system failure, resulting in the loss of heating, limited access to necessary medical treatment, and a reduced ability to safely use gas. Similarly, a cyberattack on the electricity infrastructure could disrupt all other critical systems, leading to a ripple effect of disruptions in internet telecommunications, water, sewage, and fuel and gas supplies. These disruptions have the potential to create social turmoil and even cause loss of life.
The healthcare sector has also been a target for cyberattacks, as seen in the widely-publicized WannaCry ransomware attack in 2017. These attacks can disrupt critical systems within healthcare facilities, compromising patient health information and impacting patient care. Such disruptions can also result in physical harm to patients.
Financial Market Infrastructures (FMIs) are considered CNIs as they enable financial transactions and play a vital role in the UK economy. However, they are also high-profile targets for cybercriminals. An attack on FMIs could disrupt services, take important systems offline, and increase the risk of fraud and operational losses.
The government’s assessment of potential cyberattacks on critical infrastructure indicates that most serious incidents would involve encryption, data theft, destruction of data, or the complete disruption of operational systems. The likelihood of such an attack within the next two years is considered low but significant enough to warrant preparation for a worst-case scenario.
The World Economic Forum’s Global Cybersecurity Outlook further emphasizes the importance of addressing the issue. The report reveals that 91% of respondents believe a far-reaching, catastrophic cyber event is at least somewhat likely within the next two years, and 43% of business leaders believe that cyberattacks will have a material impact on their organizations. This highlights the need for businesses of all sizes and sectors to take concrete actions to protect themselves from potential breaches.
To enhance cybersecurity, businesses must invest in secure networks and systems, with consistent built-in security measures. This includes implementing secure password managers and ensuring secure accounts and passwords across the company. Additionally, organizations should adopt a Zero-Trust Architecture (ZTA) and Privileged Access Management (PAM) to prevent unauthorized privilege escalation and strongly enforce user access roles. Security event monitoring should be in place to detect and block unusual privilege escalation, and least-access policies should be implemented to ensure users only have access to the data and resources necessary for their job duties.
Furthermore, it is crucial to shift the mindset that security teams are solely responsible for security. C-suite executives should involve security leaders in regular business reviews and plans, and all employees should receive consistent training to recognize and avoid the latest attack vectors.
The time to act is now. As operational and information technology continue to converge, the opportunities and pathways for cybercriminals to target critical infrastructure will only increase. The sophistication of cyberattacks is also rising, with threats such as supply chain attacks and ransomware becoming more prevalent. The potential for disruption no longer solely affects production and productivity but also poses physical damage and harm.
Ultimately, cyberattacks against critical infrastructure can serve political purposes and be part of a larger effort to threaten operations, destabilize governments, and disrupt power grids, transportation networks, and financial institutions. In the digital age, the convergence of cyber and traditional warfare tactics is evident as threat actors use cyberattacks to support and supplement physical attacks, with potentially devastating consequences. It is vital for governments, organizations, and individuals to prioritize cybersecurity and take proactive steps to protect critical infrastructure and ensure the safety and well-being of citizens.