Last week saw Vince Cable deliver a speech where he highlighted the risks against critical national infrastructure (CNI) by cyber attacks.
To those of us in the industry, this was not news. The Stuxnet virus of 2010 demonstrated to a high level how an online attack can destroy a physical being, in that case an Iranian nuclear centrifuge which was designed to be overworked to a point that it was useless. Now that was a one off case and we haven’t really seen anything comparable to it to date.
However an attack on the UK national grid or water system could be problematic for a large portion of the population. In Cable’s speech last week, the Secretary of State for Business, Innovation and Skills said that the industries providing essential services such as power, telecommunications and banking should be “adequately protected to avoid disruption to our everyday lives”.
Of course Cable was speaking at a summit for the financial, water, energy, communications and transport sectors, so wanted to appear favourable; but he said that this can only be achieved “through a partnership between government, the regulators and industry”.
The subject of CNI is hardly news to those of us in the industry, as I said, and conversations with industry spokespeople, about the attitude in the Middle East, strike me that they are more advanced than we are.
Speaking to IT Security Guru, Mark Reeves, senior vice president of international sales at Entrust, said that the challenge in this sector is that “what we fight against is very clever”.
He focused on the smart metering concept saying that, while this is the right thing to do, security should be a focus of the rollout while the focus seems to be defining what security of the smart grid is.
Also speaking to IT Security Guru was Lynn Collier, senior director of solutions sales at Hitachi Data Systems, who said that she had seen what was beyond simple smart metering, as the Japanese market has moved into “smart cities”.
She said: “This is water management and metering as well as traffic maintenance. The struggle for business is to get secure remote access to the data centre, and this plays into the Internet of Things concept. It is an explosion of data and to enable access to data that is not to the detriment of the business.”
Wieland Alge, vice president and general manager EMEA of Barracuda Networks, said: “It is vital that the country’s essential infrastructure remains protected against cyber attack from malicious parties.
“As well as implementing the correct firewalls and related security systems, the Government should ensure that cyber security policies are constantly being reviewed. The methods employed by cyber attackers are becoming increasingly more sophisticated, so it is important that the counter-measures also remain up-to-date and staff are constantly educated and refreshed on the topic of cyber security.”
In recent weeks we have reported on how the Government is rolling out an operations centre for the public sector network to enable sharing of threats and incidents, while the sharing platform CISP (collaborative information sharing platform) was heavily used during the Waking Shark 2 exercise.
Can such a concept be used for CNI? The answer should be yes if they are deemed to be providing essential services to the UK economy. After all if they go down, then we all fall over. The problem for Government is that they have talked the talk here, and now they need to show that the essential services are essentially protected.