The Spy Who Hacked Me? - Securing a Country’s Critical National Infrastructure

Dan Meyrick, Sales & Business Development Manager at Genetec

Last year's failure of the UK’s National Grid has emphasised the crucial importance of a country’s Critical National Infrastructure (CNI) to its citizens’ everyday lives. The event occurred when a power surge left parts of the country in chaos, London’s transport and road network ground to a halt, and a million homes and businesses temporarily lost power.

Though the issue was resolved in a short space of time, it demonstrates the importance of CNI and the impact a single weak link in the chain can have on vital resources, such as energy, food & water supplies, emergency services and transport. Although it’s hard to estimate the likelihood of an attack, the continual diversification of threats, and the ambition and capabilities of terrorist groups (and state actors) is likely to continue to evolve. Which means organisations must be equipped to deal with every eventuality.

There are other factors that broaden the remit of security teams further. For instance, cities are becoming increasingly smart and connected. This connectivity is creating more avenues for cyber-attacks than ever. Furthermore, it’s not only isolated hackers targeting organisations anymore, nation states are orchestrating well-funded and wide-ranging attacks. North Korea, for example, has been linked to disruptive malware like Sharpshooter and WannaCry. This leaves security administrators with the difficult task of assessing an ever-multiplying range of threats. Whilst it may be impossible to secure CNI networks completely – planning ahead, improving defences and resilience as new vulnerabilities arise can significantly reduce the potential impact such attacks could have. The disruption from a simple power-cut not only showed us the fragility of the system that powers the UK, but also gave us a snapshot of the chaos that would ensue if an attack was ever successful.

The Fallout

In July 2019, an electrical provider in Johannesburg was targeted by ransomware. Once infected its IT systems were locked-down, leaving many of its customers across the city without power. Although this was more than likely an isolated hacker rather than a state backed cyber-attack, it highlights the fact that not all attacks on CNI are physical. Ransomware proved to be the easiest means of causing the most disruption and was therefore the preferred method of causing mayhem.

The most illustrative modern example of a state-wide cyber-meltdown was the Estonian cyber-attack of 2007. After city     officials decided to relocate a soviet WW2 statue from the country’s capital, Tallinn, there was a Russian backlash. Consequently, Estonian websites were overwhelmed when they were swarmed with bots. Bank, media and government websites were shut down. This left government workers unable to communicate remotely, people unable to withdraw money from ATMs or access their bank accounts, causing chaos for weeks.

Precisely no one was surprised to learn that many of the IP addresses were based in Russia, so it’s almost certain these attacks were orchestrated by the Kremlin. But regardless of who the instigator was, this incident showed that nations can exert an enormous amount of power remotely through digital means. A targeted attack on key services also illustrates just how brittle a countries’ infrastructure can be and how quickly communications can break down.

Thankfully, there have been far fewer examples of physical security breaches on CNI, although when they have occurred, they - more often than not - have a higher chance of causing loss of life and devastation – like the 7/7 attacks that targeted London’s transport network. But events like this show that regardless of the type of threat, cyber or physical, you must be prepared.

The ABCs of security

Within the context of international cyber-espionage and terrorism, the task of security can seem like a daunting one. Nevertheless, the scale of the organisations involved should make little difference – the fundamentals of cyber and physical security remain the same. The Centre for the Protection of National Infrastructure classifies effective security as “defence-in-depth”. This concept is based on the principle that the security of an asset is not significantly reduced with the loss of any single layer of defence. A way of simplifying the management of this layered system of defences is by consolidating every security asset into a single unified platform. After all, every IP-connected device such as a video surveillance camera or access control that helps protect you in the real world can become a digital gateway into the organisation if not secured appropriately.

To read the full story:
Click here to download your copy of World Security Report (pdf) >>

Follow