A poll of over 12,000 cybersecurity professionals has found that almost two thirds believe a critical national infrastructure attack is likely to hit the UK in 2019.
The poll by Infosecurity Europe 2019 found that 59% of respondents, many of whom are chief information security officers (CISOs) considered such an attack be probable within the year, while the majority raised alarm bells about companies’ ability to respond to such a threat.
A critical national infrastructure attack is an attack on assets that are vital to the smooth running of a society, such as power plants and other parts of the electricity network, key supply chains and transport networks.
These can be attacks by either criminals or state-backed attackers, with motives varying from malicious damage or cash acquisition to political gain.
Such an attack could make basic infrastructure inaccessible or not possible to run at full capacity, impacting some of the basic resources that society runs on.
The ransomware attack WannaCry could be described as a critical national infrastructure attack due to its devastation of many NHS systems when it hit in 2017.
Security issues that raise critical national infrastructure attack concerns
Much of the UK’s critical national infrastructure is owned or operated by private companies, meaning that the issue of protecting it from cyberattacks is both a government and an enterprise problem.
However, these types of attacks typically occur at the intersection between digital and physical systems – where cyberattackers can cause the most lasting damage – and this poses a problem for enterprises.
68% of respondents in the poll by Infosecurity Europe said that the security teams in charge of their cyber and physical infrastructures never collaborate, meaning that key vulnerabilities can be missed in the gap between the two.
And if critical national infrastructure attacks are to be prevented, companies need to take this issue more seriously.
“The increasing convergence of cyber and physical environments is inevitable, but managing them in a cohesive way will strengthen enterprise security,” commented Kevin Fielder, CISO of Just Eat.
“Defending critical assets is a team sport,” agreed Nigel Stanley, chief technology officer and global head of OT cybersecurity at TÜV Rheinland.
“IT, physical and OT teams need to get their act together and start to share and learn from each other.”