The UK official National Cyber Security Centre (NCSC) has warned critical national infrastructure (CNI), about a need to protect themselves against “severe” cyber threats. The alert is prompted by cyberattacks against Poland’s energy infrastructure with malware in December. Jonathan Ellison, director for national resilience at the NCSC, wrote on LinkedIn: “Cyber-attacks disrupting everyday essential services may sound far-fetched, but we know it’s not.”
He wrote: “Our Polish partners recently publicly shared how some of the country’s critical infrastructure was targeted just after Christmas by coordinated attacks, including against a heat and power plant and several renewable energy generators. They likened the attempted disruption to arson.”
Comments
Matt Conlon, CEO and co-founder of Cytidel, described the NCSC’s warning as timely and necessary. He said: “Threats against Critical National Infrastructure (CNI) have been escalating globally for several years, and recent incidents underline just how exposed essential services remain. From the Colonial Pipeline attack in 2021, which was fortunate to be detected before physical damage occurred, to last week’s cyberattack on Romanian oil pipeline operator Conpet, reportedly claimed by Qilin, the message is clear: CNI is firmly in the crosshairs. We’ve also seen the real-world consequences closer to home, with the Health Service Executive (HSE) crippled by ransomware in 2021, disrupting patient care nationwide. These attacks demonstrate that cyber incidents against CNI are no longer hypothetical IT issues; they are national resilience issues.
“The NCSC’s guidance extends well beyond basic security controls such as MFA [multi-factor authentication], and security leaders responsible for critical services should pay close attention. One of the most important elements is the effective use of threat intelligence. Threat intelligence is critical to national security, but only if it is operationalised. Too many organisations are still reliant on static PDF reports that can’t be acted on quickly enough before the next attack lands. Tailored, real-time intelligence enables organisations to identify which vulnerabilities are under active exploitation and where to prioritise defensive efforts, based on the threats targeting CNI providers globally. In today’s threat landscape, knowing what matters most right now is what makes the difference between resilience and disruption.”
And Jake Moore, Global Cybersecurity Advisor at anti-virus software vendor ESET, made the point that a nation state can still inflict damage on critical infrastructure without needing impressive zero day exploits. “Before worrying about sophisticated attacks, we need to focus on getting the basics right. Simply doubling down on multi factor authentication, removing weak credentials and looking for exposed entry points can often improve security far more than looking for a brand new attack vector.
“Nation state attackers are still succeeding because they can exploit these simple weaknesses and why not when these doors are left open? Cybercriminals may be persistent, but if there is an easier, quicker way to cause disruption, it means less time and effort spent on causing the damage.”
