Critical national infrastructure (CNI) faces an emerging cyber threat from state-aligned groups, according to the National Cyber Security Centre.
The UK official NCSC – a part of GCHQ – warned that some groups have stated an intent to launch ‘destructive and disruptive attacks’ and that CNI should ensure they have taken steps outlined in the NCSC’s heightened threat guidance (published last year, shortly before Russia’s invasion of Ukraine). This alert came on the first day of the NCSC’s CYBERUK annual conference in Belfast
The NCSC while not going into specifics points to state-aligned groups sympathetic to Russia’s invasion of Ukraine, a threat that has emerged over the past 18 months. These groups are not motivated by financial gain, nor subject to control by the state, and so their actions can be less predictable and their targeting broader than traditional cyber crime actors.
While in the short term any activity from the groups is likely to take the form of Distributed Denial of Service (DDoS) attacks, website defacements or the spread of misinformation, some groups have stated a desire to achieve a more destructive impact against western infrastructure, the NCSC said. For their alert in full visit the NCSC website.
See also the speech by the Cabinet Office minister Oliver Dowden at CyberUK.
Dr Marsha Quallo-Wright, NCSC Deputy Director for Critical National Infrastructure, said: “It has become clear that certain state-aligned groups have the intent to cause damage to CNI organisations, and it is important that the sector is aware of this. In the wake of this emerging threat, our message to CNI sectors is to take sensible, proportionate steps now to protect themselves.
“The NCSC has produced advice for organisations on steps to take when the cyber threat is heightened, and I would strongly encourage all CNI organisations to follow this now.”
For more on the CYBERUK event, visit https://www.ncsc.gov.uk/section/keep-up-to-date/cyberuk.
Comments
Anthony Young, co-CEO at the cyber security services company Bridewell, said: “The threat of insider sabotage has always been high across CNI, but current economic pressures are making it easier for criminals to exploit the vulnerabilities of both employees and organisations. Reducing security budgets will exacerbate the issue. Decision makers need to invest in strengthening their cyber defences from the inside out. This should encompass the robust monitoring and testing of systems and access controls, investment in data loss prevention, and the continuous education and training of employees to raise awareness of cyber security best practices.”
The firm’s ‘Cyber Security in CNI: 2023’ research report, which surveyed 500 UK cyber security decision makers, in the transport and aviation, utilities, finance, government, and communications sectors, found concern is particularly high in utilities.
Ben Packman, SVP of strategy at British cyber company, PQShield welcomed focus on cyber and the UK’s critical national infrastructure. “Post-quantum cryptography is an essential part of this, and we were pleased to hear a commitment at CyberUK from Oliver Dowden and the head of NCSC, Lindy Cameron, to support industry with the transition to quantum-secure cryptography.
“The US is currently the global superpower when it comes to quantum-secure technology and legislation, but this country is not far behind, with impressive local capabilities and talent. The government can leverage this to lead this emerging sector on a global scale.
“Cryptography modernisation is key, and to achieve this on a suitable timescale, the government must continue to support industry with a clear strategy and guidance, boosted by sufficient investment.”
And David Carroll, MD of Nominet, the registry for .uk domain names, says: “Nation-states are increasingly focusing their activities on disrupting services that impact the greatest number of people. Ultimately these cyber criminals don’t care who the end organisation is – it comes down to who can be exploited to create the biggest effect on a nation’s society and economy, such as critical national infrastructure (CNI).
“This alert from the NCSC has come at the right time. As the need for protection against nation-state threats increases, a push on bolstering critical national infrastructure by the NCSC sends a strong message to cyber criminals around the world and helps us all to manage the risk against future attacks.
“The alert also signifies greater intervention from governments, as we’ve similarly seen in the US. With more specific and ambitious resilience targets coming for CNI operators in the UK by 2025 – it’s a clear-cut message on how our collective national cyber defence is so reliant on the posture of CNI.”
