Industrial control systems across several UK sectors have been targeted in recent activity by known state-sponsored attackers, according to a leaked report by the UK National Cyber Security Authority.
The UK is one of several countries targeted by cyber attackers seeking to compromise industrial control systems (ICS), according to a leaked document from the National Cyber Securty Centre (NCSC).
Some ICSs may have been compromised in attacks by advanced state-sponsored hostile threat actors, according to an NCSC document leaked to Motherboard by an energy industry source and confirmed by two others on condition of anonymity. Although modern ICSs typically found in the energy sector and other suppliers of critical national infrastructure are designed to be secure, legacy systems were not. The fact that many of these legacy systems are still widely used has, in recent years, raised concerns about the resilience to cyber attacks. But according to Airbus, there are a growing number of options available to protect legacy systems. The aircraft manufacturer is among suppliers that are developing ways to add security where it was lacking.
Kevin Jones, head of cyber security innovation at Airbus, told Computer Weekly recently that there is a good level of awareness, understanding and protection among operators of critical national infrastructure (CNI) in the UK, and attacking ICSs is not as easy as many people think. Despite vulnerabilities in individual components, once these are put together in a bigger system, it is a lot more difficult to exploit those vulnerabilities than some people claim, said Jones. “In the lab, it is easy to exploit these vulnerabilities because we have direct network access to the PLCs [programmable logic controllers], but in the real world there are a few things that can help to make it more difficult for would-be attackers, such as good network security, including various filters on the web traffic,” he said.
However, cyber defence of CNI is a key focus for the NCSC and the leaked document warns of cyber attacks targeting energy, engineering, industrial control and water supply companies. The NCSC is also believed to be providing technical guidance to affected organisations. The uptick in this activity is believed to be fairly recent and potentially connected to reports of malicious emails sent to senior engineers at the Electricity Supply Board (ESB), which supplies Northern Ireland and the Republic of Ireland, and US government warnings in June 2017 of attacks targeting nuclear and energy firms.