Companies responsible for critical infrastructure have been
urged to take a more in-depth approach to contingency planning, and
to consider disasters that could seriously harm their business,
even though there may be a low probability of any of them
occurring.
Chief executives and IT directors at the Protecting Critical
National Infrastructure convention last week heard that too few
businesses think about wider threats, such as the impact of
terrorism on communications or the internet.
Police forces have already suffered major communications problems,
the conference heard. In one case, a force lost its ability to
receive 999 calls for eight hours and had to rely on neighbouring
forces for help. The computer systems at another were disrupted for
11 days after an IT manager took his laptop home, picked up a
virus, and reconnected to the force's systems.
The Slammer worm placed a nuclear power station at risk last year,
when it entered through an undocumented telecoms link, disrupting
monitoring systems. "If a dumb worm can get in, then an intelligent
hacker who knows what he is doing poses a much greater threat," one
official warned.
A panel of senior officials from transport operators, energy firms
and the police, speaking under condition of anonymity, said that
businesses needed to work together to plan for threats against the
UK's critical communications infrastructure.
"Most people judge their response to threats because of their
visibility. They pay attention to the impact of worms and viruses
on their infrastructure. But we need to take a longer-term look at
risks. They may not happen very often, but when they do they can
have a devastating effect," said one senior telecoms manager.
Firms were urged to plan for combined physical and electronic
attacks. A train crash or a terrorist bomb could coincide with an
attack on the phone systems or an internet worm, with potentially
devastating consequences for the emergency services.
Hackers could cause internet meltdown if they found a way to cause
Cisco routers around the world to fail, effectively bringing a halt
to financial transactions, one senior banker told the
conference.
"It would mean we have to go back to manual processes, such as
using cheque books. It would be like having several Christmas days
in a row, where no one would be able to do financial transactions,"
he said.