Terror groups do not currently have the expertise required to disrupt key public services such as water and electricity, an academic has told MPs.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
"You need skills and intelligence. Right now, militants don't have that,” said Thomas Rid, an expert in war studies at King's College, London, in a briefing of the Public Accounts Committee.
Any attack of that nature would require intelligence about the targets and the skills to reprogram systems, he said.
However, Rid warned that the UK’s critical national infrastructure was vulnerable at sites where industrial control systems were linked to the internet, according to the BBC.
In some cases, he said, the operators of systems supporting the critical national infrastructure might not know it is capable of being connected to the internet.
Also, he said systems that were set up years ago, when cyber security was less important, may not be protected adequately from attack.
The reason such systems have not been attacked already is that groups such as Al-Qaeda do not have the expertise, and those with the expertise, such as China, do not have a motive.
Rid said while the Chinese had a commercial interest in stealing information from companies in the West, they do not have any interest in damaging infrastructure.
Read more about critical infrastructure
- Is UK critical national infrastructure properly protected?
- Government to monitor companies supporting critical national infrastructure
- Critical infrastructure security: Electric industry shows the path
- GRC Management and Critical Infrastructure Protection
- NetWars CyberCity missions to improve critical infrastructure protection
- Steve Lipner on the Microsoft SDL, critical infrastructure protection
A report by US cyber security firm Mandiant in February said a secretive branch of China's military was one of the world's "most prolific cyber-espionage groups".
According to the report, Unit 61398 has "systematically stolen hundreds of terabytes of data" from at least 141 organisations around the world, but mainly in the UK, US and Canada.
The report claims the unit is able to steal from dozens of networks simultaneously, and has stolen hundreds of terabytes of information, including blueprints, business plans and pricing documents.
However, since the release of the report, Mandiant has said China is not the only country carrying out large-scale cyber espionage.
“We are seeing other countries carrying out similar activities,” the company’s chief Kevin Mandia told attendees of RSA Conference 2013 in San Francisco.
Mandiant’s report showed that members of Unit 61398 were able to go undetected inside company networks for an average of 356 days and targeted industries identified by China as strategically important.
Concerns about such cyber activities were highlighted by US President Barack Obama in his State of the Union address.
The order also requires the creation of a cyber security framework aimed at reducing risks to companies providing critical infrastructure.