News

UK critical infrastructure at risk of cyber attack, says IET report

UK critical national infrastructure (CNI) is at risk of cyber attack, says a report by engineering consultancy Atkins.

Data available from online media – such as blogs, social networking sites and specialist publications – could be used to mount a cyber attack on UK infrastructure, according to the report commissioned by the Institution of Engineering and Technology (IET).

CNI2.jpg

“Key information regarding vulnerabilities in company systems is now openly available from a range of sources on the internet,” said the report, entitled Using Open Source Intelligence to Improve ICS & SCADA Security.

The research, published at the IET’s Cyber Security for Industrial Control Systems seminar in London, found many industrial sector websites and academic papers provide information which identifies CNI-related staff and their social media information.

Known vulnerabilities and exploits against specific types of control systems can also be accessed online, the report said, along with the identification of third parties such as contractors, who have detailed knowledge and physical network access.

Richard Piggin, head of control systems security consulting at Atkins, said: “To illustrate the increased threat to industrial control systems, the assessment used freely available tools to demonstrate the identification of networked control systems, their vulnerabilities – and the exploits that may be used to attack them.

“The research demonstrates the low level of technical knowledge that is required to successfully mount an attack against industrial control systems.”

According to Piggin, the research findings highlight the necessity to manage third parties, especially their access and activities while onsite.

“In the control system context, suitable access control, including role-based access to software and systems with activity logging is recommended,” said Piggin.

The IET said the UK is one of the most internet-based major economies and, while this provides the basis for industry to expand and grow, it is essential connections between the internet and industrial control systems are protected adequately.

In the light of the research findings – that open source tools makes it easier to locate and attack or interfere with poorly protected control systems – the IET said it is essential to raise awareness of the issue and promote the development of suitably skilled cyber security professionals.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy