Infrastructure must plan for terrorist threats

Companies responsible for critical infrastructure have been urged to take a more in-depth approach to contingency planning, and...

Companies responsible for critical infrastructure have been urged to take a more in-depth approach to contingency planning, and to consider disasters that could seriously harm their business, even though there may be a low probability of any of them occurring.

Chief executives and IT directors at the Protecting Critical National Infrastructure convention last week heard that too few businesses think about wider threats, such as the impact of terrorism on communications or the internet.

Police forces have already suffered major communications problems, the conference heard. In one case, a force lost its ability to receive 999 calls for eight hours and had to rely on neighbouring forces for help. The computer systems at another were disrupted for 11 days after an IT manager took his laptop home, picked up a virus, and reconnected to the force's systems.

The Slammer worm placed a nuclear power station at risk last year, when it entered through an undocumented telecoms link, disrupting monitoring systems. "If a dumb worm can get in, then an intelligent hacker who knows what he is doing poses a much greater threat," one official warned.

A panel of senior officials from transport operators, energy firms and the police, speaking under condition of anonymity, said that businesses needed to work together to plan for threats against the UK's critical communications infrastructure.

"Most people judge their response to threats because of their visibility. They pay attention to the impact of worms and viruses on their infrastructure. But we need to take a longer-term look at risks. They may not happen very often, but when they do they can have a devastating effect," said one senior telecoms manager.

Firms were urged to plan for combined physical and electronic attacks. A train crash or a terrorist bomb could coincide with an attack on the phone systems or an internet worm, with potentially devastating consequences for the emergency services.

Hackers could cause internet meltdown if they found a way to cause Cisco routers around the world to fail, effectively bringing a halt to financial transactions, one senior banker told the conference.

"It would mean we have to go back to manual processes, such as using cheque books. It would be like having several Christmas days in a row, where no one would be able to do financial transactions," he said.

Read more on IT risk management