The lack of political leadership to face targeted attacks is contributing to the poor job the UK is doing on its national security strategy, says a UK government report discussing the cyber security of the nation’s critical national infrastructure.
How devastating is an attack on critical infrastructures and how is it perceived by the general public? The official government report found that the general public doesn’t fully understand the aftermath of a targeted attack on critical sectors such as energy, health services, transport or water.
This is a major concern for the country, as the threat landscape is growing and an increase in the number of attacks targeting the UK has been detected. The joint committee warns that the shortage of industry experts and lack of urgency in actions are actively exposing critical infrastructures to risks that could easily be avoided otherwise.
The government’s “efforts so far certainly fail to do justice to its own assessment that major cyber attacks on the UK and interests are a top-tier threat to national security,” reads the report. For example, cyber attacks recently targeted UK’s key sectors - health, telecommunications, energy and government.
On the positive side, governments are starting to wake up from their deep sleep and not only acknowledge, but actually understand that it is imperative to improve cyber resilience in both private and public sectors.
The government anticipates an increase disruptive attacks by foreign intelligence, and names Russia as a top threat for cyber espionage and theft of secret data. A nation-state-sponsored attack on critical infrastructures might compromise sensitive data that could easily be leveraged for military operations.
The Chinese-linked NetTraveler espionage malware campaign, for example, went undetected between 2004 and 2013, stealing over 22 gigabytes of data connected to aerospace, nanotechnology, nuclear power cells, lasers, drilling, manufacturing in extreme conditions and radio wave weapons.
Critical national or transnational infrastructures, such as nuclear power plants, national energy grids, urban water supplies, transportation management systems, traffic controller systems, hospitals and other healthcare facilities, are in the crosshairs of targeted attacks, which can lead to operational incapacitation and even human casualties.
In fact, 16.7 percent of IT security decision makers in the UK fear loss of life as a severe yet realistic consequence of an APT, and nearly 30 percent of German IT executives and 20 percent of US executives share their concern, according to a Bitdefender survey.
If governments want to benefit from all the opportunities technology such as automation or the Internet of Things has to offer, it’s important to safeguard their networks and cyber security, and it all starts with sustained leadership.