The Cyber Threat to Critical Infrastructure

Cyber Threat

The operation of Critical Infrastructure in the UK is pivotable in the safety and economic prosperity of the country…. but what protection is being provided to mitigate the cyber threat posed by hackers ?

We are seeing increasing threats to key infrastructure such as airports and power stations with the cyber threat now emerging as a very real risk. This concern is also now at the forefront of governments on both sides of the Atlantic with initiatives being put in place to protect our critical infrastructure.

Europe – The Network and Information Systems (NIS) Directive 

The European Commission agreed to implement the Network and Information Services Directive in late 2015 as reported in our post   

This Directive needs to be complied with by May 2018 however according to a report by Corero Network Security suggests that it may prove difficult for certain sectors of the UK’s critical infrastructure to achieve this. The report found that 39% of the critical infrastructure in the UK did not reach basic cyber security standards. Key sectors were the NHS and the police.

The main reason for the Directive is to increase the security of Network and Information Systems within the European Union with the aim to bring the following:-

  •  Minimum standards of cybersecurity for banks, energy, transport , health and water utilities.
  •  EU-wide rules on cybersecurity.
  •  Cooperation between EU companies on cyber security
  •  The sharing of information of breaches
  •  Best practices in cyber security
  •  Mutual help in securing a country’s critical infrastructure

In addition to critical infrastructure these regulations will apply to certain technology firms and it is possible that this will also be applicable to major online marketplaces, such as eBay and Amazon, and search engines such as Google.

Last month the Government launched a consultation paper which sets out the proposed implementation in the UK which will also reflect the UK departure from the EU. The consultation will ascertain the views from industry, regulators and other relevant parties

The consultation will cover the following :-

  • The essential services the directive needs to cover
  • The possible penalties that could be applied
  • The authorities that will regulate and audit specific sectors
  • The security measures that will be imposed
  • Appropriate timelines for incident reporting
  • Assessment of the impact on Digital Services Providers

USA – Homeland Security – The Presidential Policy Directive /PPD-21

The main purpose of this directive is to provide the provision of strategic guidance and to promote the security and resilience of the US’s critical infrastructure.

Within this directive Homeland Security will support the following:-

  • Identify and prioritize critical infrastructure, considering physical and cyber threats and vulnerabilities.
  • Maintenance  of national critical infrastructure centers in order to provide a situational awareness capabilities  about emerging trends and imminent threats
  • The coordination of appropriate bodies and Federal departments to provide analysis, expertise, and other technical assistance to critical infrastructure businesses
  • Facilitate the exchange of information and intelligence necessary
  • Work to improve the resilience of critical infrastructure against cyber threats
  • Annual review of the protection required by statute to protect national critical infrastructure.

The critical infrastructure of a country’s is a prime target for hackers and it is therefore essential that appropriate cyber security standards are in place and that this continues to keep place with the changing cyber threat landscape.

Image : Shutterstock