In-depth

Critical national infrastructure: the Government warns business again

Could cyber crime be even more damaging than floods to the country's key industries? A Government summit suggests they might.

Storm warning

Inside the Enterprise: As waves and wind lashed the south west of England, the Government convened its COBRA emergency committee to organise a response this week. But elsewhere in Whitehall, another group of senior officials met to discuss another, potential, disaster: a cyber attack on the UK's national infrastructure.

The summit, hosted by Business Secretary Vince Cable, and the director general of GCHQ, Sir Ian Lobban, brought together the industry regulators for telecoms, energy, water and nuclear power, the Civil Aviation Authority, and the Bank of England.

The regulators were briefed on what ministers, and the security services, believe is a growing threat not just to government bodies, but commercial firms too.

A well-targeted cyber attack could cripple the UK's banking, finance and utility sectors or, at the very least, cause a lot of public inconvenience. The fact that, in critical infrastructure, private firms and government are so closely intertwined means that the failure of a commercial company due to an online attack has an impact far beyond its own shareholders.

This is not the first time that the Government has warned business about the cyber threat, and its role in combatting it. But it is the first time that regulators have been brought in to discuss cyber risks.

The regulators are, of course, responsible for maintaining supply, as well as areas such as competition and pricing. And they do have powers to require the companies they regulate to up their game, when it comes to protecting their networks. And that includes the cyber threat.

GCHQ will be encouraging businesses in the critical infrastructure sector to follow its 10 Steps to Cyber Security, which was issued last year. But GCHQ and government security advisers also want commercial firms to share more information about threats, and how they tackle them, as well as to carry out more cyberdefence exercises.

The financial services sector has recently carried out a number of such tests, led by the Bank of England.

A Cyber Task Force, led by the Cabinet Office and the ICAEW, the chartered accountants' body, recently issued separate guidance for organisastions involved in corporate finance transactions, on how they could improve their information security, and so maintain the City of London's reputation as a safe place to do business. The Government has also contacted the heads of UK listed companies, to give them advice on cybercrime protection.

But the real concern among ministers and, it is easy to suspect, the specialists at GCHQ, is around Government-led or government-backed attacks on the UK. This is where critical national infrastructure comes into play.

An attack on an investment bank or a law firm would be an embarrassment, and a nuisance for its clients. An attack that turned off the water pumps, or the ATMs, could lead to chaos. Security specialists have long worried that commercial firms represent a soft target.

That, though, is changing: commercial firms, or at least those in the CNI field, are starting to take cyber risk more seriously. According to Etienne Greeff, CEO of SecureData, a consultancy, business leaders are starting to ask about the 10 Steps document, and ask if they are doing enough. That, at least, is a step in the right direction.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021
UK’s IoT security regulation will also include smartphones
Internet of Things (IoT)

UK’s IoT security regulation will also include smartphones

21 Apr 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021