Critical national infrastructure: the Government warns business again

Could cyber crime be even more damaging than floods to the country's key industries? A Government summit suggests they might.

Storm warning

Inside the Enterprise: As waves and wind lashed the south west of England, the Government convened its COBRA emergency committee to organise a response this week. But elsewhere in Whitehall, another group of senior officials met to discuss another, potential, disaster: a cyber attack on the UK's national infrastructure.

The summit, hosted by Business Secretary Vince Cable, and the director general of GCHQ, Sir Ian Lobban, brought together the industry regulators for telecoms, energy, water and nuclear power, the Civil Aviation Authority, and the Bank of England.

Advertisement - Article continues below

The regulators were briefed on what ministers, and the security services, believe is a growing threat not just to government bodies, but commercial firms too.

A well-targeted cyber attack could cripple the UK's banking, finance and utility sectors or, at the very least, cause a lot of public inconvenience. The fact that, in critical infrastructure, private firms and government are so closely intertwined means that the failure of a commercial company due to an online attack has an impact far beyond its own shareholders.

This is not the first time that the Government has warned business about the cyber threat, and its role in combatting it. But it is the first time that regulators have been brought in to discuss cyber risks.

Advertisement - Article continues below

The regulators are, of course, responsible for maintaining supply, as well as areas such as competition and pricing. And they do have powers to require the companies they regulate to up their game, when it comes to protecting their networks. And that includes the cyber threat.

Advertisement - Article continues below

GCHQ will be encouraging businesses in the critical infrastructure sector to follow its 10 Steps to Cyber Security, which was issued last year. But GCHQ and government security advisers also want commercial firms to share more information about threats, and how they tackle them, as well as to carry out more cyberdefence exercises.

The financial services sector has recently carried out a number of such tests, led by the Bank of England.

A Cyber Task Force, led by the Cabinet Office and the ICAEW, the chartered accountants' body, recently issued separate guidance for organisastions involved in corporate finance transactions, on how they could improve their information security, and so maintain the City of London's reputation as a safe place to do business. The Government has also contacted the heads of UK listed companies, to give them advice on cybercrime protection.

But the real concern among ministers and, it is easy to suspect, the specialists at GCHQ, is around Government-led or government-backed attacks on the UK. This is where critical national infrastructure comes into play.

Advertisement - Article continues below

An attack on an investment bank or a law firm would be an embarrassment, and a nuisance for its clients. An attack that turned off the water pumps, or the ATMs, could lead to chaos. Security specialists have long worried that commercial firms represent a soft target.

That, though, is changing: commercial firms, or at least those in the CNI field, are starting to take cyber risk more seriously. According to Etienne Greeff, CEO of SecureData, a consultancy, business leaders are starting to ask about the 10 Steps document, and ask if they are doing enough. That, at least, is a step in the right direction.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now


video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Server & storage

Dell EMC PowerEdge R7525 review: An EPYC core density to make Intel weep

26 May 2020
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020