In-depth

Critical national infrastructure: the Government warns business again

Could cyber crime be even more damaging than floods to the country's key industries? A Government summit suggests they might.

Storm warning

Inside the Enterprise: As waves and wind lashed the south west of England, the Government convened its COBRA emergency committee to organise a response this week. But elsewhere in Whitehall, another group of senior officials met to discuss another, potential, disaster: a cyber attack on the UK's national infrastructure.

The summit, hosted by Business Secretary Vince Cable, and the director general of GCHQ, Sir Ian Lobban, brought together the industry regulators for telecoms, energy, water and nuclear power, the Civil Aviation Authority, and the Bank of England.

Advertisement - Article continues below

The regulators were briefed on what ministers, and the security services, believe is a growing threat not just to government bodies, but commercial firms too.

A well-targeted cyber attack could cripple the UK's banking, finance and utility sectors or, at the very least, cause a lot of public inconvenience. The fact that, in critical infrastructure, private firms and government are so closely intertwined means that the failure of a commercial company due to an online attack has an impact far beyond its own shareholders.

This is not the first time that the Government has warned business about the cyber threat, and its role in combatting it. But it is the first time that regulators have been brought in to discuss cyber risks.

Advertisement
Advertisement - Article continues below

The regulators are, of course, responsible for maintaining supply, as well as areas such as competition and pricing. And they do have powers to require the companies they regulate to up their game, when it comes to protecting their networks. And that includes the cyber threat.

Advertisement - Article continues below

GCHQ will be encouraging businesses in the critical infrastructure sector to follow its 10 Steps to Cyber Security, which was issued last year. But GCHQ and government security advisers also want commercial firms to share more information about threats, and how they tackle them, as well as to carry out more cyberdefence exercises.

The financial services sector has recently carried out a number of such tests, led by the Bank of England.

A Cyber Task Force, led by the Cabinet Office and the ICAEW, the chartered accountants' body, recently issued separate guidance for organisastions involved in corporate finance transactions, on how they could improve their information security, and so maintain the City of London's reputation as a safe place to do business. The Government has also contacted the heads of UK listed companies, to give them advice on cybercrime protection.

But the real concern among ministers and, it is easy to suspect, the specialists at GCHQ, is around Government-led or government-backed attacks on the UK. This is where critical national infrastructure comes into play.

Advertisement - Article continues below

An attack on an investment bank or a law firm would be an embarrassment, and a nuisance for its clients. An attack that turned off the water pumps, or the ATMs, could lead to chaos. Security specialists have long worried that commercial firms represent a soft target.

That, though, is changing: commercial firms, or at least those in the CNI field, are starting to take cyber risk more seriously. According to Etienne Greeff, CEO of SecureData, a consultancy, business leaders are starting to ask about the 10 Steps document, and ask if they are doing enough. That, at least, is a step in the right direction.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
Police use of facial recognition ruled unlawful in the UK
privacy

Police use of facial recognition ruled unlawful in the UK

11 Aug 2020