Cyber attacks targeting critical infrastructure could take power grids offline, according to Graham Wright, chief information security officer at National Grid.
Wright gave the warning during a Westminster eForum session attended by V3 where he said that the threat posed by malware like Stuxnet and Shamoon is real and serious.
“[National Grid is] the critical infrastructure, and nothing moves without infrastructure. So we’re at the centre. If we go down the nation goes down,” he said.
“This means we’re not interested in cyber security for the sake of it. We’re interested in it as we care if the lights go off.
“We’re worrying about stopping threats into the industrial part of what we do. Stuxnet and Shamoon are the things that are important to us, not what happened to Sony or J P Morgan.”
The Stuxnet malware was uncovered in 2011 targeting Iran’s nuclear programme industrial control systems. It is viewed as a game changer as it was designed to physically sabotage centrifuges.
Shamoon was discovered midway through 2012, and could wipe and forcibly reboot infected machines once it had finished stealing data.
Stuxnet and Shamoon are both believed to be state-sponsored threats.
Wright, a former RAF pilot, said that the overall threat has grown owing to developments in the cybercrime-as-a-service market.
“We’re worried about terrorism, extremism and the insider threat, which could be either,” he said. “What we’re scared about is the operational technology, as there are handheld device and laptops coming in that can reconfigure them.”
Despite his concerns, Wright said that terrorist and protest groups do not currently have the resources to mount Stuxnet-level strikes.
Wright is one of many experts to warn about the dangers posed to critical infrastructure by destructive attacks.
Experts from CERT-UK and the Department for Work and Pensions said during a panel discussion at Infosec earlier in June that critical infrastructure suppliers are failing to follow basic cyber security best practice, leaving providers vulnerable to attack.
Experts from FireEye and F-Secure told V3 that the nature of Stuxnet means that many UK power plants may have fallen victim to the malware in 2013.
Wright’s comments follow the discovery an evolved version of the Duqu worm. Researchers at Kaspersky Lab reported uncovering Duqu 2.0 after it targeted the security firm’s systems.
Duqu 2.0 is believed to have also targeted businesses, governments and individuals involved in international negotiations concerning Iran’s nuclear programme.
View the original content and more from this author here: http://ift.tt/1Hvt4Xd
from critical infrastructure alliance http://ift.tt/1FYKh5G
via IFTTT
No comments:
Post a Comment