Power providers in the UK have been warned to beef up measures to protect supplies and services in the face of increasing cyber security threats or face hefty fines.
Energy suppliers are among “critical industries” identified as being vulnerable to attack by the National Cyber Security Centre (NCSC)— part of the UK government’s top-secret national intelligence and security organisation GCHQ.
The NCSC said safeguarding critical power infrastructure such as power generation, datacentres and financial systems from blackouts and hacking should be a top priority for network operators.
Now digital and creative industries minister Margot James has unveiled new industry guidelines to ensure power supply networks and other essential infrastructure are “primed and ready to tackle cyber attacks and resilient against major disruption to services”.
National Grid, the British multinational electricity and gas utility company based in England, has said the frequency of cyber attacks is growing “and so is the danger to the energy systems due to the rapid digitisation of energy assets, and growing number and decentralisation of these assets”. “This requires new and enhanced security measures to mitigate the risk,” the company said.
The UK’s Centre for the Protection of National Infrastructure will host a security manufacturer’s conference next month for its physical security research and development teams “to provide an update on their latest research projects, policies and guidance”.
In the US, the deputy assistant director of the FBI’s cyber division, Howard Marshall, has warned increased use of internet of things (IoT) devices and embedded systems across government, business and in homes, are at risk of cyber attacks. Marshall told legislators in January IoT devices “could be compromised by cyber actors taking advantage of lax security standards and inherent device connectivity to increase the impact of cyber attacks, or as a pivot point into personal or corporate networks”.
Marshall said his division had recently reorganised resources to focus on an “intelligence-driven approach to FBI engagement with critical infrastructure entities on cyber threats”— working with industry leaders to “gain a better understanding” of their businesses.