The UK’s business secretary, Vince Cable, has warned a summit of intelligence chiefs and regulators that the country’s essential services are vulnerable to a cyber attack.
He told summit participants that more needs to be done to protect critical infrastructure from the new breed of threat posed by terrorists and criminals alike, saying that gas distribution and the banking sector were particularly vulnerable, along with the rail network and mobile phone networks.
Attendees of the summit, which represented the financial, water, communications, energy and communications industries, discussed working in partnership to help combat future threats.
“Cyber attacks are a serious and growing threat to British businesses, but it is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives.”
Expanding on the threats, he said that terrorist and criminal activity targeting IT systems could lead to power outages, problems with making payments and travel disruption. Cable made his point by drawing attention to an attack in 2012 which led to the shutdown of 30,000 computers belonging to Saudi Arabia’s national oil company, as well as several cyber attacks against banks in the US.
Strengthening cyber protection to the required level in the future was, he said, only achievable via collaboration encompassing all the at-risk industries, regulators and the government –
“Today’s event marks the next step in highlighting the important role of the regulators in overseeing the adoption of robust cyber security measures by the companies that supply these crucial services.”
The regulators, including the Office of the Nuclear Regulator, Ofgem, the Bank of England and the Civil Aviation Authority listened to outgoing GCHQ chief Sir Ian Lobban as he outlined the latest threats.
In a joint statement those regulators, along with the government, pledged to undertake more exercises (such as Waking Shark II which, last year, tested how the banking sector would respond to a cyber attack), share more information, and to adopt a 10 point GCHQ plan to improve cyber security.
What happens next is not clear yet, but it would certainly be good to see a single body take responsibility for co-ordinating efforts in the event of an attack against any piece of critical infrastructure, irrespective of the particular industry it operates within, as per the banks’ recommendations following their recent exercise.
What we don’t want is a mess like the one we currently see in the US where a recent report highlights how having a disjointed and fractured approach to security within government departments, with little to no oversight, can lead to to what can best be described as a disaster.
I’ll leave you to read that report at your leisure but some highlights include laptops containing sensitive nuclear information (whereabouts possibly unknown), SEC computers containing information on how to hack exchanges and another device from the same department which was found to have been connected to a public network at a hacker convention!
Its at times like this that we can be thankful that we instead have Vince Cable, a cabal of regulators and GCHQ to protect us, eh?