The National Cyber Security Centre (NCSC) has issued an alert to critical national infrastructure (CNI) providers, urging them to act now to protect against “severe” cyber threats.
The alert comes following coordinated cyber-attacks which targeted Poland’s energy infrastructure with malware in December.
Jonathan Ellison, director for national resilience at the NCSC, has urged CNI operators that they must act now to ensure they can respond to any similar campaigns targeting UK critical infrastructure
“Cyber-attacks disrupting everyday essential services may sound far-fetched, but we know it’s not,” he wrote in a LinkedIn post.
“Incidents like this speak to the severity of the cyber threat and highlight the necessity of strong cyber defences and resilience. Operators of UK critical national infrastructure must not only take note but, as we have said before, act now.”
Energy supply, water supply, transportation, health and telecommunications are among the national assets “essential for the functioning of society” which the NCSC has defined as critical infrastructure.
Ellison also urged CNI providers to take heed of recent NCSC guidance on how they can plan and prepare to defend against severe cyber threats.
Severe threats are defined by NCSC as “a deliberate and highly disruptive or destructive cyber-attack.”
The aims of such an attack could include attempts to shut down or damage critical operations, physically damage systems, such as Industrial Control Systems (ICS) or erase data to make recovery of services impossible.
To counter this, the NCSC has issued advice on monitoring of threats and network activity, increasing situational awareness and hardening network defences.
Hardening defences is focused around applying industry best practices to make networks as robust as possible. This includes, patching known cybersecurity vulnerabilities, applying access controls including multi-factor authentication (MFA) and ensuring that network infrastructure is managed with secure by design principals applied.
“Although attacks can still happen, strong resilience and recovery plans reduce both the chances of an attack succeeding and the impact if one does,” said Ellison.
The NCSC director of national resilience also pointed to The Cyber Security and Resilience Bill as something which will help ensure that key sectors, including critical national infrastructure can stay secure against cyber threats.
“The Bill is a critical step towards managing the UK’s collective vulnerability against the backdrop of the modern threat,” he said.
