View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 5, 2014

UK critical infrastructure at risk of cyber attack

Even information on blogs and social media could be our downfall.

By Duncan Macrae

Data available from mainstream online media, such as blogs, social networking websites, and specialist online publications, could be used to mount a cyber-attack on UK critical national infrastructure, an investigative report has suggested. Key information regarding vulnerabilities in company systems is now openly available from a range of sources on the internet, according to ‘Using Open Source Intelligence to Improve ICS & SCADA Security’, a report carried out by design and engineering consultancy Atkins on behalf of the Institution of Engineering and Technology (IET). The research, published today at the IET’s ‘Cyber Security for Industrial Control Systems’ seminar, discovered that many industrial sector websites and academic papers also provide some information which identifies staff and their social media information used to corroborate control systems data. The identification of known vulnerabilities and exploits against specific types of control systems can also be accessed online, along with the identification of third-parties such as contractors, who have detailed knowledge and physical network access. Richard Piggin, head of control systems security consulting at Atkins, said: "To illustrate the increased threat to industrial control systems, the assessment used freely-available tools to demonstrate the identification of networked control systems, their vulnerabilities – and the exploits that may be used to attack them. "The research demonstrates the low level of technical knowledge that is required to successfully mount an attack against Industrial Control Systems." The findings highlight the necessity to manage third-parties, especially their access and activities while on-site, Dr Piggin said: "In the control system context, suitable access control, including role-based access to software and systems with activity logging is recommended". Hugh Boyes from the IET said: "The UK has been proclaimed as the ‘most internet-based major economy’. Whilst this provides a basis for industry to expand and grow, it is essential that any connections between the Internet and Industrial Control Systems are adequately protected.  "However, there continues to be real and growing threats to our interests in cyberspace. The availability of these open source tools makes it easier to locate and attack or interfere with poorly protected control systems. This is working with industry to raise awareness of the issue and to promote the development of suitably skilled cyber security professionals."

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.