Defence Online

Exposing cyber threats to critical national infrastructure

Homeland September 26, 2016

Over the last decade an increasing number of countries have reported cyber attacks on their critical national infrastructure.

Here, Jalal Bouhdada, Founder and Principal ICS Security Consultant for Applied Risk, tells MOD DCB features editor Julie Shennan how industry and government can combine to combat this threat.

In its 2015 Security Annual Threat Report, Dell highlighted that attacks on Supervisory Control and Data Acquisition (SCADA) systems – which are used to power many critical national infrastructure projects – had more than quadrupled over the course of a single year. The report noted that worldwide SCADA attacks increased from 163,228 in January 2013 to 675,186 in January 2014. More specifically, in 2014 Dell reported 69,656 SCADA attacks in the UK alone.

One man who is focused on combating this growing threat is Jalal Bouhdada, Founder and Principal ICS Security Consultant for independent risk management specialist Applied Risk. Mr Bouhdada frequently speaks at cyber conferences such as Security Europe 2016 and dedicates his days to securing cyber landscapes.

Cyber security is a hot topic in every organisation board, especially those that deal in critical infrastructure; this is because of the increasing number of cyber attacks we are seeing on these areas in recent years.

Mr Bouhada told us, he continued: “When it comes to critical infrastructure there has been extra focus on protecting systems and acting in a timely manner to any breach; this minimises the damage that adversaries can do.” 

Examples of this damage can be seen in critical national infrastructure incidents across the globe. Mr Bouhdada noted: “The Iranians, Saudis and Ukrainians have seen cyber attacks on their critical national infrastructure in recent years. Iran’s Stuxnet nuclear reactor attack, Saudi Arabia’s Shamoon oil station attack and the Ukrainian national power grid attack have all happened in the last decade.”

In August 2010 a Stuxnet attack was identified in Iran with the worm hitting five nuclear reactors, collecting information on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. Stuxnet achieved this by using the Microsoft Windows operating system and networks, then seeking out Siemens Step7 software and compromising it.

Then, on 15 August 2012 the computer network of Saudi Arabia’s national oil and gas firm, Aramco, was struck by a self-replicating virus – believed to be Shamoon malware – that infected as many as 30,000 of its Windows-based machines. According to reports, Aramco took almost two weeks to recover from the damage.

Most recently, in December 2015 a cyber attack in Ukraine hacked three separate power stations within thirty minutes of each other, shutting down the power grid for an undisclosed period of time. Talking of these attacks, Mr Bouhdada said:

Governments have a very important role to play in protecting critical national infrastructure; they cannot just rely on private sector companies to implement their cyber security.”

“In certain situations private sector companies’ capabilities can be limited, especially when they are facing other government agencies. So governments must work with private sector companies to act in a timely manner to deter and deal with cyber breaches.”

Private and public collaboration can be seen in the UK Government’s National Cyber Security Strategy, a £1.9 billion plus improvement project between government and industry that opened the National Cyber Security Centre (NCSC) and launched the Cyber Essentials Scheme for suppliers to government.

The UK’s cyber skills are in quite a good position. A lot of cyber education and training has taken place and there is a good degree of collaboration between the public and private sectors.

“The UK and Netherlands are good examples of countries that have cyber strategies in place to deal with increased cyber threats, both with offensive and defensive capabilities.”

He continued: “Good security systems use a variety of tools to detect and thwart cyber attacks – both offensive technology, which detects and attacks threats in products or networks; and defensive technology, which encrypts data and disrupts any attempt to steal it.”

While the UK has taken action to secure its systems from cyber attack, Mr Bouhdada noted that government suppliers must remain vigilant in the face of threats. He said: “The most important thing companies can do to start their cyber security strategy is to understand the assets they have and then decide the safeguards and controls they need to protect them.

“This could mean implementing training, and risk assessments being undertaken on a regular basis and then being audited to review their effectiveness. There is also the element of tests that can simulate cyber attacks and show how effective the organisation is in tackling them.”

While Mr Bouhdada accepted some organisations lacked the resources to conduct such thorough cyber security tests, he urged any suppliers in these positions to outsource their cyber checks.

With over 15 years’ experience in cyber security assessment, Mr Bouhdada noted this rigorous approach was needed more now than ever. He concluded:

With the growing number of recent cyber attacks on government critical national infrastructure it is my prediction that authorities will start to take cyber threats more seriously and put more resources into sourcing the skills to combat them.”

If you would like to join our community and read more articles like this then please click here

Applied Risk critical national infrastructure Cyber cyber crime cybersecurity Defence Founder and Principal ICS Security Consultant Jalal Bouhdada malware security

Post written by: Julie Shennan

Features Editor of MOD DCB Magazine and MOD DSS Yearbook. Content Marketing Executive at BiP Solutions (Defence Online's sister company). Editor and founder of Artsnfaffs Online Magazine.