‘Lazy’ fibre engineers blamed for heightened risk of cyber attacks
HOSPITALS and banks are more exposed to cyber attacks because “lazy” broadband engineers are failing to fill in crucial forms, it has been alleged.
Industry sources warned of a “Wild West” among contractors who are not handing over information about when and where they are working on BT’S network. This leaves companies blind to who has access to critical network infrastructure, the sources claimed, allowing saboteurs to take advantage. In one incident in late October, a hospital and financial institution in central London were taken offline after someone gained access to the network and cut through a cable. In another incident in August, two people used a van to tear broadband cables out of the ground.
Under industry rules, companies and their contractors must provide information that outlines when and where they plan to access BT’S ducts and poles, known as “whereabouts”. But BT figures seen by The Daily Telegraph show compliance rates are low and are falling. Almost half of the jobs completed by network provider Cityfibre across BT’S infrastructure by the end of October had no whereabouts information.
Compliance on ongoing jobs dropped to just 23pc, although sources stressed this was an “in progress” figure. Cityfibre declined to comment. Openreach, BT’S network division, has said compliance with the whereabouts rules is “poor”.
An industry source said: “Low compliance means it becomes practically impossible to track down offenders. The UK’S digital infrastructure could be targeted by criminals or hostile state actors and we wouldn’t know.”
While BT is leading the race to roll out full-fibre broadband services, smaller providers, known as “alt-nets”, are building rival networks. The former monopoly allows dozens of firms to access its ducts and poles to help with their construction work. But the rush to roll out broadband connections has sparked concerns security measures are being overlooked. BT is meeting industry representatives tomorrow to try to increase compliance with whereabouts rules.
The industry source said: “While the acceleration of fibre rollout is welcome, it shouldn’t come at the cost of lazy contractors undermining the security of our critical infrastructure.”
In a sign of increasing concerns, Openreach has now said it will instigate a contractual breach where providers are working in the network with no whereabouts information provided from Feb 1. Ofcom said it was a commercial decision for Openreach to choose how it enforces contracts. However, an Ofcom spokesman said Openreach must treat all of its customers equally.
Katie Milligan, chief commercial officer at Openreach, said: “We’re continuing to work closely with the industry and Ofcom to make sure that any work happening on our network is not only recorded properly, but completed safely and securely.”