Short­age of 50,000 cy­ber spe­cial­ists ‘puts UK at risk of in­fra­struc­ture at­tacks’

Nato ad­viser warns Britain faces state-spon­sored in­tru­sion for next decade and must bol­ster de­fences

The Sunday Telegraph - - Technology Intelligence - By Robin Pag­na­menta HEAD OF TECH­NOL­OGY

BRITAIN will be wide-open to state­spon­sored cy­ber-at­tacks on its crit­i­cal in­fra­struc­ture in­clud­ing its en­ergy sup­ply for the next decade be­cause of a short­age of 50,000 cy­ber-se­cu­rity spe­cial­ists, a top Nato ad­viser has warned.

Prof Paul Theron, a mem­ber of Nato’s cy­ber-se­cu­rity re­search group and an ad­viser to the Euro­pean Com­mis­sion, said Britain ur­gently needs to bol­ster its de­fences against what he called a now “con­stant” bar­rage of so­phis­ti­cated at­tacks from state-spon­sored and crim­i­nal or­gan­i­sa­tions against power sta­tions, elec­tric­ity net­works and other es­sen­tial sys­tems.

The re­marks come as The Sun­day Tele­graph to­day re­veals fresh de­tails of a suc­cess­ful Rus­sian at­tack on the UK na­tional grid on June 8 2017 – the day of the gen­eral elec­tion.

“All coun­tries are strug­gling to re­cruit cy­ber spe­cial­ists and … that hurts our econ­omy,” he said, adding that the tempo of at­tacks had sharply in­creased.

“It’s every day. You see these at­tacks hap­pen all the time. There is prob­a­bly not one sin­gle day that there are not these kind of at­tacks.”

Prof Theron, ex-head of cy­ber-re­sil- ience at Thales, one of France’s big­gest de­fence com­pa­nies, now lec­tures at Cran­field Uni­ver­sity.

He said Britain re­mains highly vul­ner­a­ble be­cause much of its in­dus­trial in­fra­struc­ture was de­signed and built in the Seven­ties and Eight­ies in an era be­fore cy­ber-se­cu­rity was a con­cern.

“To change the level of cy­ber-se­cu­rity of in­dus­trial in­stal­la­tions like elec­tric­ity dis­tri­bu­tion takes time,” he said.

“It’s [a] long-term [prob­lem]. It’s go­ing to take an­other 10 years be­fore things re­ally im­prove.”

The Rus­sian cy­ber-at­tack on elec­tion day was part of a pat­tern of as­saults which prompted Ofgem, the in­dus­try watch­dog, to a month ago an­nounce a new fund­ing pack­age worth £96mil­lion to beef up phys­i­cal and cy­ber-re­silience at Na­tional Grid and other en­ergy com­pa­nies. Na­tional Grid said: “Since 2013, sig­nif­i­cant changes have oc­curred in the se­cu­rity en­vi­ron­ment … Cy­ber-at­tacks have made a step-change from caus­ing dis­rup­tion, to be­ing de­signed to cause ma­jor wide­spread sab­o­tage and de­struc­tion.”

Prof Theron said small in­dus­trial de­vices found in power sta­tions, elec­tric­ity and gas dis­tri­bu­tion net­works left them highly ex­posed to cy­ber-war­fare, es­pe­cially as legacy sys­tems are con­nected to soft­ware ac­ces­si­ble on­line.

He said many UK con­ven­tional power sta­tions and in­stal­la­tions in the North Sea oil in­dus­try, which still sup­plies 43 per cent of UK sup­plies, were ex­am­ples of age­ing in­dus­trial in­fra­struc­ture which could eas­ily be ex­ploited.

This could ei­ther be by so­phis­ti­cated hack­ers op­er­at­ing re­motely from over­seas or via in­sid­ers at com­pa­nies, or their sub-con­trac­tors us­ing USB de­vices to in­sert mal­ware di­rectly into sys­tems.

“These firms can­not find the spe­cial­ists and this is com­pro­mis­ing their se­cu­rity. The reg­u­lar IT guys are not spe­cial­ists in cy­ber … So busi­nesses here in the UK are in dan­ger of be­ing at­tacked.”

Prof Theron said Britain was not alone in fac­ing a skills short­age. He said his es­ti­mate of 50,000 spe­cial­ists was based on an ex­trap­o­la­tion of fig­ures pro­duced last year which es­ti­mated 350,000 were needed across the EU and two mil­lion world­wide. A short­age of skills glob­ally com­bined with a surge in the vol­ume and so­phis­ti­ca­tion of cy­ber at­tacks was driv­ing up salaries and prompt­ing a brain drain.

A top Nato ad­viser has warned that Britain is fac­ing a ‘con­stant bar­rage’ of cy­ber at­tacks

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.