Shortage of 50,000 cyber specialists ‘puts UK at risk of infrastructure attacks’
Nato adviser warns Britain faces state-sponsored intrusion for next decade and must bolster defences
BRITAIN will be wide-open to statesponsored cyber-attacks on its critical infrastructure including its energy supply for the next decade because of a shortage of 50,000 cyber-security specialists, a top Nato adviser has warned.
Prof Paul Theron, a member of Nato’s cyber-security research group and an adviser to the European Commission, said Britain urgently needs to bolster its defences against what he called a now “constant” barrage of sophisticated attacks from state-sponsored and criminal organisations against power stations, electricity networks and other essential systems.
The remarks come as The Sunday Telegraph today reveals fresh details of a successful Russian attack on the UK national grid on June 8 2017 – the day of the general election.
“All countries are struggling to recruit cyber specialists and … that hurts our economy,” he said, adding that the tempo of attacks had sharply increased.
“It’s every day. You see these attacks happen all the time. There is probably not one single day that there are not these kind of attacks.”
Prof Theron, ex-head of cyber-resil- ience at Thales, one of France’s biggest defence companies, now lectures at Cranfield University.
He said Britain remains highly vulnerable because much of its industrial infrastructure was designed and built in the Seventies and Eighties in an era before cyber-security was a concern.
“To change the level of cyber-security of industrial installations like electricity distribution takes time,” he said.
“It’s [a] long-term [problem]. It’s going to take another 10 years before things really improve.”
The Russian cyber-attack on election day was part of a pattern of assaults which prompted Ofgem, the industry watchdog, to a month ago announce a new funding package worth £96million to beef up physical and cyber-resilience at National Grid and other energy companies. National Grid said: “Since 2013, significant changes have occurred in the security environment … Cyber-attacks have made a step-change from causing disruption, to being designed to cause major widespread sabotage and destruction.”
Prof Theron said small industrial devices found in power stations, electricity and gas distribution networks left them highly exposed to cyber-warfare, especially as legacy systems are connected to software accessible online.
He said many UK conventional power stations and installations in the North Sea oil industry, which still supplies 43 per cent of UK supplies, were examples of ageing industrial infrastructure which could easily be exploited.
This could either be by sophisticated hackers operating remotely from overseas or via insiders at companies, or their sub-contractors using USB devices to insert malware directly into systems.
“These firms cannot find the specialists and this is compromising their security. The regular IT guys are not specialists in cyber … So businesses here in the UK are in danger of being attacked.”
Prof Theron said Britain was not alone in facing a skills shortage. He said his estimate of 50,000 specialists was based on an extrapolation of figures produced last year which estimated 350,000 were needed across the EU and two million worldwide. A shortage of skills globally combined with a surge in the volume and sophistication of cyber attacks was driving up salaries and prompting a brain drain.