UK takes cyber threats to infrastructure seriously

The UK is taking seriously potential cyber threats to critical national infrastructure, according to GCHQ head Iain Lobban

The UK is taking seriously potential cyber threats to critical national infrastructure, such as the electrical power grid, according to Iain Lobban, director of UK intelligence agency GCHQ .

The issue was highlighted by a suspected cyber attack that officials were concerned would plunge the opening ceremony of the 2012 London Olympics into darkness.

The suspected attack turned out to be a false alarm, but GCHQ has seen technical reconnaissance of parts of the UK’s national infrastructure, Lobban told the BBC.

"Not to such an extent that we would raise a red flag, but certainly we've seen an interest – an intentional interest – in parts of that infrastructure,” he said.

As a growing number of utility services are connected to the internet, the potential for cyber attackers to gain control of those services is increasing.

The GCHQ head confirmed that the UK is working with its allies to investigate how compromises and penetrations might occur and how to guard against them.

The government has already launched two initiatives related to improving the security of critical infrastructure, and is set to launch the first national computer emergency response team later this year.

Read more about protecting critical infrastructure

  • Is UK critical national infrastructure properly protected?
  • Government to monitor companies supporting critical national infrastructure
  • Critical infrastructure security: Electric industry shows the path
  • GRC Management and Critical Infrastructure Protection
  • NetWars CyberCity missions to improve critical infrastructure protection
  • Steve Lipner on the Microsoft SDL, critical infrastructure protection

Earlier this month, the government launched the Defence Cyber Protection Partnership between the Ministry of Defence (MoD), defence firms and telecoms providers to increase supply chain security.

In March, the government launched the cyber security information sharing partnership to help businesses and the government share information on cyber threats in real-time.

Industry insiders say there has also been a great deal of activity behind the scenes of government engaging with private sector organisations, especially telecommunications companies.

One of the biggest challenges to protecting critical national infrastructure is that about 80% of the organisations responsible for it in the UK are owned and run by the private sector.

A similar situation exits in the US, where President Barack Obama has sought to tackle problem with a long-awaited executive order that, among other things, requires the creation of a cyber security framework aimed at reducing risks to companies providing critical infrastructure.

The order requires federal agencies overseeing critical infrastructure to identify the operators most at risk and to explore whether the government can require those companies to adopt the framework.

Read more on Hackers and cybercrime prevention