X
NEXT
Forgot password?

DigitalXRAID

High-Profile Cyber Attacks in December: Lessons for Critical National Infrastructure 

album-art

00:00

December 2023 witnessed two alarming cyberattacks that have sent shockwaves through Critical National Infrastructure organisations. The Sellafield nuclear site in the UK and an Irish Utility company both fell victim to sophisticated cyber threats, raising serious concerns about the current security protection of critical national infrastructure.  

The National Cyber Security Centre’s (NCSC) Annual Review 2023 highlights several key points relevant to cybersecurity in Critical National Infrastructure (CNI). It emphasises the emergence of state-aligned actors as a new cyber threat to CNI, alongside ongoing threats from established state actors. 

These incidents, alongside the focus on threats to the sectors within CNI, serve as a stark reminder of the ever-present cyber risks in this crucial sector. 

Details of the Attacks 

Sellafield Nuclear Site: This UK site, crucial to national security, experienced a serious breach by cyber groups linked to Russia and China. The Guardian investigation revealed that since as early as 2015, sleeper malware, capable of espionage and disruption, had infiltrated Sellafield’s IT systems. This breach potentially compromised sensitive operations, including radioactive waste management and safety monitoring. 

Irish Water Utility: An Irish water utility faced a disruptive cyberattack by hackers, causing a two-day water supply outage for about 180 people. The attack, reported to target a Eurotronics water pumping system, involved defacing a user interface and posting politically motivated messages. The likely culprits, hacktivists, exploited vulnerabilities in internet-exposed industrial control systems. 

Vulnerabilities and Tactics 

Sellafield’s Breach: The extensive penetration of Sellafield’s networks was achieved through sophisticated sleeper malware. This type of malware can remain undetected for long periods, enabling continuous espionage or preparation for future disruptive actions. The attackers likely capitalised on critical security vulnerabilities, as indicated in a previously published report that warned of urgent security gaps. 

Irish Utility Company’s Incident: The attack on the Irish utility appeared to target programmable logic controllers (PLCs) or human-machine interfaces (HMIs) with inadequate protection. The hackers, possibly part of the Cyber Av3ngers group or a similar entity, exploited weak firewalls and default passwords to gain control over the water utility’s systems. 

Industry Implications 

These incidents align with the NCSC’s findings of increased cyber threats to CNI and underscore the growing trend of cyberattacks targeting critical infrastructure sectors. Energy and utility companies, vital to national security and public welfare, are becoming prime targets for cybercriminals and state actors. These attacks demonstrate the potential for significant disruption and the necessity for heightened security measures. 

Preventative Measures 

The NCSC’s Annual Review 2023 report details efforts to enhance the UK’s cyber resilience, particularly against sophisticated adversaries, and underlines the importance of cyber hygiene in preventing incidents.  

It also discusses the broad spectrum of cyber threats, including ransomware, cyber espionage, cyber-enabled fraud, and their implications for UK security. 

To combat such threats, industries that operate within critical national infrastructure, such as energy and utility companies, must adopt a multifaceted cybersecurity strategy. 

This includes: 

  • Enhanced Monitoring and Detection: Implementing advanced monitoring systems, such as a Security Operations Centre (SOC), to detect and respond to threats in real time. 
  • Regular Penetration Testing: Conducting frequent and rigorous penetration testing to identify and rectify network vulnerabilities. 
  • Employee Training and Awareness: Ensuring staff are trained to recognise and report potential cybersecurity threats, particularly phishing attempts. 
  • Robust Incident Response Plans: Establishing and regularly updating incident response plans to ensure swift action in the event of a cyberattack. 
  • Supply Chain Security: Strengthening the security protocols with third-party vendors to mitigate supply chain risks. 

The cyberattacks on the Sellafield nuclear site and the Irish Utility company are a clear indication that CNI sectors must bolster cybersecurity defences.  

These incidents not only pose a threat to the security and efficiency of critical services but also to national security. By implementing advanced security measures, such as SOC services, and fostering a culture of cybersecurity awareness, the sector can better protect itself against the evolving landscape of cyber threats. 

The lessons from these attacks are clear: proactive and comprehensive cybersecurity measures are no longer optional but essential. As we move forward, the focus must be on building resilience and ensuring the continuous and safe operation of our critical national infrastructure, in line with the evolving threat landscape and NCSC guidelines. 

Previous Article

Fintech Cybersecurity: Looking Ahead to 2024

Next Article

Cybersecurity in Energy & Utilities: 2023

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]