Press release

UK critical national infrastructure at risk of cyber attack

06 February 2014

Data available from mainstream online media, such as blogs, social networking websites, and specialist online publications, could be used to mount a cyber-attack on UK critical national infrastructure, according to an investigative report to be published today.

Key information regarding vulnerabilities in company systems is now openly available from a range of sources on the internet, according to ‘Using Open Source Intelligence to Improve ICS & SCADA Security’, a report carried out by design and engineering consultancy Atkins.

The research, published today at the Institution of Engineering and Technology (IET’s) ‘Cyber Security for Industrial Control Systems’ seminar, discovered that many industrial sector websites and academic papers also provide some information which identifies staff and their social media information used to corroborate control systems data.

The identification of known vulnerabilities and exploits against specific types of control systems can also be accessed online, along with the identification of third-parties such as contractors, who have detailed knowledge and physical network access.

Dr Richard Piggin, Head of Control Systems Security Consulting at Atkins, said: “To illustrate the increased threat to industrial control systems, the assessment used freely-available tools to demonstrate the identification of networked control systems, their vulnerabilities – and the exploits that may be used to attack them.

“The research demonstrates the low level of technical knowledge that is required to successfully mount an attack against Industrial Control Systems.”

The findings highlight the necessity to manage third-parties, especially their access and activities while on-site, Dr Piggin said: “In the control system context, suitable access control, including role-based access to software and systems with activity logging is recommended”.

Hugh Boyes from the IET said: “The UK has been proclaimed as the ‘most internet-based major economy’. Whilst this provides a basis for industry to expand and grow, it is essential that any connections between the Internet and Industrial Control Systems are adequately protected.  

“However, there continues to be real and growing threats to our interests in cyberspace. The availability of these open source tools makes it easier to locate and attack or interfere with poorly protected control systems. This is working with industry to raise awareness of the issue and to promote the development of suitably skilled cyber security professionals.”

Media enquiries to:

Hannah Kellett
External Communications Manager

Tel: +44 (0)1438 767336
Mob: +44 (0)7738 602426
Email: HKellett@theiet.org

Notes to editors:

  • Interview opportunities are available with IET spokespeople from a broad range of engineering and technology disciplines including cyber-security, energy, engineering skills, innovation, manufacturing, technology, transport and women in engineering.
  • The IET is one of the world’s largest organisations for engineers and technicians.  We have nearly 160,000 members in 127 countries around the world.
  • The IET is working to engineer a better world. We inspire, inform and influence the global engineering community, supporting technology innovation to meet the needs of society.
  • The IET is the Professional Home for Life® for engineers and technicians, and a trusted source of Essential Engineering Intelligence® and thought leadership.