The UK is under the threat of cyber attack like never before. Chief Information Security Officer Steve Collins explains why National Grid is supporting the launch of the UK Government’s Computer Emergency Response Team (CERT-UK) and highlights National Grid’s ongoing involvement in the Government’s National Cyber Security Programme.
Protecting the grid
"National Grid has been a huge supporter of the National Cyber Security Strategy and the National Cyber Security Programme from day one."
Steve Collins, Chief Information Security Officer.
93% of large corporations have suffered a cyber breach over the past financial year.
Source: The Cabinet Office
The newly-formed, 55-strong UK Government Computer Emergency Response Team (CERT-UK) will co-ordinate the country’s cyber-security defence, deal with national cyber-security incidents and provide advice and alerts on threats being detected to government, industry and academia.
Crucially, it is tasked with protecting companies that are part of the Critical National Infrastructure, including power generation and distribution firms.
As the transmission backbone for both gas and electricity in the UK, National Grid is most definitely ‘Critical’, we are ‘National’ and we are ‘Infrastructure’.
This is why National Grid has been a huge supporter of the National Cyber Security Strategy and the National Cyber Security Programme from day one.
We’ve been the lead for the energy sector and supported on the strategic and implementation boards of the Cyber Security Information Sharing Partnership (CISP), which was launched a year ago.
Close collaboration like this will allow Government and industry to share best practice, and understand the effects of potential cyber attacks on our energy sector.
Computer Emergency Response has changed significantly over the past decade, but then so has the threat from cyber attack.
Back in 2004, phishing was sporadic, financial malware was in its infancy and Distributed Denial of Service attacks (DDoS), used to bring down websites, were rare.
Fast forward ten years, and the threat has changed considerably and increased substantially.
Data loss is now a daily occurrence for companies and can involve tens of millions of customer financial records being compromised in a single attack.
Hackers and cyber criminals now work together on a global scale, collaborating using the internet and even setting up websites to offer and deliver a host of illegal services, ranging from selling a malware service to online money laundering.
Previously a rare occurrence that made headlines, it’s now estimated that hackers use DDoS attacks an average of 28 times an hour to threaten and extort. The Cabinet Office says 93% of large corporations have suffered a cyber breach over the past financial year.
Attacks have become increasingly complicated and sophisticated, too. They’re well funded and are using multiple approaches, for example combining a cyber attack with a physical one, or targeting weak links in supply chains to get at larger organisations.
Even more worrying is the move away from intellectual property theft or espionage towards using cyber methods to physically destroy and sabotage computer equipment.
In a nutshell, the cyber threat to UK Plc is real, active, considerable and growing.
Dealing with the threat
Dealing with the changing nature of cyber threat needs a concerted, co-ordinated and collaborative response with global reach. An important factor in dealing effectively with attacks is to be aware of nationally significant incidents as they happen, as well as threats that are being detected.
CERT-UK, together with CISP, is a milestone in the development of the UK’s cyber security capabilities and the lynchpin that will help Britain become more resilient and prosper in the cyber age.
It will work with British industry and leading international partners to co-ordinate activity, build trust and promote the information sharing and awareness of situations that we’ll need if we are to stay ahead of cyber criminals.
Steve was speaking at the recent launch of CERT-UK in Chatham House, London.
For more information on CERT-UK, click here to read more.