DYNAMIQ IN THE NEWS: CYBER ATTACKS ON CRITICAL INFRASTRUCTURE

As technology evolves, so too does the cyber-attack threat. Due to the widespread use of computer systems, cyber-attacks can result in damage, disruption and economic losses for individuals, government and private organisations, and financial institutions. Cyber-attacks can occur from anywhere in the world, and because of this it is difficult to prosecute those responsible.

Attackers increasingly have political motivations as opposed to financial motivations, seeking only to cause damage, destroy critical infrastructure and create fear.

According to the Department of Homeland Security in the US, more than 50% of cyber incidents in 2012 and 2013 happened within the energy sector, with power and utilities companies at the highest risk.

The diagram below demonstrates the interconnectivity between major critical infrastructure. If the energy sector is affected by a cyber-attack, this can have a knock on affect that impacts transport, telecommunications and even water supply.

 

 Figure 1: Sourced from Victoria State Government Critical Infrastructure Resilience Strategy

 

So how do critical infrastructure organisations prepare for a cyber-attack?

Security advisers need to provide appropriate employee training, system penetration testing, and periodic reviews to their critical infrastructure clients. It’s vital that advisers work with clients to develop an effective plan of action if attacks do occur, which is customised to their needs.

Back-up power (such as Uninterrupted Power Supplies and electrical generators) need to be tested on a bi-annual basis. In the case of generators, sufficient fuel storage should be made available and checked regularly.

A power grid interruption has the potential to cost infrastructure facilities millions of dollars in lost revenue, not to mention reputational damage. A customised crisis response plan, as well as a system for notifying stakeholders will limit this damage.

Dynamiq has run cyber crisis management exercises for energy and other critical infrastructure clients. For more information contact Philip Kent-Hughes: Philip.KentHughes@dynamiqglobal.com.

Back to all news