Speaking with the BBC Today programme, and reported by the Daily Telegraph, General Sir Christopher Deverell has warned that the UK’s traffic control systems are under threat from cyber attack, with road systems one of several potential points that could be targeted by countries including Russia. IT security experts commented below.
Andrea Carcano, Chief Product Officer at Nozomi Networks:
“General Sir Christopher Deverell’s observation voices concerns that the security community has raised for a number of years now. The every day reality is that the UK’s infrastructure, and those in every developed country around the world, is being continually poked and probed not just by nation states but equally by criminals, hactivists and even curious hobbyists. A major incident is not just inevitable but potentially imminent.
“We’ve seen the damage that can be done from hacks in the Ukraine where attackers were able to compromise systems and turn the lights out. With each incursion, both successful but also those that are thwarted, the attackers will learn what has worked, what hasn’t, and what can be improved for the next try.
“The challenge for those charged with protecting our critical infrastructure is visibility as you can’t protect what you don’t know exists. 80% of the industrial facilities we [Nozomi] visit do not have up-to-date lists of assets or network diagrams. Ironically, this doesn’t pose a problem to criminals who are using readily available open source tools to query their targets and build a picture of what makes up their network environment and is potentially vulnerable – be it a power plant, factory assembly line, or our transport infrastructure as Sir Deverell suggests. Our [Nozomi] researchers recently embarked on a project to create a security testing and fuzzing tool, using open-source software (OSS), capable of automatically finding vulnerabilities in proprietary protocols used by ICS devices. Using just this tool, and in a limited time period, they identified eight zero-day vulnerabilities that, if exploited could be used to shutdown the controllers (i.e. DoS attack,) to being unable to manage the devices through their software and potentially the corruption of normal processes which could be extremely serious or even fatal.
“As the cybersecurity risk to critical infrastructure and manufacturing organisations increases, it is important for enterprises to actively monitor and secure operational technology (OT) networks. An important aspect of this is having complete visibility to OT networks and assets and their cybersecurity and process risks.”
Sean Newman, Director at Corero Network Security:
“There are many good reasons for connecting operational and information networks, including efficiency and effectiveness. However, this opens up operational controls to potential attacks from across the internet, where previously they were completely isolated and only accessible from the inside. There is nothing particularly new in the recent claims from the Joint Forces Command, as the potential for such attacks has been growing for several years now, as more and more systems become ‘connected’. The question now, is more around who is bold enough, rather than capable of, carrying out such attacks, and risking the likely repercussions. It’s reasonable to assume it’s more a matter of time, than if, so the operators of such systems need to be fully cognisant of the potential risks and deploy all reasonable protection to minimise it. This includes preventing remote access to such systems, as well as real-time defenses against DDoS attacks which could disrupt their operation or prevent legitimate access for operation and control purposes.”