SC Congress 2018: Should critical infrastructure be put on a war footing?

News by Rene Millman

Cyber-attacks on critical infrastructure are now the biggest threat to humanity and more action and collaboration is needed to defeat nation state actors and terrorists threatening essential systems.

Cyber-attacks on critical infrastructure are now the biggest threat to humanity but governments need to move beyond talking and start dealing with the issue more robustly, delegates at the SC Congress in London heard.

In a panel discussion titled “putting infrastructure on a war footing”, panelist discussed how malware is now being developed to target safety systems, rather than traditional targets.

Panel moderator Khalid Fattai, MLi Group chairman said that “we don't have much time to stop thinking and debating, we need to come up with some solutions otherwise it is a threat to humanity."

Dr. Kevin Jones

Dr. Kevin Jones, head of Cyber Security Architecture, Innovation and Scouting at Airbus, said that one game changing development for the IT security industry was the Triton malware.

“With Triton what we have actually seen for the first time a few months ago is people writing malware specifically targeting safety systems that underpin control environments.”

“That is specific to where the safety systems are connected to a secondary network infrastructure. That means your reliance there for safety is on physical breakers. This now means we have to think more holistically about cyber-physical security to protect against those threats.”

He said that we are seeing the EU NIS directive coming in and bringing in the concept of monitoring infrastructure and reporting to a national CERT, with possible fines for loss of service.

“That gives us the first step along the road of being able to determine how much these systems are being targeted.”

Ian Glover, president of Crest, said that the stakeholders in this situation are putting defences in place in order to understand where the threat is coming from and then trying to do something about it. He added that some of the work being done in terms of looking at the Geneva convention for cyber-related security activities is a good initiative.

He said that Microsoft is driving this forward but it may take ten years to come to fruition. “At least someone is looking at this from a 'nation state' perspective,” he said. He added that what it is dong is saying countries should refrain from this type of attack. “It is very similar to what we do with chemical warfare and other things.”

Glover continued, saying that it was important to try to share information and work together to build shared standards.

“We should also look to a non-governmental organisation to run this,” he said.

On a medium term, there is a need to reduce the threat. There is a radicalisation of young people into cyber-crime, Glover said. “What we really need to do is try to identify, work with our police forces, to stop young people being radicalised and make sure we can actually provide them with intervention activities that will stop them being groomed into these areas. The people being sucked into cyber-crime are generally quite vulnerable – we have a social responsibility to protect them but longer term we need to ensure we are reducing the threat.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews