UK government institute to crack down on infrastructure attacks

News by Doug Drinkwater

A new government-backed research centre is aiming to tackle the threat on the country's industrial control systems.

Also in:

The Research Institute into Trustworthy Industrial Control Systems (RITICS), based at Imperial College in London, will look at the threats facing critical systems that control things like manufacturing, power generation and the national rail network.

The centre, which is funded by the Engineering and Physical Sciences Research council (EPSRC) and Cabinet Office (via the Centre for the Protection of National Infrastructure - CPNI), will also analyse and devise ways of countering cyber attacks that can shut down these systems.

The Institute's director is Professor Chris Hankin, the director for the Institute for Security Science and Technology at Imperial College, said that its primary focus will be mitigating risk in future.

“Our industrial control systems are vital for running most of the industrial processes that underpin modern society,” said Hankin in a statement. “From electricity generation to making sure trains run on time, these systems are vital to our everyday lives, but more work needs to be done to determine how vulnerable they are to threats from cyber-attack.”

Speaking to SCMagazineUK.com, Hankin said that the RITICS centre will look to understand the harm of incoming threats, how they can articulate those threats as business risks, and conjure “novel, effective and efficient” interventions.

The Institute director did warn, however, that it will take time to understand the specific threats.

“The projects that constitute RITICS won't start until October,” he told SCMagazineUK.com.

“I am spending time building a network of industries to develop a better assessment of the real threats.  The threats come from the fact that ICS have increasingly become integrated with enterprise IT.”

Industrial control systems are often found in large, remote areas making them vulnerable to attack. These have historically been operated in isolation, but with an increasing number connecting to business IT networks – allowing for regular maintenance – they are increasingly susceptible to attack.

“Attacks on industrial control systems are becoming more common,” Tripwire CTO Dwayne Melancon told SCMagazineUK.com.

“Many of these controllers affect things like power grids, pipelines, and even the food supply chain, so successful attacks can be quite disruptive and disconcerting which increases the attractiveness to many attackers.  Effectively, many of these attacks are similar to the distributed-denial-of-service (DDoS) attacks aimed at financial institutions but they can impact critical infrastructure.” Melancon added that attacks were also more likely to surface as a result of trends like the “Internet of Things” and SmartGrid.

The centre is part of the UK Government's Cyber Security initiative, which was put in place in November 2011. The scheme has been backed by £650 million of government funding and its objectives include making the UK secure for doing business in the cyberspace, making the country ‘more resilient' against cyber attacks and more knowledgeable on cyber security in general.

Forrester Research analyst Andrew Rose told SCMagazineUK.com that the new institute is “essential” to protecting the national infrastructure, as many services remain reliant on dated technology.

"This new research institute is essential to the protection of national infrastructure and should enable the good work initiated by the CPNI to drill down to a deeper level,” he said.

“So many essential services have their foundation on technology which is, to be honest, dated and difficult to protect. Power generation or water pumping plants simply can't be as closely evaluated, or as regularly patched, as a Windows system, yet they are often based on underlying routines that predate Windows and were written in a more naive era of coding.”

Rose did say however that the budget of £2.5 million “isn't going to make much impact” but urged collaboration with vendors and government entities in the US and Europe.

“At the end of the day, the UK depends on systems that were not built for the modern threat landscape. It is essential that we find new ways to protect this infrastructure as any failure could have dramatic consequences."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events