UK faces “enduring and significant” cyber threats to critical infrastructure, says NCSC

The UK’s National Cyber Security Centre (NCSC) has warned of the “enduring and significant” cyber threats faced by the nation’s critical infrastructure. In its seventh Annual Review, the NCSC highlighted the need for the UK to accelerate work to keep pace with the evolving threat landscape amid a rise of state-aligned groups, an increase in aggressive cyber activity and ongoing geopolitical challenges.

Over the past 12 months, the NCSC has observed the emergence of a new class of cyber adversary in the form of state-aligned actors, often sympathetic to Russia’s further invasion of Ukraine, targeting the UK’s critical infrastructure. These include providers of safe drinking water, electricity, communications, transport and internet connectivity.

Protecting critical infrastructure is essential. Energy grids, financial systems, healthcare facilities among other critical infrastructures are the backbone of modern society. Any disruption to operations, whether accidental via misconfigurations or as a result of a targeted cyber attack, can send ripples across nations.

CNI threat landscape is changing, ransomware remains prominent

The UK’s critical national infrastructure (CNI) threat landscape is changing significantly, the NCSC indicated. CNI was historically focused on physical assets such as buildings, housing, energy and infrastructure. “However, the pace of change sped up as the UK became more dependent on digital infrastructure. Our understanding of CNI has also evolved, moving towards a more holistic view of critical systems rather than purely physical assets.”

The NCSC assesses that ransomware remains one of the greatest cyber threats to UK CNI sectors, evidenced by international incidents including attacks against Colonial Pipeline and the Irish Health Executive, and within the UK against South Staffordshire Water, Royal Mail International and NHS 111. “Some of these attacks have also highlighted the possibility of disrupting CNI through attacks on key suppliers, who may have weaker security and thus present an attractive opportunity for adversaries,” the NCSC wrote.

While criminality online is the most significant threat in terms of volume, the most advanced threats to CNI come from nation states, including Russia, China and Iran, it added. In May, the NCSC issued a joint advisory revealing details of “Snake”, a sophisticated espionage malware used by Russian cyber actors against their targets including CNI operators.

UK NCSC will continue to assess and improve security of critical infrastructure

To counter the threats posed to the UK’s CNI, it is essential to understand the risks before its adversaries do to reduce the window where an attack could be successful, the NCSC said. “Often critical services will rely on complex supply chains to function and so mapping supplier dependencies and relationships plays a crucial part in gaining confidence in your security.”

The NCSC has worked to address these challenges by supporting the creation of a revised criticalities process to identify and assess critical systems across the UK. It has also helped create the Knowledge Base, a world-leading tool which permits the government to understand the relationships between and impact of any disruption to critical systems.  To better understand the resilience of these systems, the NCSC created the Cyber Assessment Framework (CAF) to assess cyber resilience and worked with regulatory authorities to set thresholds for security and resilience based on preventing, detecting, and recovering from historic and plausible future attacks.

Analyzing the cyber resilience of UK CNI

In addition to its work understanding the UK’s CNI, the NCSC will continue to improve its aperture on CNI risk. “For example, it will be key to understand flaws in the design of the UK’s CNI (such as inadequate network segregation) which adversaries may seek to exploit, as well as maintaining awareness of unmanaged vulnerabilities and the attack surface visible to adversaries online,” the NCSC wrote. It may also be necessary to expand threat hunting for nation states who could seek to pre‑position on UK CNI, it added.

The NCSC will also work to better understand where organizations commonly struggle to address security challenges and how adversaries are attempting to exploit those weaknesses to address such gaps. “The NCSC, in collaboration with industry, wider government and regulatory bodies, is thus analyzing data on the cyber resilience of UK CNI, to better understand how we can help ensure the resilience of our CNI.”