There’s no reason to believe the UK critical infrastructure couldn’t be taken down by a cyber attack because modern networks haven’t been designed with security in mind, an expert has warned.
Dr Kevin Curran, senior member of Institute of Electrical and Electronics Engineers (IEEE) and security lecturer at Ulster University, issued the warning following reports that hackers used malware to take down electricity supplies to over half the homes in the Ivano-Frankivsk region of Ukraine, an area with a population of 1.4 million.
There have also been warnings that the Trident nuclear weapons systems could also be vulnerable to by a cyber attack.
According to Curran, carelessness by employees and tardiness in upgrading systems are the biggest causes of concern.
“There is no reason to believe the UK could not suffer a similar attack. There are many employees who regularly access control systems remotely thus leaving the door open for breaches,” he told Computing. “These mission-critical systems are also often the last to be patched.”
The nature of cyber espionage, Curran warned, means that it’s inevitable that critical infrastructure and systems will continue be targeted by state operators throughout 2016.
“The prevalence of cyber espionage is starting to suddenly become known to the public and we can expect to see rogue nations come looking for our data or to wreak havoc in our systems,” he said.
“Countries have always fought against other governments for their cause, and they use every means possible to get what they want,” Curran added. A key problem, he suggested, is that modern networks “were not designed with security in mind”.
“What we have in place at present is a series of sticking plasters designed to allow e-commerce and online communications to take place in a functional manner for the most part,” he said.
Ultimately, Curran warned, hackers could prove a threat to global security. But due to the nature of the internet itself, it’s almost impossible to prevent attacks from occurring.
“Hackers are using increasingly clever methods and tools to attack national infrastructure systems. Issues of national and worldwide safety are at risk here,” he said.
“The reason this risk exists is that the internet offers little or no regulation, potentially huge audiences, anonymity of communication and a fast flow of information,” Curran concluded.
The comments come after renowned security technologist Bruce Schneier warned that governments, corporations and other actors are in the “early years of a cyber arms race”, with every individual “in the blast radius” as nation states and other bodies carry out cyber espionage on each other.