Is our critical national infrastructure safe from attack?
Ahead of International Security Expo, taking place on 3-4 December at Olympia London, Philip Ingram provides an assessment on the current state of security in the UK
In recent weeks we have seen the baggage handling system at Heathrow break down, the BA check-in IT system fail, signals out of Euston station fail and then two power generating stations fail within two minutes of each other at rush hour on a Friday causing chaos in hospitals, with traffic lights in London, on the rail networks and it affected airports.
UK Power Networks tweeted about the power cuts: ‘We are aware of a power cut affecting large parts of London and South East. We believe this is due to a failure on National Grid’s network, which is affecting our customers’.
Looking at some of the commentary in the UK about the power outage, the power regulator Ofgem has asked for an ‘urgent details report’ to find out what went wrong. Julian Leslie, head of National Control at National Grid ESO did a quick Twitter Vlog on the day of the outage to try and explain what happened. However, all he said was how when two generators (power company speak for whole power stations!) went off line simultaneously the ‘system protected itself by losing some demand’, the grid did what it should do and shut parts of itself down.
He made no comment on what caused two completely different, geographically separated powers stations to fail at exactly the same time. All of the official commentary avoids that question. In addition, the two ‘generators’ were brought back online relatively quickly suggesting this wasn’t a mechanical failure but electronic or control. At best it highlights real weaknesses in our power network, at worst it could have been an attack from a hostile state or organisation. Why do I make that assumption?
In June the BBC reported: “Russia has said it is ‘possible’ that its electrical grid is under cyber attack by the US. Kremlin spokesman Dmitry Peskov said reports that US cyber-soldiers had put computer viruses on its electrical grid was a ‘hypothetical possibility’. His comments came in response to a New York Times (NYT) story which claimed US military hackers were targeting Russian power plants.”
That same month Wired reported: “Over the past several months, security analysts at the Electric Information Sharing and Analysis Centre (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks.”
Those sophisticated hackers were linked to the Russian Government.
However, the power outage incident was assessed by the National Cyber Security Centre (NCSC), the public arm of GCHQ, as not cyber related, and their comment was very shortly after the incident and before formal investigations could have concluded. The question remains how vulnerable is our CNI if it is creaking to this degree through other reasons? Of some of the other incidents the NCSC said that ‘the Heathrow Baggage, BA check in and Euston signalling issues were not as we are aware caused by cyber incidents’. They added that they ‘have not attributed blame for the Gatwick incident yet’.
Of course, last year the Russians were infamously implicated in the use of Novichok nerve agent in Salisbury last year in an attack on the former Russian Intelligence Officer, Sergei Skripal, and his daughter Yulia, which resulted in the death of an unrelated civilian, Dawn Sturgess. A year after that incident a very large Russian flag was mysteriously draped from scaffolding around Salisbury cathedral, no blame has been apportioned yet.
In December 2018 Gatwick Airport was closed for 36 hours through, according to Superintendent Justin Burtenshaw the commander of the police force at Gatwick, ‘multiple simultaneous drone incursions’. This was just after a very sophisticated cyber attack on the airport which, as NCSC admitted, hasn’t been publicly attributed yet.
Daesh have not gone away with the loss of territory in Iraq and Syria and according to several analysts are in a transition phase. What is clear is they maintain significant support across the globe and Al Qaeda continue to aspire to a 9/11 style comeback.
Closer to home, the rise in extreme right-wing terror has seen the responsibility for countering it has been passed to the Security Service (MI5) from the police and wrapped in with the increasingly active Irish Republican terrorism, still confined to the island of Ireland, but growing in its visibility.
The incidents described suggest a pattern and any developing pattern warrants further investigation to see if they are linked or more likely are a series of unrelated one-off incidents.
We have had a weapon of mass destruction used by a hostile state on the streets of the UK, we have had incidents that have had an effect on many different elements of our Critical National Infrastructure, roads, rail, air, airports, hospitals and more. We have had examples of nation states accusing each other of deliberate actions.
I have been suggesting a Russian connection through my analysis, why? Other countries like China, North Korea and Iran, as well as ISIS and Al Qaeda on-line hacking teams have the capability, why not them? The level of sophistication needed if any or all of these were cyber attacks probably precludes ISIS or Al Qaeda. China is building better trade relations with the UK and doesn’t want UK interference in Hong Kong so antagonising the UK would serve no purpose. North Korea is more regionally and US focused and has nothing to gain from attacking UK infrastructure.
Post Salisbury, relations with Russia can only be described as frosty, Iran is in the spotlight with the Gibraltar Government seizing a tanker of Iranian oil and Iran seizing a British flagged tanker in the straits of Hurmuz. However, Britain is seen by Iran as a bridge between the US, who have just rejected the Iran nuclear deal and the rest of European nations supporting the Iran nuclear deal so further domestic antagonisation would not be in their national interest.
Therefore, my analysis would suggest that if any of these incidents were the result of state action then the most likely perpetrator would be Russia. Russia has the capability and seemingly the intent to carry out action in the UK (the Skripal attack and I personally suspect Gatwick disruption are real examples). Why now?
We are in a period of political turmoil with a new Prime Minister with a majority of only one in Parliament, the looming no deal Brexit anxiety and a very left leaning opposition and a country still smarting over its outing for the Skripal attack. So why not?
It is a Russian tactic to ‘stir the pot’. The 2007 cyber attacks by Russia shutting Estonia down for a protracted period are a perfect example and there have been many more since. So, it is important to ask was it a hostile state or terrorist attack? Even though the probable answer is no. The real positive that came out of this is if it were a hostile state action, it was defeated very quickly, and normality restored so our defensive processes clicked in quickly. But that is only a positive if it were a cyber attack. Form a scenario perspective to test our resilience levels against it couldn’t get better.
The responsibility for protecting our Critical National Infrastructure lies with the Centre for the Protection of Critical National Infrastructure (CPNI) but when something goes wrong, as was shown with the Novichok attack in Salisbury, the responsibility for any associated police investigation, whether through terrorist cause or hostile nation seems to fall to the Counter Terror Police (CTP) who are already massively overstretched with 750 active investigations and 3000 people on their immediate radar with another 20,000 on a watch list. Are our defences creaking?
Counter Terror Business is the lead media partner for the Global Counter Terror Summit on 3 December 2019 at Olympia as part of the International Security Expo. Many to the issues raised here will be discussed and put into context by some of the country’s leading Counter Terror personnel both from the Home Office and Counter Terror Police. The FBI will bring an international angle and a several of the speakers will bring the reality home when it all goes wrong. This by application only summit will put what has been discussed into clearer context.