What are the threats to critical comms?
In the most recent risk register published by the UK government, when grouped together with cyber attacks on infrastructure, a cyber attack on telecommunications systems was given a 5-25 per cent likelihood rating Telecommunications makes up part of the communications critical national infrastructure sector and includes fixed line communications and mobile communications, as well as internet infrastructure.
The risk register considers them a valuable target for cyber criminals, and as such it is important to build security and resilience capabilities. It is the communication providers who are responsible for assessing risks and then taking the appropriate measures to ensure the security and resilience of the networks.
The Telecommunications (Security) Act was introduced in 2021, which sets out requirements for providers. In the scenario imagined by the risk register, a cyber attack against a major telecoms provider would affect millions of customers – including customers on other networks that connect or route through the impacted network. It could also impact services provided by other CNI sectors.
It could also mean that customers are unable to call the emergency services. It is anticipated that disruption could last for up to 72 hours, but could last weeks or even months. It could be difficult to identify the attacker – whether state threat, cybercriminal or hacktivist – and the cause and extent may not be immediately known. Some state actors have already displayed the capabilities needed to attack telecoms networks. It is hard to predict how an attack such as this would unravel, without having specific intel. Since a major cyberattack on the telecommunications system has not yet taken place on a large scale in the UK, the potential variations in terms of attack vector and scale and the services and sectors impacted are hard to estimate. The impact of a physical attack on infrastructure should also be considered.
The risk register highlights the possibility of damage to transatlantic telecommunications cables. Damage to these cables, which carry large volumes of data which facilitate telephone communications and internet access, would cause widespread disruption across the UK and elsewhere. The risk register points out that the system is generally resilient, so the likelihood of a total loss of transatlantic telecommunications is unlikely. The risk register considers as a worst-case scenario that transatlantic subsea fibre optic cables would be damaged over a period of several hours and would therefore be inoperable. This would lead to considerable disruption to the internet and essential services which rely on offshore providers of data services. Repair for damage of this scale would take several months.
A physical attack on infrastructure should not be considered unheard of or impossible. At the end of last year, a man was convicted of planning an attack on vital national infrastructure. Oliver Lewin was convicted of planning a terrorist attack by performing reconnaissance, purchasing equipment and tools and seeking to recruit like-minded individuals to help him, with vital national infrastructure, including communications masts, being the main targets of his planned attacks. He was found guilty of preparing acts of terrorism at Birmingham Crown Court on 19 December 2022. The 38-year-old’s main targets were major communications infrastructure. In a notebook, he had written a target list, which included: “Media, Transport, Infrastructure, Power, Comms, Roads & Rail”. He had drafted a document entitled “Civilian Resistance Operations Manual”, which was recovered from his laptop. The manual encouraged the reader to join the cause and commit attacks: “For now there are several things that we can collectively do to cause significant damage to the country and send a message that we are serious in our mission”.
The investigation found that Lewin had collected a large amount of military-style equipment and tools, whilst also being in possession of three air rifles. In a telegram group, which he joined in July 2021, Lewin wrote: “we are at war people make no mistake...Peaceful marching has not and will not do anything. You have to choose a better strategy. I have one that I think will work but it involves staying out in the wild for a few days at a time.” Lewin used the group to search for others to help him in an attack on national infrastructure. He dug hide-outs in woodlands, which he explained to the group were to escape detection. Before he was arrested, he visited the Bardon Hill transmitter communications mast in Leicestershire at night, taking videos of the location and manhole covers which housed fibre communications equipment. He also visited communications masts at Markfield Hill and Copt Oak and took photos. It was later proved in court that this was reconnaissance to help him plan terror attacks.