Which Tier Threat is Cybersecurity in Terms of Risk to Critical National Infrastructure- UK
Whenever we talk about securing a nation’s interest, a general picture of the military assets comes to mind. I won’t say that the picture is wrong as they(military) are at forefront already. The world has changed a lot since WW2, and even the cold war and the way an attack is done is changed drastically.
The cold war era was also the era when the internet started taking shape. Things have only progressed from then, and it has come to an extent where all of our names, emails and even bank details are over the internet. Time to freak out? Yes or maybe, and that depends upon how much you trust your banks, your government for the security of your essential data. Amid the news of leaking bank details of millions of users now and then, the trust is again, subjective.
Cybersecurity? What has a country's infrastructure to do with it?
So what is cyber Security? In the words of the National Cyber Security Centre (NCSC):
“Cybersecurity is how individuals and organisations reduce the risk of cyber-attack.”
Here we will talk about what threat we are having in terms of national infrastructure. A city and subsequently a state or a country runs on services, and a lot of them are provided by the government to its people, for example, the National Health Scheme. All of the services, whether they are related to the health sector or banking or any other sector, require the ID of some kind to identify people and their eligibility. In today’s world, we need services faster, and no wonder that the whole infrastructure is put online along with a nation’s complete data. Now if I say that your data name, Id etc. is hacked, you may or may not get panicked depending upon how seriously you take hacking, but I tell you that I have your online banking password somehow, then?
This is only one aspect which affects people and comes under fraud. Terrorism is a real threat these, and the attack on a group of people is an old idea for them. They consistently try to hit the national infrastructure like electricity grid or nuclear plants. Although these institutions have proved tough enough to be cracked by terrorists, and cybersecurity agencies keep working round the clock to thwart these attacks.
If you are unaware of attempts or breaches either accidental or intentional, following is the link for nuclear plant attacks if you want to take a look.
Attempts of Attacks on Nuclear Plants Worldwide
Some are intentional, some are “accidental”, but all lead to one major point, the largest nuclear bombs (the reactors itself) are also the targets. I find you intelligent enough to foresee the result of any successful breach in a nuclear plant.
Common Type of Cyber Attacks
There are many types of cyber-attacks and each day attackers find a new way to exploit any unsecured infrastructure. But the majority of them can be categorized in the following categories:
- SQL injection attack
- Denial-of-service attack
- DNS Tunnelling
- Zero-day exploit
Malware is a term used to depict malignant programming, including spyware, ransomware, viruses, and worms. Malware penetrates an organization through a weakness, commonly when a client clicks a hazardous connection or email connection that at that point introduces dangerous programming. Once inside the network, malware can do the following:
- Disturbs certain segments and delivers the framework inoperable
- Blocks access to key parts of the organization (ransomware)
- Secretively gets data by communicating information from the hard drive (spyware)
- Introduces malware or extra destructive programming
Phishing is the act of sending fake messages that seem to come from a legitimate source, generally through email. The objective is to take crucial information like credit card and login data or to introduce malware on the user/victim machine. Phishing is an inexorably regular cyber threat.
3- SQL Injection Attack
A Structured Query Language (SQL) injection attack happens when an attacker embeds malignant code into a server that utilizes SQL and forces the server to uncover data it regularly would not. An attacker could do a SQL infusion basically by submitting malignant code into a weak website search box.
Man-in-the-middle (MitM) attacks, otherwise called eavesdropping attacks, happen when attackers embed themselves into a two-party exchange. When the attackers intrude on the traffic, they can channel and take the information.
Two normal entry points for MitM attacks:
Attackers can embed themselves between a guest's gadget and the organization on insecure public Wi-Fi. Without knowing, the guest provides all data through the assailant.
An aggressor can introduce programming to handle the entirety of the casualty's data, once malware has penetrated a gadget
5- Denial-of-service attack
In this type of attack, the attacker floods frameworks, servers, or networks with traffic to debilitate assets and data transmission. Therefore, the framework can't satisfy genuine requests. Attackers can likewise utilize numerous compromised gadgets to dispatch this assault. This is known as a distributed Denial of Service Attack (DDoS) assault.
6- DNS Tunnelling
It uses the DNS convention to convey non-DNS traffic over port 53. It sends HTTP and other convention traffic over DNS. There are different, real motivations to use DNS tunnelling. In any case, there are likewise malicious motivations to utilize DNS Tunnelling VPN administrations. They can be utilized to camouflage outbound traffic like DNS, disguising information that is regularly shared through a web association. For malicious use, DNS demands are controlled to exfiltrate information from an undermined framework to the attacker's system. It can likewise be utilized for order and control call-backs from the assailant's framework to a compromised system.
7- Zero-day exploit
It hits after an organization weakness is reported, and before a fix or arrangement is executed. Attackers focus on the uncovered weakness during this window of time. Zero-day exploit identification requires consistent awareness.
Apart from that, there are a lot of threats in which attackers just want to harm you. For example, wiper attacks or Data Destruction attacks are meant to delete data from the victim’s system. If you have heard about Panama Leaks, you should know that it was caused by an SQL Injection in the site itself or any vulnerable plugins used.
Threat Levels and Infrastructure Affected by a Cyberattack
Now that we know what is a cyberattack, and what are the common types of cyber threats, how about seeing what our government does to prevent them. As mentioned above, the NCSC is the agency which is a single point of contact for organisations, when it comes to cyber-threats. The organisation helps identify and secure networks, thus minimizing cybersecurity risks.
A threat level is defined for assessing the measures to be taken. Following is the Tier wise or priority wise list (Taken from UK gov website):
There are 5 levels of threat to national security. The level is set by the Joint Terrorism Analysis Centre and the Security Service (MI5).:
- low - an attack is highly unlikely (Tier 5)
- moderate - an attack is possible but not likely (Tier 4)
- substantial - an attack is likely (Tier 3)
- severe - an attack is highly likely (Tier 2)
- critical - an attack is highly likely shortly (Tier 1)
Cybersecurity was identified as tier 1 threat according to the 2010 national security strategy. In the UK there are 13 CNI (Critical National Infrastructure)
- Civil Nuclear
- Emergency Services
The critical infrastructure is defined by the government as :
Those critical elements of Infrastructure (facilities, systems, sites, property, information, people, networks and processes), the loss or compromise of which would result in a major detrimental impact on the availability, delivery or integrity of essential services, leading to severe economic or social consequences or loss of life.
Disruption of any of the services will prove to be a serious disruption to peoples way of living and thus damaging the economy. All of these services use internet-based infrastructure to make citizen’s life easier. The nature of ease of access makes these services much more vulnerable and easier for attackers as well. Here the government has to take measures to mitigate information security threats without disrupting any of the services.
Steps Taken by the UK Government
In response to increasing cyberattacks globally, the UK government launched NCSP or Nation Cyber Security Program/Plan. A national cybersecurity program is a series of measures taken by the government to counter the threats of information security. It is revised from time to time as per newer security threats emerge. The measures are taken here to counter from national-level threats to very local level threats (For example –local level police websites for reporting cyber fraud). Following are the details of the national cybersecurity program 2016 and 2010 respectively:
Steps taken in NCSP 2016:
- £1.9 billion in spending 2016-2020
- National Cyber Security Centre which will be home to the UK's "cyber force"
- £40m for an MoD Cyber Security Operations Centre
- An "Institute for Coding: Centre for Digital Skills and Computer Science"
- The "Cyber Streetwise"/"Cyber Aware" (cyberaware.gov.uk) campaign for 2015/16 has cost £4 million (ex-VAT) and £3.3 million in 2017/18
- £265m investment in Cyber Vulnerability Investigations (CVI) programme for MoD.
- A six-month "cybersecurity incubator" funded via DCMS (HutZero)
- £10m to establish a 'Cyber Innovation Fund'
- £14m ("up to") investment in a London cybersecurity innovation centre.
- This is the DCMS-funded LORCA (London Office for Rapid Cybersecurity Advancement)
- £50m ("up to") Protecting Government
- International Cyber Security Capacity Building Programme
- £13.5 million cyber innovation centre
- Cyber Security Skills Immediate Impact Fund (CSIIF), Feb 2018
- Up to £800,000 to support UK academic institutions in commercialising cybersecurity innovation
- £22 million "to stand up new Army cyber operations centres across the UK."
Steps taken in NCSP 2010:
- £860 million (2010-2016)
- The programme part-funds MI5's cyber operations
- £90 million set aside for the Defence Cyber Security Programme.
- Funding for the Centre for Cyber Assessment
- Over £70 million in funding from this is being used to provide "cyber training" for police forces and support crime prevention work (including the National Cyber Crime Unit).
- Funding from this programme was used to establish the Cyber Security Information Sharing Partnership in March 2013.
- £2 million per year for global cybersecurity efforts including the Global Cyber Security Capacity Centre in Oxford.
- £4 million has been allocated to a "cybersecurity awareness campaign" beginning in January 2014 with companies contributing a further £2.3 million in financial and in-kind assistance.
- "Be Cyber Streetwise" launched 2014-01-13.
- Funding for a free online course in cybersecurity beginning Summer 2014.
- Funding for the government's Identity Assurance scheme.
- City of London Police "Action Fraud" website and National Fraud Intelligence Bureau.
- A £500,000 fund announced in September 2015 "to help universities and colleges develop innovative teaching and learning to provide cybersecurity skills"
- Funding for CERT-UK and CareCERT
Cyber-attacks are not only data stealing. They are increasingly becoming more and more expensive. In the previous years, ransomware has cost in billions of pounds to global infrastructure including the UK. It has become a big business as well. If money is involved in terms of business, the threat becomes even greater. Apart from that terrorists and other nations always seek a way to get hold of some critical infrastructure unit so that they can destroy it or can negotiate terms. This is why the government keeps investing billions of pounds in these NCSP programs and keeps working on strengthening the cyberinfrastructure of the country.