Infosecurity Europe poll highlights growing unease about risks to UK infrastructure as physical and online security issues converge
An attack on the UK’s critical infrastructure is likely in the near future, believe more than half of those polled ahead of the Infosecurity Europe 2019 conference, echoing the concerns of cyber-security researchers over the exposure of operational systems to online attack.
Of those polled, 59 percent said they thought an attack on the UK’s critical infrastructure was likely this year.
Those concerns echo comments last year by Ciaran Martin, head of the National Cyber Security Centre (NCSC), that a major attack on UK infrastructure was a matter of “when, not if”.
Two-thirds, or 68 percent, of respondents also said the security teams in charge of physical and cyber infrastructure at their companies never collaborate.
The result raises questions about organisations’ readiness to manage threats that span online and physical environments.
The poll also found that only 16 percent of respondents were aware of the EU’s NIS Directive, a law put into place in 2016 that sets out security requirements for all operators of essential services and digital service providers, imposing fines of up to £17 million for UK organisations found not to be compliant.
Industry experts said the responses were troubling, and underscore the challenges of managing security in an environment where cyber and operational issues are no longer clearly demarcated from one another.
“Defending critical assets is a team sport,” said TUV Rheinland global cybersecurity head Nigel Stanley. “IT, physical and OT (operational technology) teams need to get their act together and start to share and learn from each other.”
Kevin Fielder, chief information security officer of Just Eat, argued industry should act right away to head off the increasing risks to connected devices and systems, or tighter regulation is likely to be the result.
“If the industry doesn’t produce connected devices that are, by default, secure and manageable over the long term, it won’t take many real incidents for government regulations to quickly materialise,” Fielder said.
The poll via Twitter attracted more than 12,000 responses over a one-week period in early February. Infosecurity Europe 2019 takes place from 4 to 6 June in London.
On Friday, in the latest incident highlighting the insecurity of connected devices, UK security firm Pen Test Partners said it had been able to take control of automobiles with two major brands of third-party smart alarm systems fitted.