Lights out for the UK?

Just how susceptible is the UK to a critical infrastructure attack? Samantha Wright attended a panel debate led by Eugene Kaspersky to find out

Imagine a day when there is only darkness. You can't use your electric oven or shower, and your phone dies but there is no electricity to charge it. It may sound like something out of a Cormack McCarthy novel, but the threat of a cyberattack on the UK's critical infrastructure means such a scenario could soon be a reality, according to a panel debate led by Eugene Kaspersky.

The Kaspersky Lab founder was joined by representatives from the likes of Telefonica and Solutions PT to discuss the growing spectre of cyberattacks that are seeking to disrupt communication, transport, oil and gas, power and critical manufacturing industries.

The discussion was held following a critical infrastructure cyberattack on a section of the Ukrainian power grid in December 2015, in which hackers took control of at least two power companies' systems.

At the panel, Eugene Kaspersky (pictured), founder of Kaspersky Lab, said: "The engineers in Ukraine had to manually override each power station, but unfortunately modern systems don't have manual override. So if the same thing happened in Europe or the US, I'm afraid that the problem would be even more serious."

The past few years have seen an increased number of cyberattacks, including those on the financial sector in South Korea in 2013 in which the computer networks running three of the major South Korean banks were paralysed.

The German steel industry was targeted during the Christmas period in 2014 when hackers manipulated control systems at a steel plant, resulting in a blast furnace being unable to shut down properly.

Kaspersky explained: "The number of criminal attacks on industrial systems grows very quickly but unfortunately we don't see the whole picture because in many cases the victims do not disclose the data and sometimes they don't even know they have been hacked."

There have been three ransomware attacks this year on hospital systems, in Australia, California and Germany. Kaspersky warned that this could be merely the start of the problem.

"There is a real threat and I am afraid that we will see more and more such situations in the future," he said.

"There is no nation in the world that has enough engineers to adjust the industrial environment for these new kinds of threats."

The question is whether the UK could see similar attacks on its critical infrastructure. The panellists seemed in agreement that it is highly likely that attacks would be launched against the UK.

Panellist Andrew Comer from the Institute of Engineering said: "We know the UK will be a major target. The challenge will be that as we become part of a much tighter global network, the attacks could come from anywhere and attack anywhere and still affect the UK.

"You can never be too careful; the threats are just going to continue increasing and of course we don't know how hard people have tried to attack the UK previously."

The panel suggested that the best way to defend against this type of cyberattack is for governments to understand the problem, design strategies to prevent the attacks, and then implement those strategies.

Cevn Vibera, representing Solutions PT on the panel, said: "The government understands the problem. The issue is in implementing these strategies - how do they get private companies to follow it?"

Kaspersky added: "There has to be more government involvement. There is still a lack of regulation - in some cases they are still blind."

There has been a lot of debate over whether any of these cyberattacks in recent years have been funded by host governments, with Ukrainian officials accusing the Russian government of orchestrating the attack on their power grid and South Korea pointing the finger at North Korean government over the hack on their financial sector.

Panellist Jose Palazon, CTO of ElevenPaths at Telefonica, explained: "We need to understand the motivations behind these attacks. If you look at any of the malware in the general media, they contain such an amount of advanced technology that most companies believe the only way you can create one is by being funded by a government."

But Kaspersky added that while it is unclear whether governments are funding these cyberattacks, there are no political issues hindering the apprehension of cybercriminals across countries.

He said: "What is going on in the political level sometimes doesn't reflect what is going on at a technical level. For example the cyber-police from Russia, the USA and Europe are communicating on a daily basis, they don't have political problems."

The situation in cyberspace will continue to get worse until stricter regulations are in place, according to Kaspersky.

"Critical infrastructure is about national and global security," he said. "There should be regulations for building cyber-systems, just like there would be when you build buildings."

"The perfect security is when an attack costs more than the possible damage; when it is more expensive to hack than any possible profit.

"We are fighting these guys but unfortunately in some cases they are winning."