The unseen cyber experts protecting your energy supply

06 May 2022

Whilst you are reading this article, the UK’s national infrastructure, including energy supply and distribution systems, is being targeted by a complex range of cyber threats from around the world.

Behind the scenes, cyber experts at Leonardo in Bristol are working 24/7 to protect the UK’s Critical National Infrastructure (CNI).

The health of the UK’s energy network is a high priority for the UK Government, as it is central to the wellbeing of the UK population and its critical infrastructure. Gas, electric, nuclear and renewable energy are used to power factories, blue light services and hospitals, as well as heat homes, fuel cars and support the aerospace industry and the military. The digital revolution is driving efficiencies and improvements in these systems, and 5G technologies are central to this going forward – enabling increased connectivity and control over geographically dispersed systems. However, this does place increasing importance on effective cyber security to keep these critical infrastructures operational.

Leonardo is certified by the National Cyber Security Centre (NCSC) to provide Cyber Security Consultancy services in Risk Management and Risk Assessment to the public and private sectors, and is a recognised Operational Technology Cyber specialist. That means they have to keep several steps ahead of the most advanced cyber threats looming on the horizon, including those targeted at the UK’s energy utilities network. 

Scott Bartlett, Head of Consulting for the Leonardo Cyber & Security Division, said: “In today’s digital age, modern computer systems are able to ‘talk’ to each other without human interaction, making decisions and executing tasks without the need the put a human in the loop. This is particularly true in the power generation sector, where a nuclear power plant, or a wind turbine for green energy, monitors the external environment continuously, making autonomous changes to the machinery to maximise efficiency and increase safety. This rapidly deployed capability can act much faster than the methods used in the past, where humans were responsible for monitoring and maintaining this technology. It also removes much of the risk associated with this task, as people no longer need to dangle 100ft in the air taking readings from a control system, whilst attempting to modify machinery settings.”

If the nature of today’s technology is changing, then so too are the emerging cyber threats. Scott explained: “5G enables greater use of ‘machine to machine’ communications in safety-critical environments such as power distribution. However, this also means that any vulnerabilities in 5G could allow a hacker to disrupt CNI. In the context of energy distribution, this would mean a hack on a single part of the energy distribution infrastructure for the UK could result in regional blackouts through the malicious exploitation of the ‘decision logic’ used to balance voltage across the UK.”

The complex ecosystem of cyber threats being targeted at the UK every day include cybercriminals motivated by financial gain, ‘hacktivists’ who want to publicise their cause through disruption, and adversarial governments’ ‘nation-state’ hackers. Nation-state hackers typically include freelance cyber hackers who are hired by governments, as well as the country’s intelligence and military personnel. The objectives of these attacks are diverse, but in the context of CNI, the outcome is usually disruption, and in some cases destruction. According to the latest report by information association CLUSIT, cyber-attacks on the energy sector have increased by more than 10% over the last year. A real-world example recently published by the US government demonstrated what could happen in this scenario. Their ‘Aurora Experiment’ showed the physical damage that could be done through a cyberattack, if a piece of software was used to attack modern day digital control systems for energy networks.

Leonardo cyber experts are helping the UK NCSC and the wider UK government make our CNI more resilient and better protected from cyber-attacks; and actively protects strategic infrastructures from security threats in over 150 countries worldwide. Leonardo’s cyber experts are constantly analysing how critical infrastructures might be attacked, to understand what could be done to mitigate the impact of such attacks during the course of future technological advances. However, the use of 5G in enabling ‘machine to machine’ communications is just a tiny part of what 5G could offer in the future.

Scott said: “We’re only just starting to discover the potential of what 5G technology can achieve across society, whether that be on a next generation fighter jet, at your local power station, or on your phone. Right now, we are doing exciting work looking into the potential of private or hybrid 5G networks that enable technological benefits to be realised, whilst at the same time providing net increases in cyber security to safeguard our society and its infrastructure. This could cover everything from energy supply, water and defence, to communications and emergency services. All of these elements deliver critical components for the general smooth running of society and have potential application not just in the UK, but all around the world. 5G provides freedom of action, and that freedom needs to be protected.”

Next week, the NCSC – part of GCHQ – will host the flagship CyberUK conference at the ICC Wales in Newport on 10-11 May. Click on the following link to learn more: International cyber security leaders to appear at flagship