It has recently been revealed that cybersecurity legislation introduced three years ago – which was put in place to oblige gas and electricity firms to report when they were hacked – has been almost entirely ignored, confirms Sky News via IslandFM.
In spite of numerous successful cyber-attacks hitting British energy firms in this time frame, not a single report has been successfully made to Ofgem, the authority who supports the gas and electricity markets.
Former Defence Secretary, Gavin Williamson, warned that “thousands and thousands and thousands” of people could be killed if an attempt at disruption was made; the severity of this has been validated by the UK Government’s confirmation that state-sponsored hackers have successfully breached the computer networks of the UK’s energy grids in the past.
It has been widely suggested that the thresholds for which companies working across the electricity and gas sectors can report incidents to Ofgem are actually aligned to the intentions of the attackers, rather than the impact of an attack on the sector’s security strengths and weaknesses. This has since left the regulator unaware of how the sector is coping with the pressures of cyber-criminal activity.
Dr Jamie Collier, Threat Intelligence Consultant at FireEye, told Sky News that that the thresholds for reporting should consider varying levels of sophisticated attacks, leaving defenders to “focus on what really matters”. He adds: “Despite this, essential service providers and regulators should be careful not to neglect the threat posed from less sophisticated attacks.”
“Most of the concern around cybersecurity has been focused on operational technology (OT) networks that interact with physical processes and machinery, such as power plant equipment or water treatment facilities.
“Yet the traditional information technology (IT) networks that involve the flow of data – such as file storage or email – should not be neglected. This is because whilst the impact of malicious activity can be far more severe against OT systems, these attacks typically start out on IT networks. It is therefore vital to consider security across an entire service provider’s infrastructure.”