A leaked document from a UK intelligence agency suggests that the country’s energy sector may have been compromised by cyber attacks.
The document, issued by the National Cyber Security Centre (NCSC), part of the UK’s GCHQ agency, and leaked to tech publication Motherboard, says that some industrial control system (ICS) organisations are likely to have been successfully compromised.
The NCSC report says that the affected organizations are part of the supply chain for UK critical national infrastructure, and some are likely to have remote access to critical systems. The hackers are also targeting other sectors in a wave of activity that started in early June.
“The NCSC is aware of connections from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” Motherboard reported NCSC as saying.
It has not been made clear the extent of the compromise on the UK’s system, and what level of “visibility” the hackers have gained.
Cybersecurity firm Nozomi Networks says that targeted phishing attacks on engineers are both “straightforward” and “extremely damaging”, and that the so-called air-gaps used to protect critical infrastructure such as power plants from cyber attacks are now more or less “defunct”.
“You have to assume that all parts of critical infrastructure are being probed for vulnerabilities 24 by 7 from a risk management point of view,” says Andrea Carcano, Founder and Chief Product Officer of Nozomi Networks. “While Information Technology (IT) and Operation technology (OT) that control the electric grid systems and other critical infrastructure are separated, there have been increasing connections.”