An increasing number of key infrastructure sites have been hit by cyber attacks in recent years, sparking fears the UK is vulnerable to a “crippling” large-scale attack.
Nine out of ten security professionals working in the critical infrastructure sector said their sites had been damaged by at least one cyber attack over the last two years, according to a study carried out by the Ponemon Institute.
The survey, which focused on firms in the energy, utilities, health and transport industries, also revealed concerns about under-staffing and inadequate technology to stave off attacks.
“These industrial control systems help keep our lights on, our water clean, our public transportation running, among various other essential functions,” said Eitan Goldstein, senior director at cyber security firm Tenable, which commissioned the study.
“These technologies support the underpinnings of our modern society and are dangerously exposed today,” he said, adding that an attack could be “crippling”.
One of the key vulnerabilities highlighted in the study was the convergence of operational technology (OT) – the hardware and software that monitors physical infrastructure – and IT.
Goldstein said the spread of sensor technologies has opened up new opportunities for attackers to gain access to organisations, while breaches are also becoming more sophisticated.
The report concluded that threats to critical infrastructure are “real, severe and ongoing” and urged organisations to review their defence systems.
The findings come amid growing concern over the UK’s ability to deal with cyber attacks. The government has called on businesses and charities to beef up their defences after new figures showed the financial cost of breaches is increasing.
The government report revealed the percentage of firms affected by attacks has decreased over the last year. But the true scale of cyber attacks is difficult to gauge, as companies are rarely willing to admit they have been targeted.
Earlier this week it emerged key parts of UK infrastructure, private sector firms and even MPs were hit by a deliberate campaign of cyber attacks thought to have been orchestrated by Iranian hackers.