Risk Register 2023: Infrastructure cyberattack could harm thousands

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

In a stark warning, the UK government has alerted the public to the impact of a cyberattack on critical infrastructure.

The findings come from the latest National Risk Register report, which is based on the government’s classified National Security Risk Assessment and considers malicious risks like terrorism and cyberattacks alongside non-malicious risks such as severe weather incidents.

The government estimates there’s a 5-25 percent likelihood of a serious cyberattack on UK critical infrastructure over the next two years. While relatively low, the potential impact is devastating.

Jamie Akhtar, CEO and co-founder of CyberSmart, said:

“Although these figures make for alarming reading, they perfectly illustrate just how important cybersecurity has become at all levels of society.

While an attack on this scale remains unlikely, a 5–25 percent chance and its potential impacts make it a risk worth taking seriously.

It also highlights how important it is that the UK as a whole, from government bodies to its smallest businesses, levels up its cybersecurity defences and awareness.”

The report highlights several sectors particularly vulnerable to cyber-attacks, including gas infrastructure, electricity infrastructure, civil nuclear facilities, fuel supply infrastructure, government systems, health and social care, transport sector, telecommunications, and financial infrastructure. 

In particular, the government and a UK retail bank are considered especially at risk from state actors aiming to encrypt, steal, or destroy critical data or disrupt operational systems.

While the assessment assigns a likelihood rating of “4” on a scale of 1 to 5, with 5 indicating the highest probability, experts emphasise that even a “highly unlikely” event can have a significant impact.

The potential economic cost of such an attack is estimated in the billions of pounds, with potential fatalities of up to 1,000 people and casualties reaching 2,000 individuals.

One concerning aspect highlighted in the report is the chronic risk posed by artificial intelligence. The continuous challenges AI presents have the potential to erode the economy, community, way of life, and national security.

Arun Kumar, Regional Director at ManageEngine, commented: 

“This register acknowledges the speed with which AI is evolving, and its potential threat to national infrastructure. But the register needs to keep pace with the rapid evolution of cyber-attacks. And be prepared for AI to become an agent of chaos in the near future. 

There is no doubt that AI is silently getting better at its own game. With the rise of deepfakes in cybercrime and scams, we’re already uncovering some of the darker implications of AI.”

The findings from the National Risk Register are a reflection of the growing concern over cyber threats both within the UK and globally.

A World Economic Forum report earlier this year revealed that 86 percent of business leaders and 93 percent of cyber experts believe global geopolitical instability significantly raises the likelihood of a catastrophic cyber event occurring within the next two years.

Darren Guccione, CEO and Co-founder of Keeper Security, said:

“Cybersecurity is national security and must be prioritised as such. Protecting critical infrastructure and the services that people rely on from cyberattacks is as important as protecting it from physical attacks because the consequences have the potential to be equally devastating.

When used for political purposes, these cyberattacks may be part of a larger effort to threaten operations, destabilise a government, or disrupt critical infrastructure such as power grids, transportation networks, and financial institutions. Certain malware can even be used to destroy evidence of network infiltration in cases of espionage.

In the digital age, it’s clear that cyber and traditional warfare tactics will continue to converge as threat actors use cyberattacks to both support and supplement physical attacks.”

Experts and officials have reiterated the urgency of fortifying critical infrastructure against cyberattacks. Measures to protect vital systems and data have become essential in the face of evolving cyber threats and sophisticated attacks from various actors, including state-sponsored entities and cybercriminal organisations.

In response to the report’s findings, the UK government is expected to invest further in strengthening its cybersecurity measures, collaborating with both the private sector and international partners to ensure a comprehensive and unified approach to tackling cyber threats.

The National Risk Register serves as a crucial tool in understanding potential threats to national security and prompts proactive planning and preparation to mitigate the impacts of possible future events.

“The key to disarming AI-enabled threats lies in its own DNA. The technology used to execute these next-gen attacks can also be deployed to identify them before they succeed. Only then can we mitigate AI’s worst effects and help ensure it serves the best interests of society,” explains Arun Kumar, Regional Director at ManageEngine.

As the cyber landscape continues to evolve, a robust and adaptive strategy is essential to safeguarding critical infrastructure and ensuring resilience in the face of increasing cyber threats.

(Image Credit: kalhh from Pixabay)

See also: Russian hackers attack UK airports’ websites

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The event is co-located with AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *