Cyber warfare on critical infrastructure

high voltage post at sunset

The UK’s Critical Infrastructure is defined by the Government as: “Those critical elements of Infrastructure (facilities, systems, sites, property, information, people, networks and processes), the loss or compromise of which would result in major detrimental impact on the availability, delivery or integrity of essential services, leading to severe economic or social consequences or to loss of life.” 

There are 13 Critical National Infrastructure Sectors in the UK: Chemicals, Civil Nuclear, Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water. There are many threats to critical infrastructure, the UK government has resilience plans and measures in place to ensure that these various sectors are secure. One of the main threats to critical infrastructure is cyberattacks. This feature takes a look at the cyberthreats that critical infrastructure in the UK faces and how security against them is ensured. 

The importance of critical infrastructure security 

If any of these 13 sectors suffer interruption or are exposed to threat, this could cause serious disruption to the public’s livelihood and damage the economy. Critical infrastructure in the UK is becoming more digital which means cyberthreats are becoming more frequent. Cyber threats to these services include espionage, targeted attacks from malicious actors such as hostile states and criminals, through to accidental data loss. 

Cyberattacks on critical infrastructure have become increasingly more complex and more disruptive, causing systems to shut-down, disrupting operations or enabling attackers to remotely control affected systems. 

Private and public sectors 

UK Critical National Infrastructure includes both public sector and private sector organisations. The National Cyber Security Centre (NCSC) ensures the UK’s most critical systems are cyber resilient. The public sector includes: The Defence, Emergency Services, Government and Health sectors. The private sector includes: Chemicals, Civil Nuclear, Communications, Space, Energy, Food, Finance, Transport, Water. 

Cyberthreats continue to increase and evolve, these include ransomware attacks against public and private organisations and targeted hostile acts against critical national infrastructure and government. Cyberthreats increased dramatically over the Covid-19 pandemic as the world deepened its digital approach. Hackers and other cybercriminals have taken advantage of this, which is why cyberattacks and threats have become more frequent for the public and critical infrastructure organisations. 

Cyber warfare 

With the Russia-Ukraine war in full swing, cybersecurity experts point to a cyber front that had been forming online long before Russian troops crossed the border. Even in the months leading up to the outbreak of war, Ukrainian websites were attacked and altered to display threatening messages about the coming invasion.  

“In response to Russian warfare actions, the hacking collective Anonymous launched a series of attacks against Russia, with the country’s state media being the main target. So we can see cyber warfare in action with new types of malware flooding both countries, thousands of sites crashing under DDoS (distributed denial-of-service) attacks, and hacktivism thriving on both sides of barricades,” Daniel Markuson, a Cybersecurity Expert at NordVPN, says. 

In the past decade, the amount of time people spend online has risen drastically. Research by NordVPN has shown that people spend around 21 years of their lives online. With our life so dependent on the internet, cyber wars can cause very real damage. Some of the goals online “soldiers” are trying to pursue include: 

Sabotage and terrorism

The intent of many cyber warfare actions is to sabotage and cause indiscriminate damage. From taking a site offline with a DDoS attack to defacing webpages with political messages, cyber terrorists launch multiple operations every year. One event that had the most impact happened in Turkey when Iranian hackers managed to knock out the power grid for around twelve hours, affecting more than 40 million people.

For more news updates and exclusive features, check out our Q2 issue here.

Media contact 

Rebecca Morpeth Spayne, 

Editor, Security Portfolio 

Tel: +44 (0) 1622 823 922

Subscribe to our newsletter

Don't miss new updates on your email