madison
Home / News & Blogs

Cyberattacks target UK national infrastructure

Nick Heath silicon.com | October 30, 2008 5:34 AM PDT

Summary

Companies that play a key role in the Britain's national infrastructure are facing sustained cyber-espionage attacks, says a UK cyber-defense chief.

Topics

U.K., Cyberattack, Attack, Security, Government, Nick Heath silicon.com, U.K., Cyberattack, Attack, Government, Nick Heath silicon.com, cybercrime, attacks, espionage, security
Sustained cyber-espionage attacks are being waged on companies that play a key role in the Britain's national infrastructure, a UK cyber-defense chief has warned.

The computer systems of critical businesses in the UK, such as power companies and large financial institutions, are being repeatedly probed to steal information or uncover weaknesses that could take them down.

That was the warning from Mark Oram, head of the threat and information-security knowledge department at the Center for the Protection of National Infrastructure (CPNI), the security service tasked with protecting key government and private organizations in the UK.

Speaking at the RSA Conference Europe 2008 in London, Oram said: "We see frequent attacks on organizations for the purpose of theft of property. There are known threat sponsors with known requirements looking to gather information from industry."

"The use of cyber-techniques is relatively easy, cheap and low risk in terms of being caught. Most of the time, we know the likely culprit but proving it is very difficult," said Oram.

However, he added that the UK government feels the risk of a cyber-terrorist attack is low due to a "lack of capability and difficulties with understanding the vulnerabilities in the infrastructure".

Oram said the CPNI would continue to work closely with key industries to help them understand the vulnerabilities and threats they face.

Internet-warfare expert Ira Winkler, president of the Internet Security Advisors Group, said Chinese hackers are "vacuuming up the internet for security and economic secrets". Winkler cited examples such as the Titan Rain hacking attacks.

The announcement came as the EU presented a blueprint for how European countries can strengthen national communications networks.

The report from the European Network and Information Security Agency recommends prompt reaction to reported incidents, collaboration between public and private stakeholders, and development of a national strategy for information-sharing and responsibilities for different parts of the network.

In the US, the Department of Homeland Security's National Cybersecurity Division has tripled its budget to $350m (£215m) over the past two years, to upgrade security systems protecting critical civilian networks and build up its US-CERT emergency-response team.

Talkback Most Recent of 8 Talkback(s)

  • I hope they will begin using Linux.
    After decades of experience using Windows and then
    using Linux for 5 years, there is no comparison on
    security.

    Linux has done a tremendous job being resistant to
    threats with very little attention and no external AV
    or firewall programs.

    In home use, threats are just not an issue. A feeling
    of confidence with online banking and purchases is
    gained.
    ZDNet Gravatar
    Joe.Smetona
    30th Oct 2008
  • ... did You ever stay in contact with hackers?
    ... they like UNIX and all its existing idioms.
    Why?
    Cause its soooo easy to find a way in.

    That's the reason, why all big companies hide their crucial data within mainframe systems, thus this technologie has been talked to death for many times and years. But they still exist and nobody dares to cut them off.

    And by the way, an open system like LINUX is as if You use a squirt gun to defend Your home against tank using baddies.

    National infrastructures are no playground to bugger around.
    ZDNet Gravatar
    MikelGr
    31st Oct 2008
  • The last mainframe I worked on was an IBM 3090 in the '80's.
    I'm betting on the Linux as a modern alternative...
    ZDNet Gravatar
    Joe.Smetona
    22nd Jan 2009
  • Damn linux zealot.
    The security of a server depend 99% in the current system administrator/ security policies and a mere 1% in the operating system.

    For example :lets think about a linux server that host a single webpage, this webpage will allow to upload pictures but by a mistake the programmer did miss to put a extension filter in the upload process. Even a script kiddie can utilize this vulnerability (uploading a perl file for example) to hack the system and convert it as a zombie. In my case i saw it and even a perl running as a permission-less process (as nobody) can hurt the system.
    ZDNet Gravatar
    magallanes
    2nd Nov 2008
  • You are missing the point entirely.
    Even if a mistake was made with the server policies,
    etc, Linux on the workstations would prevent access to
    the files and prevent new virus programs from being
    run. (and prevent the spread of malware across the
    network)

    You appear to be basing your entire argument on
    Windows, and yes, Window is a security train wreck.

    I've used Linux for over 5 years. I have had no
    viruses, spyware, or rootkits. I've never used
    additional virus protection or firewall software.

    I think you should try it out and experience the
    security first hand before judging.
    ZDNet Gravatar
    Joe.Smetona
    15th Nov 2008
  • You are talking about input editing.
    It happens all the time with passwords, A page asks
    the user to create a password. The person inputs a 12
    digit password and confirms it.

    When the person tries to log into the site, his
    password doesn't work. Why, because the site only
    accepts 8 character passwords.

    I understand exactly what you are saying, but improper
    security is the same as giving someone your car keys.

    It's not the fault of the Linux, if it's hacked in
    such a manner. It's not within the scope of any OS to
    protect against allowed usage by poorly written
    external programs using the picture file example.
    ZDNet Gravatar
    Joe.Smetona
    22nd Jan 2009
  • RE: Cyberattacks target UK national infrastructure
    The same exploits were and are directed at US infrastructure. Any OS is vulnerable if proper security is not enabled, monitored and updated as necessary. Simply relying on what you've heard about Linux is simplistic and dangerous.
    ZDNet Gravatar
    wmwinkle@...
    5th Nov 2008
  • Have you ever tried Linux?
    I'm finding out the many comments written about Linux
    are by people who have never even tried it.

    I would suggest using Linux Mint FOR AN EXTENDED
    PERIOD with NO VIRUS PROTECTION AND NO FIREWALL
    SOFTWARE.

    ...........And just try to get a Virus!!!!!

    Then write back IF YOU GET SOMETHING TO REPORT.
    ZDNet Gravatar
    Joe.Smetona
    15th Nov 2008

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity