Now that industrial control systems are plugged into complex networks through the internet, the risk of cyber-sabotage is greater, researchers say (Queen’s University Belfast)

UK earmarks $4m to counter cyber-sabotage of critical infrastructure

30 September 2014 | By Rod Sweet 1 Comment

The UK has set aside just over $4m (£2.5m) for research into boosting the cyber-security of industrial control systems that run power stations, the electricity grid, the rail network and manufacturing plants.

The research will help planners mitigate threats from hackers or malware infiltrating the systems that make critical infrastructure work.

Teams from four UK universities will work with industry to analyse the risks. Metrics and software tools will be produced for non-technical decision makers.

Industrial control systems were kept isolated in the past for security reasons, but now they are plugged into complex networks through the internet, which has created a greater risk of cyber-sabotage.

“Where control systems are linked to the internet we need to understand how failures could cascade across the system,” said Professor Chris Hankin, of the Research Institute in Trustworthy Industrial Control Systems (RITICS), based at Imperial College London. RITICS is coordinating the research.

“We will be looking at new ways of repairing damage to systems if an attack happens.”

Funding the research are the UK’s Engineering and Physical Sciences Research Council and National Cyber Security Programme, with assistance from the Centre for the Protection of National Infrastructure and GCHQ, the British communications intelligence agency.

The funding covers four separate projects. 

The University of Birmingham team will carry out a detailed security analysis of the National Grid and The Rail Safety and Standards Board to build an understanding of possible failures. Industry partners are TRL and Parsons Brinckerhoff.

City University London will investigate the topic of “communicating and evaluating cyber risk and dependencies” with industry partners Adelard LLP and Alstom Group.

Lancaster University will assemble a multi-disciplinary team to provide decision makers with metrics to understand the business risks posed by cyber security breaches of industrial control systems. Industry partners include Airbus, Thales, Atkins-Global and Raytheon.

Researchers at Queen’s University of Belfast will investigate vulnerabilities the National Grid as wind or solar generated electricity comes on stream. Project partners are Scottish and Southern Energy, Statnett and Thales Ltd.

Photograph: Now that industrial control systems are plugged into complex networks through the internet, the risk of cyber-sabotage is greater, researchers say (Queen’s University Belfast)