UK utilities companies face security risks from aging SCADA systems
The UK’s utilities network is at serious risk of a targeted attack from hackers, experts have warned.
Simoco Wireless Solutions, a leading provider of communication technology to the utility sector, fears the UK’s electricity, gas and water infrastructure is vulnerable to cyber-attack because of security concerns over legacy communication systems used by many providers.
The company said an existing communication technology, known as supervisory control and data acquisition (SCADA) systems – which are used to monitor and remotely control key parts of a utility network, such as substations, generators and pipelines – are outdated and have already been compromised by cyber criminals in other parts of the world.
Mike Norfield, Chief Executive of Simoco Wireless Solutions, said it was “highly likely” the UK would become a target in the future unless action is taken.
“There is no question that there are significant vulnerabilities in the communication systems used by many UK utility providers,” he said.
“The security risks are there for all to see, but not enough has been done to address the situation. Unless the technologies that providers use are significantly modernised, it is highly likely they could fall victim to an attack at some stage.
“We’re talking about the nation’s critical infrastructure here and a successful attack could mean lengthy power cuts or a lack of running water.”
The warning follows a surge in the number of cyber-attacks on utilities companies in recent years.
According to figures released by Get Safe Online and the UK’s national fraud and cyber-crime reporting centre Action Fraud last year, UK businesses have seen a 22 per cent increase in attacks, resulting in more than £1bn in losses.
Security fears were first raised in November 2011 when a water plant in Illinois, US, was hacked in what is believed to be the first foreign cyber-attack on a major computer system on American soil.
The biggest concern, however, came in December 2015 when the Prykarpattyaoblenergo Control Centre (PCC) in western Ukraine, which used a SCADA system similar to those used by many utility companies across the UK, was hacked, leaving 230,000 residents without power for up to six hours. The attackers overwrote firmware on monitoring devices at 16 substations, leaving them unresponsive to plant operators’ remote commands.
The attackers also used telephone systems to generate thousands of calls to the utility company’s call centre to deny access to customers reporting outages.
Norfield called for utilities providers to adopt newer, more secure systems to avoid “devastating and expensive repercussions”.
He said: “We must learn from previous incidents. Legacy SCADA systems have been compromised in the past. Utilities companies have a responsibility ensure they are ready to deal with any kind of attack, whether that is from hacking groups or terror organisations. Just one cyber-attack could lead to potentially devastating and expensive repercussions.
“It is clear there are vulnerabilities in current systems and unless newer communication technologies are implemented, companies risk being sitting ducks for cyber criminals.”