World class academics in Belfast are engaged in an arms race to protect nuclear power plants and other critical utilities from being brought down by hostile nation states and hackers, it has been revealed.
At the forefront of the battle is the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast, which works closely with the National Cyber Security Centre (NCSC) - part of the government’s top electronic intelligence centre, GCHQ.
David Crozier, Head of Strategic Partnerships & Engagement at CSIT, says it is the UK’s largest academic cyber security research centre and in the top ten globally.
In April the UK’s nuclear power plants were told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems.
Government officials warned that terrorists, foreign spies and “hacktivists” are looking to exploit “vulnerabilities” in the nuclear industry’s internet defences.
Energy minister Jesse Norman told The Daily Telegraph that nuclear plants must make sure that they “remain resilient to evolving cyber threats”.
Mr Norman said: “The Government is fully committed to defending the UK against cyber threats, with a £1.9 billion investment designed to transform this country’s cyber security.”
The threat is not just to the UK. American nuclear power companies have been under attack by hackers since May, possibly backed by foreign governments.
The UK must learn lessons from all recent international cyber attacks, says Ivor Bradley, a senior engineer at CSIT.
“We also look at malware that is deployed on critical infrastructure, that is water, power, nuclear, everything from smart grid to traffic lights, it is all hidden away but it is very very important.”
He adds: “Anything that needs a control of background device can be vulnerable - anonymous looking boxes that are used to control pumps switches relays that are in the utilities that we use every day. It is all very much in the background but is very important.”
David points out that it is now common for utilities to be remotely controlled in this way to reduce travelling times for staff, but that this makes them vulnerable to hacking.
“The big challenge now is to retrofit security devices to these smart grid networks and industrial control systems,” he said.
Utility companies, including nuclear power stations, all use devices call Programmable Logic Controllers (PLCs).
“Every utility will have something like this. It switches on and off. It could be a nuclear power reactor - or to pump up a balloon,” Ivor says.
When used in nuclear power reactors, the same device is used to control the position of the control rods, which in turn are adjusted to regulate the rate of the chain reaction.
“It is lifting the rods up and down. Yes.” he adds.
Asked if their work in defending such processes from cyber attack is really part if an international arms race, he replies quietly: “It is”.
David says there has been no formal attribution for the recent cyber attack which disrupted 45 NHS organisations in Great Britain. And so it is never totally clear who might be waging war on your critical utilities.
“It looks like a ransomware attack but sometimes with state sponsored stuff they might use that as a front to put people off the scent regarding what the real motivation is behind it,” he said.
A recent report about ongoing cyber attacks on US nuclear power plants by the US Department of Homeland Security and the FBI carried an urgent amber warning, the second-highest level of threat.
The report indicated that an “advanced persistent threat” actor was responsible, language often used to describe hackers backed by foreign governments; the techniques used mimicked those used by Russian hackers to attack the US energy sector since 2012.
The hackers emailed résumés laced with malicious code to senior industrial control engineers who have direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material, according to two people familiar with the attacks.
In 2008 the US and Israel launched a cyber attack on Iran’s main nuclear enrichment facility. They caused the nuclear centrifuges to spin out of control, destroying a fifth of them.
David said the recent mass cyber attack on the NHS could have been a teenager in their bedroom - or a hostile nation pretending to be one.
The attack caused severe disruption to over 45 English NHS organisations in May.
It looked like a ransom ware attack, that is, a program which locks a computer up until an electronic ransom has been paid, David said.
“These are some of the tricks that are used by different threat actors. They make it look like one thing but the reality is it is maybe something different.
“It might be that they are looking to access data - or that they are just looking to disrupt critical infrastructure so that it makes citizens in a particular country think that they are government isn’t on the ball in terms of security... For a nation state to hack another nation state what better than to make it look like it was a teenager in their bedroom?”
In November a cyber attack brought the San Francisco transit authority’s buses and trains to a standstill.
The Ukrainian power distribution network was also hit this month, impacting other organisations and businesses as far away as Australia.
However CSIT is working with the UK’s National Cyber Security Centre and the PSNI Cyber Crime Unit to counter such mass threats.
“Every day we are in contact with international partners as well as national partners,” the PSNI’s DCI Dougie Grant told the News Letter.
“There is no other area of crime that there is such communication with partners on a minute by minute basis.”