Cyber attacks on infrastructure

Cyber attacks on infrastructure

Nowadays, everyone is vulnerable to cyber attacks, because everybody is involved in some shape or form in the mass world of media. Technology has evolved into a way of life, and with this evolution has come, hand-in-hand, the evolution of crime.

Online crime is no less threatening, and in some cases, more threatening, than having your possessions stolen. An online crime can break businesses and lives. It’s important to be clued up on what this evolution entails, and consequently, how you can protect your personal and business data.

What types of cyber attacks are there?

Cyber attacks come in a plethora of forms. When one thinks of cyber attacks in the modern day they presume the attack would be a large-scale, highly planned and motivated action, perhaps a group of hackers working on behalf of governments and with the aim of finding state secrets. The reality however is that cyber attacks are a lot more common and accessible than one might think. Teenagers seeing what they can do on a computer, or an upset employee looking for revenge, money, or information, out of a company. And these attacks may not even require the highly advanced level of know-how you would associate with hackers. It could be that software is not updated for a while or even giving open access to WiFi. Sometimes it can be as simple as the building management team not changing a password from its standardised settings so the building could be accessed by anyone.

Disrupted Denial of Service (DDoS) is a fairly recent form of cyber attack and is becoming more commonly used. Essentially, the network of an organisation is ‘flooded’ with data meaning the organisation cannot function. No damage is done nor data stolen, but the hacker can hold the organisation to ransom.

You wouldn’t leave your house unlocked, so why leave your connection insecure?

How safe are we from a cyber attack?

There is no network that can be one hundred percent secure, and organisations will always have different levels of maturity in their cyber defence, given how likely of a threat it may seem. The Government, for example, takes cyber security a lot more seriously, especially recently with the launch of the National Cyber Security Centre, a division of GCHQ that will be a new nerve centre to manage cyber incidents. Responding to Government advice, creating and adhering to good practices and procedures and ‘policing’ people, including the supply chain, will all reduce your risk of cyber attack.

Take an example of malicious software (malware) being embedded into the system of a crane that had been delivered to a sensitive construction site. The crane needed to be connected to the sites network to enable ‘reachback’ (where the device talks back to the manufacturer or supplier) for system monitoring and performance. In this case, the site security procedures were watertight – every device that needed to connect to the network needed to be scanned and in this case the malware was found.

With so many connected devices, are we more at risk?

The market for ‘the internet of things’ is constantly expanding, so we have to take it as given that we will live in a more connected world. That doesn’t necessarily mean we have to be more prone to cyber attacks. Instead, we need to be savvier about what we do. How many of us leave our Bluetooth on? Or choose an obvious password?

If you were to go onto a construction site today, you will be given a safety briefing and protective equipment, and will physically prepare you for any health hazards or dangers to your wellbeing and ensure you are in the right condition to attend the site. However, whilst your body is now protected from danger, the site may have an open WiFi or insecure network, meaning that when you connect, you (and the infrastructure) are open to attack. Cyber security needs to be considered in the same way that we approach the health and safety of people and that will take a cultural shift.

 

What can civil engineers do to prevent attacks?

Being cyber secure is not about investing in more cyber. You could have biometric sensors that check the identity of everyone coming in and out of a site, but if the database with those identities is insecure then it certainly isn’t helping to protect people.

Instead, it’s about being aware of how you could be at risk. If you have hard drives with files on it, then those files can be accessed, so properly disposing of them is vital. Even computer screens can have images burned onto them if they are used frequently, meaning someone can access information even from a blank screen.

For civil engineers, this is particularly important. They need to be aware (and are becoming increasingly so) of the forms that threats could take and how to protect the systems they use.

We need to think about how we can make our buildings more secure. This involves thinking about things like the locations of server or hub rooms in relation to other equipment or the positioning of screens so that they are not in clear view through a window. Even where cables go and whether they are made from copper or fibre are considerations in making somewhere cyber secure.

When working in construction and infrastructure, you need to ensure the connection you are using is secure and reliable. To do this, you could use VPN or other solutions available from I.T specialists.

Find out more

Contact the Countrywide Team to understand how we cater to clients to ensure their connection is private and secure. We also provide back-up services, and emergency connectivity in the case of an incident.

Extra resource: Kim Van Rooyen, Director, and Nathan Jones, Senior Project Manager, at Turner & Townsend will be speaking at the first Preparing London for Change Lecture on human threats to London’s infrastructure on 27 March 2017.

 

This article has referenced the Institution of Civil Engineers and information is cited from industry experts.