April 12, 2016 by Canadian Underwriter
A significant cyberattack across the United Kingdom’s critical national infrastructure could have “far-reaching and significant economic impacts” for Britain, according to a study carried out by the Cambridge Centre for Risk Studies.
The report, titled Integrated Infrastructure: Cyber Resiliency in Society, was developed by the Cambridge Centre for Risk Studies, a multidisciplinary centre of excellence for the study of the management of economic and societal risks, in conjunction with global security and aerospace company Lockheed Martin. The report, which was released on Tuesday, models the potential impact of a coordinated and sustained cyberattack on one of the UK’s regional power distribution networks and the likely short- and long-term costs to the UK economy.
In the most conservative scenario, said a press release from Lockheed Martin, the immediate impact to the UK’s economic output is 12 billion pounds (£), with a five-year GDP impact of £49 billion. In the most severe case, these figures increase to £85 billion and £442 billion respectively. In the latter case, this represents approximately 2.3% of the UK’s GDP over the period.
The report outlines a fictional scenario in which a cyberattack is executed by a disgruntled employee of a distribution network operator with the backing of a nation-state adversary. Disruption is achieved by installing rogue hardware in a minimum of 65 vulnerable substations in South East England (this attack footprint is expanded to 95 and 125 substations in increasingly extreme variants of the scenario). This rogue hardware empowers the cyber adversaries to trigger rolling blackouts across the region during the winter season, shutting down parts of the London area and impacting all aspects of the UK economy. [click image below to enlarge]
Key findings from the report include:
“As our critical national infrastructure becomes increasingly interconnected, the risk and cost of a potential cyberattack gets exponentially larger each and every day,” said Justin Walker, vice president for Lockheed Martin’s information systems business in the UK and Europe. “Through increased collaboration, government, industry, regulators and the wider technology industry all have a role to play ensuring the UK economy is resilient to cyberattack.”