A new institute investigating cyber-threats to vital systems that control the UK’s industry and infrastructure has been launched.
The Research Institute into Trustworthy Industrial Control Systems at Imperial College London will explore potential threats to the infrastructure that controls everything from nuclear power generation, to manufacturing, to energy distribution and the national rail network.
Researchers will analyse how cyber-attacks that could shut down these industrial control systems (ICS) work and also how they can be prevented or counteracted.
Director of the new institute, launched yesterday, Professor Chris Hankin said: “In 2007, parts of Estonia ground to a halt when it experienced a ‘denial of service’ cyber-attack, overloading servers, which lead to a temporary government shutdown. While this is an extreme example, it highlights how vulnerable countries are to these types of threats.
“Our ICS are vital for running most of the industrial processes that underpin modern society. From electricity generation to making sure trains run on time, these systems are vital to our everyday lives, but more work needs to be done to determine how vulnerable they are threats from cyber-attack.
“Research at Imperial’s Institute will focus on working out what the potential dangers are, so that new technologies and procedures can be designed to mitigate them in the future.”
ICS consist of many components including physical mechanical parts, sensors, computer hardware and software, which are spread over long distances and in remote places, making them vulnerable to attack.
For instance, the UK’s railways use ICS to control the entire national network – from monitoring and controlling train movements across the country, to signalling and emergency services.
Since the rise of the internet they have increasingly been connected to business IT networks, enabling them to be maintained remotely and providing engineers with more information about how they are operating, but this makes them more vulnerable to cyber-attacks.
The systems are also required to operate continuously for months at a time, making it more difficult to regularly install upgrades or ‘patches’ to prevent attacks on software.
By comparison, patches for IT networks are done daily. Researchers at the Institute will look into how these systems can be made more robust without impacting on operations.
Working alongside Government and industry, the team will also identify how a lone cyber-attack on one business or utility could have a knock-on effect, affecting groups of businesses ‘downstream’, which could lead to impacts on the UK’s infrastructure as a whole.
Academics at the institute will also investigate ways that these threats can be avoided through the development of better procedures and technologies.
Francis Maude, Minister for the Cabinet Office with responsibility for the UK Cyber Security Strategy, said: "The National Cyber Security Programme has ensured serious investment through its partnership with academia.
“This will make certain that the best UK expertise in thought and innovation in the study of cyber security is properly supported. The UK's third academic Research Centre at Imperial College will further strengthen capability and reputation in the strategically important area of protecting industrial control systems that lie behind some of our national infrastructure.”
The Institute is jointly funded by the Engineering and Physical Sciences Research Council and the Cabinet Office.
Professor David Delpy, chief executive of the Engineering and Physical Sciences Research Council (EPSRC), said: “This EPSRC investment is part of our wider support for underpinning research into the science of cyber security.
"We need to ensure that the UK has the capability to protect both our physical and virtual assets and to do this we must develop outstanding individuals, support the best projects and make the most of the opportunities that the online environment can deliver for our economy.”