Critical infrastructures such as railway networks, power stations and telephone grids are under daily attack by cyber criminals, according to Georg Peter, who is responsible for the European Reference Network for Critical Infrastructure Protection (ERNCIP), an important part of the EU response to help countries defend their assets.
How significant is the problem that we are facing?
‘Critical infrastructure is a very attractive target for terrorist attacks because of the potential for large loss of life, for example rupturing of a dam, poisoning drinking water or the air, or destabilising large parts of society, such as with a large-scale electricity blackout.
‘Critical infrastructures around the world, not just in Europe, are constantly being targeted by cyber attacks, as are many other systems used by society which are internet-connected. Every day, European vital services and infrastructures have to be able to resist many types of cyber attacks.
‘Attackers may try to achieve a denial of service (where servers are overwhelmed by the number of requests for information), or probe systems to find whether they suffer from a given vulnerability, or prepare for future unauthorised access to a system, or execute a complex attack that aims at disrupting the functioning of the critical infrastructures in order to impact the lives of citizens.’
What’s exactly meant by critical infrastructure?
‘Critical infrastructures are all these infrastructures which our society depends on in daily life. So it is not only transport and not only energy, it is also IT and there are many other sectors which could be included in that.’
What kinds of people are mounting these attacks, is it teenagers in their bedrooms?
‘There are a wide range of attackers, from kids up to state-sponsored, big teams which are hacking into, for instance, electricity delivery systems. The classic example is what happened in Ukraine (in 2015) when they brought a power plant down. This was probably a state-sponsored action involving a large group of experts.’
How could these risks evolve in the future?
‘The risk of attacks against such infrastructures is expected to continue to increase in the future as society becomes increasingly dependent on (the infrastructures) and particularly as they become more and more interconnected and interdependent. It will always be attractive for people with malicious intentions to attack infrastructure because of the high visibility of the consequences.
‘Without the implementation of appropriate security measures, it may become easier to attack these infrastructures because of the increase of accessibility via the internet for convenience or to enhance efficiency, with devices such as smart meters for measuring energy consumption or the internet of things (where everyday objects are equipped with web-connected sensors).’
How does the ERNCIP help in the task of fighting against attack?
‘The protection of infrastructure, critical or not, is the responsibility of the Member States. Therefore, the European Commission neither protects infrastructures, nor tells Member States which infrastructures to protect and how.
‘Critical infrastructure is a very attractive target for terrorist attacks because of the potential of large loss of life.’
Georg Peter, Joint Research Centre, Italy
‘However, the EU has defined how European critical infrastructures should be identified in the energy and transport sectors. According to this, each Member State has to identify those European critical infrastructures in these sectors that, if disrupted, would have a significant impact on more than one Member State, conduct a risk assessment, and implement appropriate counter measures.’
What else are you doing to help, for example hasn’t the ERNCIP implemented an inventory of testing facilities?
‘If you want to define standards, then you have to have the capability to test these standards. For example, if you develop a standard about how resistant a surface structure is against explosives, you must then have a facility which can test this. These facilities are very specialised and very costly, so not every Member State has one of these in every location. So the idea was to have a kind of inventory of all such existing facilities all over the Member States to make sure that if a company wants to develop a product according to a certain standard, they also can easily identify in which facility they can test their products against the standard.
‘Over recent years, the ERNCIP has actively undertaken (these) pre-standardisation activities in thematic areas concerned with chemical, biological, radiological, nuclear and explosives threats, as well as proposing a certification framework for the cybersecurity of industrial automation and control systems, improving the availability of protective security solutions.’
So the ERNCIP is focused on all sorts of threats to infrastructure, not just cyber threats?
‘Cybersecurity is certainly a very important aspect, and while it is not the major focus of the ERNCIP, we do also address cyber threats. In particular now, for instance, we have a project where we are looking at how we can certify IT components used in industrial environments to make sure that they match a certain security level, because you know every chain is as strong as its weakest link. If you have insecure elements within a system, and you can substitute them with elements that are certified to a common standard, then the whole system will become more secure.’
If you liked this article, please consider sharing it on social media.
As of May 2018, the EU will be equipped with its first common cybersecurity law to help keep network and information systems safe in all Member States.
The EU also supports the competitiveness of its cybersecurity industry through a public-private partnership expected to generate EUR 1.8 billion of investment by 2020 to help develop devices to defend against cyber attacks.
Strengthening cybersecurity is a fundamental part of the EU’s Digital Single Market strategy, which it hopes will boost the economy by EUR 415 billion per year and create hundreds of thousands of new jobs.
Recent advances are bringing cancer vaccines much closer to reality, giving patients another weapon in their arsenal of cancer treatments, according to Dr Madiha Derouazi, CEO of Amal Therapeutics and one of three winners of the 2020 EU Prize for Women Innovators.
More than six months into the coronavirus crisis, data show that not just age, but also biological sex plays a pivotal role in the manifestation and response to Covid-19, with more men dying from acute infections versus women in the short term. This discrepancy has shined a spotlight on a key theme that has gained traction in recent years: is enough being done to account for sex and gender in disease and medicine? Not enough, says Dr Sabine Oertelt-Prigione, the chair of sex and gender-sensitive medicine at Radboud University in the Netherlands and a member of the European Commission’s expert group on gendered innovations.
The ability of certain fish to heal damage to their hearts could lead to new treatments for patients who have suffered heart attacks and may also help to unravel how the lifestyle of our parents and grandparents can affect our own heart health.
A strange species of cavefish is helping to reveal why heart attacks cause permanent damage.
‘Industrial symbiosis’ is encouraging industry byproducts to be used for new purposes.
Dr Kate Rychert studies ocean plate structures.