Critical infrastructures such as railway networks, power stations and telephone grids are under daily attack by cyber criminals, according to Georg Peter, who is responsible for the European Reference Network for Critical Infrastructure Protection (ERNCIP), an important part of the EU response to help countries defend their assets.
How significant is the problem that we are facing?
‘Critical infrastructure is a very attractive target for terrorist attacks because of the potential for large loss of life, for example rupturing of a dam, poisoning drinking water or the air, or destabilising large parts of society, such as with a large-scale electricity blackout.
‘Critical infrastructures around the world, not just in Europe, are constantly being targeted by cyber attacks, as are many other systems used by society which are internet-connected. Every day, European vital services and infrastructures have to be able to resist many types of cyber attacks.
‘Attackers may try to achieve a denial of service (where servers are overwhelmed by the number of requests for information), or probe systems to find whether they suffer from a given vulnerability, or prepare for future unauthorised access to a system, or execute a complex attack that aims at disrupting the functioning of the critical infrastructures in order to impact the lives of citizens.’
What’s exactly meant by critical infrastructure?
‘Critical infrastructures are all these infrastructures which our society depends on in daily life. So it is not only transport and not only energy, it is also IT and there are many other sectors which could be included in that.’
What kinds of people are mounting these attacks, is it teenagers in their bedrooms?
‘There are a wide range of attackers, from kids up to state-sponsored, big teams which are hacking into, for instance, electricity delivery systems. The classic example is what happened in Ukraine (in 2015) when they brought a power plant down. This was probably a state-sponsored action involving a large group of experts.’
How could these risks evolve in the future?
‘The risk of attacks against such infrastructures is expected to continue to increase in the future as society becomes increasingly dependent on (the infrastructures) and particularly as they become more and more interconnected and interdependent. It will always be attractive for people with malicious intentions to attack infrastructure because of the high visibility of the consequences.
‘Without the implementation of appropriate security measures, it may become easier to attack these infrastructures because of the increase of accessibility via the internet for convenience or to enhance efficiency, with devices such as smart meters for measuring energy consumption or the internet of things (where everyday objects are equipped with web-connected sensors).’
How does the ERNCIP help in the task of fighting against attack?
‘The protection of infrastructure, critical or not, is the responsibility of the Member States. Therefore, the European Commission neither protects infrastructures, nor tells Member States which infrastructures to protect and how.
‘Critical infrastructure is a very attractive target for terrorist attacks because of the potential of large loss of life.’
Georg Peter, Joint Research Centre, Italy
‘However, the EU has defined how European critical infrastructures should be identified in the energy and transport sectors. According to this, each Member State has to identify those European critical infrastructures in these sectors that, if disrupted, would have a significant impact on more than one Member State, conduct a risk assessment, and implement appropriate counter measures.’
What else are you doing to help, for example hasn’t the ERNCIP implemented an inventory of testing facilities?
‘If you want to define standards, then you have to have the capability to test these standards. For example, if you develop a standard about how resistant a surface structure is against explosives, you must then have a facility which can test this. These facilities are very specialised and very costly, so not every Member State has one of these in every location. So the idea was to have a kind of inventory of all such existing facilities all over the Member States to make sure that if a company wants to develop a product according to a certain standard, they also can easily identify in which facility they can test their products against the standard.
‘Over recent years, the ERNCIP has actively undertaken (these) pre-standardisation activities in thematic areas concerned with chemical, biological, radiological, nuclear and explosives threats, as well as proposing a certification framework for the cybersecurity of industrial automation and control systems, improving the availability of protective security solutions.’
So the ERNCIP is focused on all sorts of threats to infrastructure, not just cyber threats?
‘Cybersecurity is certainly a very important aspect, and while it is not the major focus of the ERNCIP, we do also address cyber threats. In particular now, for instance, we have a project where we are looking at how we can certify IT components used in industrial environments to make sure that they match a certain security level, because you know every chain is as strong as its weakest link. If you have insecure elements within a system, and you can substitute them with elements that are certified to a common standard, then the whole system will become more secure.’
If you liked this article, please consider sharing it on social media.
As of May 2018, the EU will be equipped with its first common cybersecurity law to help keep network and information systems safe in all Member States.
The EU also supports the competitiveness of its cybersecurity industry through a public-private partnership expected to generate EUR 1.8 billion of investment by 2020 to help develop devices to defend against cyber attacks.
Strengthening cybersecurity is a fundamental part of the EU’s Digital Single Market strategy, which it hopes will boost the economy by EUR 415 billion per year and create hundreds of thousands of new jobs.
The number of undernourished people rose for the first time in over a decade in 2016 due to conflict and climate change, and more research is needed into how to increase the security of people’s food supply and manage migration, according to Cristina Amaral, Director of the FAO (UN Food and Agriculture Organisation) liaison office with the European Union and Belgium. She is due to speak about investing in food systems and rural development to change the future of migration on 16 October at the Harnessing Research and Innovation for FOOD 2030 conference in Brussels, Belgium.
We live in an era where open data can pave the way to a more sustainable, secure and safe food system, according to Dr Panagiotis Zervas, senior project manager at Agroknow, a company that finds, connects and delivers agricultural and food information worldwide.
Insects have to cope with a wide range of environmental factors in order to thrive – disease, drought and habitat changes. Scientists hope that studying insect biology and behaviour could help humans cope with problems from climate change to disease control, shift work and even jet lag.
Innovation should be taught as a subject in European schools, according to Tibor Navracsics, the EU’s Commissioner for Education, Culture, Youth and Sport, who says that education can be a defining factor in the life of young scientists.
Bugs have to cope with a wide range of environments in order to thrive.
Pan-European conference discusses the future of innovation in the EU.
Food insecurity leads to increased migration, says Cristina Amaral.