Tuesday, 16 July 2019


LEFT IN THE DARK – WHAT IS THE CHANCE OF A UK-WIDE  ELECTRICITY BLACKOUT?

In the middle of June, nearly 50 million people across South America were plunged into darkness after a massive power failure wiped out supplies across virtually all of Argentina, Paraguay and Uruguay.  Could something similar ever happen here in the UK and, if so, what’s likely to cause such a fundamental failure?

The source of the blackout was said to be an issue with two 500 kV transmission lines that disrupted electricity from the Yacyret√° hydroelectric plant.  Alleged system design flaws then turned what should have been merely a localised problem into a complete grid failure branded as “unprecedented” by Mauricio Macri, the President of Argentina. 

Our new investigation the Blackout report explores the likelihood of a UK-wide electricity network failure and what the consequences of such a severe incident could be. While data centres are probably as well-prepared as any business, with built-in redundancy and backup supplies in the form of UPS systems and generators, they certainly wouldn’t be immune to severe disruption.

We discovered that high-level contingency planning states that a complete power grid shutdown within the next five years is a 1-in-200 possibility. While very unlikely, there’s still a 1-in-240 chance that the average Brit will die in a road accident during the course of their lifetime, so it’s certainly not out of the question.

So, what are the biggest threats to the electricity supply here in the UK?

•             Climate Change & Extreme Weather

The top 10 hottest years recorded in the UK have taken place since 1990, while sea levels around the coast rise by 3mm a year as warm water expands and ice caps melt.
In the coming years, the effects of climate change mean we’re likely to experience more weather at the extreme ends of the spectrum – torrential rain, storm-force winds, scorching heatwaves and prolonged cold snaps.

Such weather events pose significant harm to the network.  Winds bring down trees that take out transmission lines. Floods damage crucial infrastructure and make it harder for engineers to fix faults.

There are numerous such examples of severe weather here in the UK: the Great Storm of October 1987; the 2013 St Jude Storm, which left 850,000 homes without power; winter floods caused by Storm Desmond in winter 2015-16.

We’re likely to experience far more of these sorts of incidents in the future.

•             Space Weather

“Space weather” collectively describes the series of phenomena originating from the Sun. These include asteroids, solar flares, meteors and geomagnetic storms.

Because of modern society’s reliance on GPS and other satellite signals, the potential impact of any space weather incident is huge – even a weak solar flare can knock satellites out of action.
The biggest ever incident of space weather recorded on Earth took place in 1859. Named after astronomer Richard Carrington, the Carrington Event was a massive magnetic storm that disrupted telegraph systems and electrical equipment.

Today, there’s a 1% annual probability for a repeat occurrence of such an event.
Back in 1989, a smaller storm took down the Hydro-Québec electricity network in Canada, leaving nine million people in the dark for up to nine hours.

•             Accidents & Systems Failures

There are a wide range of events that could fall under this category. It could be a component failure or software crash, basic human error, or accidental fires and explosions.

In reality, most of these incidents will produce an impact limited to a specific location. However, even these events could cause disruption to significant numbers of businesses, service and people.

•             Infrastructure Attacks

The threat of terrorism – in its many forms – is something the UK is all too familiar with. Various state and non-state agents could deliberately target a country’s power supplies using explosives or other means to destroy essential infrastructure such as transmission lines or electricity substations.

In recent years terrorists have carried out major attacks on energy infrastructure in places such as Algeria and Yemen while, this spring, anti-government forces were said to have taken out one of Venezuela’s hydroelectric plants, which contributed to a blackout that left 30 million residents without electricity.

•             Cyber-Attacks

You’re probably aware of the incident just before Christmas 2015, when Russian hackers used special malware to shut down 30 substations in Ukraine, leaving 250,000 people without electricity but did you know the network here in the UK was also compromised on 7 June 2017;  the day of the General Election?

While this spring saw the first USA case of electricity-related cyber hacking, with control systems of grids in California and Wyoming penetrated.

These days, it’s not just an elite band of state-sponsored hackers that pose a threat. Anyone armed with a laptop and a degree of know how could use high-grade malware to launch a potentially harmful attack. 

The UK’s energy network is shifting fundamentally to smart grids, while our day-to-day lives are dominated by supposedly ‘smart’ devices such as virtual assistants, smart phones, or energy meters.

These trends offer hackers many more vulnerabilities to exploit. Could hackers gain access to thousands – potentially millions – of smart devices, powering them up in the middle of the night when the grid isn’t prepared for such a power surge?  Or, more subtly, could incorrect data be fed back into smart grids, either inflating or understating the real demand for electricity?

The Blackout report is free to download from www.theblackoutreport.co.uk

Guest blog by Leo Craig, General Manager of Riello UPS Ltd



Tuesday, 15 January 2019

LOOK FORWARD TO 2019 BUT DON’T LOSE THE LESSONS OF THE PAST


At the beginning of every new year, it is the time for predictions and NTT Group have been sharing their thoughts on what will affect the business world over the next year or so (here).  In particular, they have focused on digital transformation and the impact this is having on how we work, live and play.

However, we mustn’t lose sight of the basics, as we build our resilient cyber defence architecture. The digital agenda is a pressing one for all businesses and one that they cannot afford to ignore – the customer is king and the General Data Protection Regulation (GDPR) puts increased pressures on the board to ensure that not only business data is secure but personal data too.

So, while we stand by our predictions, it is also advisable to reflect on some of the basics that we continually see overlooked by organisations as they try and protect their business from constantly evolving cyber threats:

1. Assess the baseline

With an increasing focus on “platforms”, it is crucial that this fits into a resilient cybersecurity architecture and to ensure efficiency in reducing potential threats and vulnerabilities. Performing a baseline assessment will ensure the correct security foundations are in place to help you get the best from your security investments.

2. Scan the environment 

One of the most important basic practices is vulnerability scanning but running a vulnerability scan on its own is not enough. The results should be analysed and assessed against your critical assets.  This approach ensures that risks are put in context and valuable resources are focused on mitigating the right risk.

3. Plan for a breach

Incident response plans are critical for minimising the impact of a breach. Complex cyber threats are difficult and time-consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. By having a well-defined plan, and testing it regularly, as well as recognising that security incidents will happen, organistions will be better prepared to handle incidents in an effective and consistent way.

4. Collaboration 

Most business recognise the shortage in cybersecurity skills and the industry as a whole is collaborating more. We work closely with our technology partners and industry and government bodies to share intelligence. We now focus on prediction and prevention to get ahead of the potential threats. Collaboration will allow businesses to actively manage the threats before it impacts them.

5. Support the basics 

Clearly it is now on the board’s agenda but we need to ensure that everyone is aware of the risks. It is everyone’s responsibility in our digital economy to be responsible for cybersecurity.  This is why we support training and education programmes to ensure that everyone supports the basics of cybersecurity.

6. Reduce the noise

There is the potential for huge amounts of data to be collated and analysed across the enterprise. Focus should be on the quality of this data and the reduction in false positives. Too often organisations are drowning under the wealth of un-actionable security data. Technologies aren’t configured correctly or are simply too complex to manage effectively. Configuring, tuning and managing the security technology either directly or through a trusted partner is also a basic requirement that many organisations are failing to master.
So, while we always start to look forward at this time of year, we should not lose the lessons of the past and ensure that we get the basics right.

About NTT Security:

NTT Security is the specialised security company and the centre of excellence in security for NTT Group.  With embedded security we enable NTT Group companies (Dimension Data, NTT Communications and NTT DATA) to deliver resilient business solutions for clients’ digital transformation needs.  NTT Security has 10 SOCs, seven R&D centres, over 1,500 security experts and handles hundreds of thousands of security incidents annually across six continents.

Guest Blog written by Garry Sidaway, SVP Security Strategy & Alliances, NTT Security