SPECIAL REPORT | CYBERTHREAT SOLUTION


Cyberthreats need continual vigilance


Nuclear industry organisations should look to invest in cyber defence even if there appears to be a lull in attacks. They should also be prepared for the event of a successful attack given that preparation provides a paper trail for regulatory authorities


Janet Wood


Expert author on energy issues


THE MOMENTUM AND DYNAMIC OF cyberattacks underwent a period of change in 2022 which constituted a notable shift from the picture developing over more recent years, when cyberattacks had been on the constant increase.” This is according to lawyer Julia Varley of Pinsent Masons, which saw a fall in the number of instructions to advise on cyber incident response in the first six months of last year. However, far from allowing for complacency, Varley was illustrating the changing nature of the threat. Pinsent Masons, says it is possible that Russia’s invasion of Ukraine and the on-going conflict there drew the attention of cyber criminals away from ordinary businesses in the first half of 2022. She said in an online article that, “The decrease in activity generally coincided with the early stages of the Russian invasion of Ukraine; one theory being that this was caused by cyber criminals shifting to focus on targeting opposing national infrastructure rather than for financial gain.” It is notable that against the backdrop of European conflict, the UK Information Commissioner’s Office (ICO) still said that its data showed that the greatest proportion of cyber incidents arose after data was emailed to an incorrect recipient and so-called ‘phishing’ is still the most common technique cyber criminals use to initiate attacks. Other


types of attacks that have assumed a higher profile recently are ransomware attacks (see box), but these have prompted action from companies and as Varley said: “No doubt in response to the high profile proliferation of ransomware and other debilitating cyberattacks on businesses over the past few years, we have noted a very significant increase in the number of organisations proactively seeking to improve their cybersecurity posture, both technically and from an incident response capability. “ The need for companies to be prepared to respond to


a cyberattack was one of the key messages in a the ‘2022 Civil Nuclear Cyber Security Strategy’, an update of an earlier strategy produced in 2017 by the UK government (the Department for Business, Energy and Industrial Strategy, or BEIS) and the UK civil nuclear industry. The strategy is clear that cyber security requires


investment, resource and commitment from senior leadership because it means business change. It says nuclear sector organisations would need to dedicate 5-10% of their annual organisational change capacity to cyber to deliver the strategic outcomes. It says this is critical “as the outcomes cannot be achieved by security teams alone but need active support from all areas of each business”.


Above: Cyber criminals have continued to shift tactics and the nuclear industry must actively respond 16 | March 2023 | www.neimagazine.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45