Collaboration on Critical National Infrastructure Cybersecurity Key to Minimising UK Economic Risk According to New Study
- New study by University of Cambridge Centre for Risk Studies and Lockheed Martin estimates the economic impact of a sustained cyberattack on UK critical infrastructure
A significant cyberattack across the UK’s critical national infrastructure could have far-reaching and significant economic impacts for Britain according to a study carried out by the Cambridge Centre for Risk Studies at the University of Cambridge Judge Business School.
The report, developed in conjunction with Lockheed Martin, Integrated Infrastructure: Cyber Resiliency in Society, models the potential impact of a coordinated and sustained cyberattack on one of the UK’s regional power distribution networks and the likely short and long term costs to the UK economy.
Global SaaS-based IT Security Market 2016-2020
The report outlines a fictional scenario in which a cyberattack is executed by a disgruntled employee of a distribution network operator with the backing of a nation-state adversary. Disruption is achieved by installing rogue hardware in a minimum of 65 vulnerable substations in South East England (this attack footprint is expanded to 95 and 125 substations in increasingly extreme variants of the scenario). This rogue hardware empowers the cyber adversaries to trigger rolling blackouts across the region during the winter season, shutting down parts of the London area and impacting all aspects of the UK economy.
Justin Walker, vice president for Lockheed Martin’s Information Systems business in the UK and Europe, outlined: “As our critical national infrastructure becomes increasingly interconnected, the risk and cost of a potential cyberattack gets exponentially larger each and every day. Through increased collaboration, government, industry, regulators, and the wider technology industry all have a role to play ensuring the UK economy is resilient to cyberattack.”
Simon Ruffle, Director of Technology and Innovation at the University of Cambridge’s Centre for Risk Studies added: “By better understanding and quantifying the consequences, both economic and societal, of a severe cyber hazard on our country’s critical infrastructure, we underline the level of responsibility amongst each of the key stakeholders in this value chain. Through hyper-connectivity, we have created fantastic opportunities for smarter infrastructure use that also bring with them a complex set of cyber risks for the foreseeable future.”
The researchers at Cambridge Centre for Risk Studies consulted widely with stakeholders across the UK power industry as well as government and industry regulators throughout this study. The report does not predict an attack or seek to expose weaknesses in the power grid but rather present likely conclusions that are representative of the impact of the scenario.
Key findings from the report include:
By modelling a sustained and coordinated cyberattack on the power distribution network in South-East England, the report underlines the subsequent impact for other key industry sectors including Financial and Professional Services, Retail, Construction, Transportation, Education and Health. In the most conservative scenario, the immediate impact to the UK’s economic output is £12 billion, with the five year GDP impact of £49 billion. In the most severe case, these figures increase to £85 billion and £442 billion respectively. In the latter case, this represents approximately 2.3% of the UK’s GDP over the period.
- Scenario variants and rectification timescales range from rapid response (3 weeks until full power restoration), average response (6 weeks restoration) and slow response in the most extreme scenario (12 weeks restoration).
- In the most conservative scenario an estimated 9 million people are hit by the blackouts, 800,000 individual train journeys and 150,000 air passenger tickets are impacted daily. In the most extreme scenario these impact rises to 13 million affected, with 1 million and 330,200 rail and air travel tickets cancelled.
- Economic losses are in the range of £12 billion to £85 billion across the scenario variants with the overall five year GDP impact (GDP@Risk – the expression of potential GDP lost in the scenario when compared to the baseline economic forecast) ranging from £49 billion to £442 billion.
- Financial Services (£1.3 billion losses in the standard scenario), Retail (£1.3 billion), Real Estate (£1.2 billion) and Professional Services (£1 billion) are the most significantly affected industries in terms of immediate economic losses. The remaining £7.2 billion in losses is spread over another 19 industry sectors.
Source : Lockheed Martin Corporation (NYSE: LMT) - view original press release