A significant cyberattack across the UK’s critical national infrastructure could have far-reaching and significant economic impacts for Britain according to a study carried out by the Cambridge Centre for Risk Studies at the University of Cambridge Judge Business School.
The report, developed in conjunction with Lockheed Martin, Integrated Infrastructure: Cyber Resiliency in Society, models the potential impact of a coordinated and sustained cyberattack on one of the UK’s regional power distribution networks and the likely short and long term costs to the UK economy.
The report outlines a fictional scenario in which a cyberattack is executed by a disgruntled employee of a distribution network operator with the backing of a nation-state adversary. Disruption is achieved by installing rogue hardware in a minimum of 65 vulnerable substations in South East England (this attack footprint is expanded to 95 and 125 substations in increasingly extreme variants of the scenario). This rogue hardware empowers the cyber adversaries to trigger rolling blackouts across the region during the winter season, shutting down parts of the London area and impacting all aspects of the UK economy.
Justin Walker, vice president for Lockheed Martin’s Information Systems business in the UK and Europe, outlined: “As our critical national infrastructure becomes increasingly interconnected, the risk and cost of a potential cyberattack gets exponentially larger each and every day. Through increased collaboration, government, industry, regulators, and the wider technology industry all have a role to play ensuring the UK economy is resilient to cyberattack.”
Simon Ruffle, Director of Technology and Innovation at the University of Cambridge’s Centre for Risk Studies added: “By better understanding and quantifying the consequences, both economic and societal, of a severe cyber hazard on our country’s critical infrastructure, we underline the level of responsibility amongst each of the key stakeholders in this value chain. Through hyper-connectivity, we have created fantastic opportunities for smarter infrastructure use that also bring with them a complex set of cyber risks for the foreseeable future.”
The researchers at Cambridge Centre for Risk Studies consulted widely with stakeholders across the UK power industry as well as government and industry regulators throughout this study. The report does not predict an attack or seek to expose weaknesses in the power grid but rather present likely conclusions that are representative of the impact of the scenario.
Key findings from the report include:
By modelling a sustained and coordinated cyberattack on the power distribution network in South-East England, the report underlines the subsequent impact for other key industry sectors including Financial and Professional Services, Retail, Construction, Transportation, Education and Health. In the most conservative scenario, the immediate impact to the UK’s economic output is £12 billion, with the five year GDP impact of £49 billion. In the most severe case, these figures increase to £85 billion and £442 billion respectively. In the latter case, this represents approximately 2.3% of the UK’s GDP over the period.
Source: Lockheed Martin Corporation (NYSE: LMT)
Date: Apr 12, 2016