Power Outages – An attack on our Critical National Infrastructure?
****Updated 1855 hrs***** -Additional Assessment at the end.
****Further Updated 10 Aug 0845*****
What I am writing is purely speculative, it is one theory and will be described by some as a bit wacky, I have no problems with that because I hope it is, but it is an informed theory, informed by years of analysis and training that gut feeling. It has been informed by watching for unusual patterns and if they happen look for the most suspicious whilst hoping for the simple in explanations.
Listing only a few recent events we have had unexpected drone interference at Gatwick in December closing the airport for 36 hours, an unexplained Russian Flag draped over the scaffolding on Salisbury Cathedral and unexplained cyber-attack on Gatwick at the time of the drone incident.
More recently, in the past few days we have seen the baggage handling system at Heathrow Airport fail through IT issues, the BA checking in system fail through IT issues, signals out of Euston Station fail and now power outages across parts of the UK when there are no conditions that would cause a user surge demand.
We have the beginnings of a pattern and that pattern is disruption of elements of the UKs national infrastructure, its critical national infrastructure with its transport networks. We have had airports disrupted, airlines disrupted, rail networks disrupted and with the traffic light systems in London suffering, now our roads disrupted.
It is very easy to shrug these incidents in isolation off and but look at them together and plot them out a pattern emerges. I have spoken with the National Cyber Security Centre (NCSC) part of the governments spy agency GCHQ and they stated that, “The Heathrow Baggage, BA check in and Euston signalling issues were not as they are aware caused by cyber incidents.”
However, this-evenings power cuts have affected airports, traffic lights and the railway network leaving some without electricity.
UK Power Networks tweeted on Friday evening: ‘We’re aware of a power cut affecting large parts of London and South East. We believe this is due to a failure on National Grid’s network, which is affecting our customers.’
Having spoken again to the NCSC, their press office was frantically busy at 6pm on a Friday! Another potential indicator. I will keep this blog updated as new information is received.
However, I do believe there is evidence in some of these incidents of deliberate hostile or rogue state action in the UK. The most recent state openly blamed for an incident in the UK was Russia for its use of Novichok nerve agent in Salisbury last year.
(New) The latest power outage incident has been assessed by the NCSC as not Cyber related, but the question remains how vulnerable is our CNI if it is creaking to this degree through other reasons? Comment: It is probable that this incident isn’t cyber related but on the other hand if it were and the Government wanted to keep it quiet from the public, the NCSC statement would be as issues. However, it is too easy to be overly machiavellian. Comment Ends.
(New 2) Now that the power is back on the power regulator Ofgem has asked for an “urgent details report” to find out what went wrong. Last night Julian Leslie, Head of National Control at National Grid ESO did a quick Twitter Vlog to try and explain what happened. However, all he said was how when two generators (power company speak for whole power stations!) went off line simultaneously the ” system protected itself by losing some demand,” the grid did what it should do and shut parts of itself down. He made no comment on what caused two completely different, geographically separated powers stations to fail at exactly the same time. All of the official commentary avoids that question. In addition the two “generators” were brought back online relatively quickly suggesting this wasn’t a mechanical failure but electronic or control.
We have to look at a few issues here to keep what I admit freely is an unlikely scenario alive, but the questions still have to be asked. Would a hostile state actor have the capability and the intent and with that why?
In June the BBC reported, “Russia has said it is “possible” that its electrical grid is under cyber-attack by the US. Kremlin spokesman Dmitry Peskov said reports that US cyber-soldiers had put computer viruses on its electrical grid was a “hypothetical possibility”. His comments came in response to a New York Times (NYT) story which claimed US military hackers were targeting Russian power plants.“
That same month Wired reported, “Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks.” Those sophisticated hackers were linked to the Russian Government.
So a ‘hostile’ state has the capability and seemingly the intent to carry out action in the UK (the Skripal attack and I personally suspect Gatwick disruption). Why now? We are in a period of political turmoil with a new Prime Minister with a majority of only one in Parliament, the looming no deal BREXIT anxiety and a very left leaning opposition and a country still smarting over its outing for the Skripal attack. So why not? It is a Russian tactic to “stir the pot”. The 2007 Cyber attacks by Russia shutting Estonia down for a protracted period are a perfect example and there have been many more since.
So, it is important to ask wast it a hostile state? Even though the probable answer is no. The real positive that came out of this is if it were a hostile state action, it was defeated very quickly and normality restored so our defensive processes clicked in quickly. But that is only a positive if it were a cyber attack.
Note: This blog is written by Philip Ingram MBE, a former British Military Intelligence Officer and now journalist who has served in the Gulf. If you would like any further comment from Philip, please contact him by clicking HERE
Finally a bonus – a Tin Foil Hat Podcast done with The People Hacker – Jenny Radcliffe:
It is very rare I pick up a book and go WOW, especially when it is one talking about cyber security, digits and packets, computers and of course spying.
INTERCEPT by Gordon Corera, the Security Correspondent for BBC News is in my humble opinion a masterpiece and essential reading for anyone involved in cyber security, information security, computer networks, intelligence, information and spying. It is the background and history that provides an easily readable foundation on which all of those disciplines are built from. In essence, again in my humble opinion as a cyber commentator and ex spook, if you haven’t read this book you can’t do your job properly.
Gordon Corera starts on 5thAugust 1914 where he introduces Superintendent Bordeaux and his two messages giving him a mission onboard a ship called The Alert and the first offensive action of World War 1, and that action was around information. Read the book for the rest of the story.
If you think you know your computer history and didn’t realise that in 1929 the UK War Office had a Computer Class 2 for the ‘calculation of projectiles in artillery fire’, then your computer history is missing something. That computer was called Kathleen.
Jump forward to the 1940’s and the importance of Dollis Hill in London, in the fight to crack the Enigma code is explained. He mentions Bletchley Park and elsewhere.
Without actually mentioning it Corera gives a detailed history of how the “Special Relationship” with the USA was formed and how over the years it has developed, strengthened and become interdependent. He more than hints at why it will always be there in the modern internet age.
What really struck me was when he quickly came into the modern age, events, dates, people I recognise and can remember reading about or listening to. 1988 was only a couple of years ago? Right? But what is extremely well explained is how systems were designed with no security and how foreign powers late to the game managed to leapfrog themselves into networks.
He explains in detail about “The Cell” in Banbury in Oxfordshire and it is clear he has visited the List X facility, working at high levels of classification, created by BT, overseen by GCHQ behind multiple access controls and paid for by Huawei. If you didn’t know the detail yet had an opinion on Huawei around current political statements, then your opinion is not properly informed.
INTERCEPT was first published in 2015, before the current Huawei spat started. Examination of how nation states approach intelligence and the technologies supplied from national manufacturers to the international market is at the core of many of the developments discussed throughout the book.
Having just finished reading INTERCEPT, I have started it again, this time with highlighter in hand as it is full of fantastic quotes and examples illustrating every aspect of the modern cyber challenge. INTERCEPT is a must for the Cyber and spying community. I can’t recommend it more highly.
Philip Ingram MBE is a former British Military Intelligence Officer who has walked the corridors of “The Doughnut” and been involved in many cases where the expertise gained through some of the examples in this book have helped enormously.
Please visit ‘contact us’ if you want further comment from Philip and visit the link below to buy INTERCEPT from AMAZON.co.uk.
I was fortunate to be invited to a very closed briefing and discussion with the British Army’s Commander Field Army, Lieutenant General Ivan Jones, on Tuesday with only one other defence commentator Lincoln Jopp.
We had a good 90+ minute of two on one time discussing the rebalancing detailed in the press release below, including the reformations of the Army’s 6th Division. The real challenges in delivering an Army capability to meet current threats, most of which are well below the threshold of war fighting or where you would see traditional military capabilities intervening.
It is not the final answer as to what is needed as that requires not just an Army approach but a whole defence approach and with the new Secretary of State for Defence, Ben Wallace, being a veteran and the longest serving Security Minister proper to his current appointment, we have a minister who understands.
General Ivan was clear that this was a journey for the Army, starting with small adaptive steps enabling a better cycle of rebalancing for the future as threats evolve and develop. He was also clear that his remit was and could only be focused on the Army only.
The rebalancing, within current assets is a very necessary start emphasising the importance of capabilities that were closely held before in an organisation, not formation, called Force Troops. Grouping them into a formation with an identity and history puts them on the same footing as other elements and that is the first win in a psychological and information battle to recognise their value.
It also recognises the vital importance of maintaining a Division focused on high intensity armoured warfighting, 3rd Division, which I emphasised was the Army’s strategic capability as it kept the UK able to fight at the highest intensity with an Armoured Divisional formation alongside the Americans. No other NATO nation can do this.
With the 1st Division providing much of the capabilities needed to meet all of the tasks that develop on a regular basis around the globe, emphasising the Army’s contribution to the UKs P5 responsibilities and global reach, 6th Division can support those daily operations whilst contributing to the countering of more asymmetric attacks happening on a daily basis.
This restructuring is not the answer to everything and nor will or can it meet all current threats, but it is the first step in a journey and that first step gives a series of capabilities a Divisional command and control structure akin to the other capability providing divisions, and for the new division with psychological warfare in its structure, that rebranding is important in influencing future Army force development.
The Press Release from an earlier press update is here:
Army restructures to confront evolving threats The Army has outlined its plans to rebalance the Field Army to ensure that it can compete with and defeat adversaries both above and below the threshold of conventional conflict. Lt Gen Ivan Jones, Commander Field Army (CFA), has described plans for rebalancing his command which will see changes to the structure of the Field Army’s primary formations. Lt Gen Ivan Jones, Commander Field Army said: “The character of warfare continues to change as the boundaries between conventional and unconventional warfare become increasingly blurred.
The Army must remain adaptable and evolve as a fighting force. The three complementary British Army Divisions harness the wide range of British Army capabilities, providing choice to the Government in defence of the UK’s interests. Whilst retaining its operational focus, the intention is to rebalance the Army’s formations in order to meet the challenges of constant competition and maintain its high-end warfighting capability. Lt Gen Jones added: “The Field Army must build on the strong foundation of the 3rd Division’s world class warfighting force. 1st Division provides specialist soldiers and equipment to develop other nations’ armies, deal with disaster and humanitarian crises worldwide and enable our warfighting division. 6th Division focuses on Cyber, Electronic Warfare, Intelligence, Information Operations and unconventional warfare through niche capabilities such as the Specialised Infantry Battalions. “The speed of change is moving at a remarkable rate and it will only get faster and more complex.” This change will be integrated within broader Defence, national and alliance efforts and enable the Field Army to operate and fight more effectively above and below the threshold of conflict.
The Field Army rebalancing is part of the Army’s response to the emerging Defence thinking and will create a Field Army of integrated, interdependent and complementary formations from 1 Aug 2019. 1st (United Kingdom) Division (1 (UK) Div) with its blend of lighter infantry, logistics, engineers and medics will provide more strategic choice and a range of capabilities, conducting capacity building, stabilisation operations, disaster relief and UK resilience operations. It will include: 4th (Infantry) Brigade, 7th (Infantry) Brigade, 11th (Infantry) Brigade, 51st (Infantry) Brigade, 8th Engineer Brigade, 102nd Logistic Brigade, 104th Logistic Brigade, 2nd Medical Brigade; 3rd (United Kingdom) Division (3 (UK) Div) will remain as the Army’s primary armoured warfighting force comprising: 1st Armoured Infantry Brigade, 12th Armoured Infantry Brigade, 20th Armoured Infantry Brigade, 1st Artillery Brigade, 101st Logistic Brigade, 25th Engineer Group, 7th Air Defence Group; 6th (United Kingdom) Division. The re-designation of Force Troops Command (FTC) to 6th (United Kingdom) Division (6 (UK) Div) will provide the Army’s asymmetric edge , orchestrating Intelligence, Counter-Intelligence, Information Operations, Electronic Warfare, Cyber and unconventional warfare. 6 (UK) Div will include: 1st Signal Brigade, 11th Signal Brigade, 1st Intelligence Surveillance and Reconnaissance Brigade, 77th Brigade and the Specialist Infantry Group.
There will be no changes to personnel numbers, resourcing, cap badges or locations. 1st August marks the rebirth of a Division which served throughout the First World War and during the Second War. More recently, 6 (UK) Div was formed between 2008-2011 and deployed to Afghanistan as Headquarters Regional Command (South).
Analysis was provided by Philip Ingram MBE a former Colonel in the British Army and an Intelligence and planning expert. If you would like any further comment from Philip, please contact him by clicking HERE