Power Outages – An attack on our Critical National Infrastructure?

Power Outages – An attack on our Critical National Infrastructure?

Power Outages – An attack on our Critical National Infrastructure?

****Updated 1855 hrs***** -Additional Assessment at the end.

****Further Updated 10 Aug 0845*****

What I am writing is purely speculative, it is one theory and will be described by some as a bit wacky, I have no problems with that because I hope it is, but it is an informed theory, informed by years of analysis and training that gut feeling. It has been informed by watching for unusual patterns and if they happen look for the most suspicious whilst hoping for the simple in explanations.

Listing only a few recent events we have had unexpected drone interference at Gatwick in December closing the airport for 36 hours, an unexplained Russian Flag draped over the scaffolding on Salisbury Cathedral and unexplained cyber-attack on Gatwick at the time of the drone incident.  

More recently, in the past few days we have seen the baggage handling system at Heathrow Airport fail through IT issues, the BA checking in system fail through IT issues, signals out of Euston Station fail and now power outages across parts of the UK when there are no conditions that would cause a user surge demand. 

We have the beginnings of a pattern and that pattern is disruption of elements of the UKs national infrastructure, its critical national infrastructure with its transport networks.  We have had airports disrupted, airlines disrupted, rail networks disrupted and with the traffic light systems in London suffering, now our roads disrupted.

It is very easy to shrug these incidents in isolation off and but look at them together and plot them out a pattern emerges. I have spoken with the National Cyber Security Centre (NCSC) part of the governments spy agency GCHQ and they stated that, “The Heathrow Baggage, BA check in and Euston signalling issues were not as they are aware caused by cyber incidents.”

However, this-evenings power cuts have affected airports, traffic lights and the railway network leaving some without electricity. 

UK Power Networks tweeted on Friday evening: ‘We’re aware of a power cut affecting large parts of London and South East. We believe this is due to a failure on National Grid’s network, which is affecting our customers.’

Having spoken again to the NCSC, their press office was frantically busy at 6pm on a Friday! Another potential indicator. I will keep this blog updated as new information is received. 

However, I do believe there is evidence in some of these incidents of deliberate hostile or rogue state action in the UK. The most recent state openly blamed for an incident in the UK was Russia for its use of Novichok nerve agent in Salisbury last year.

(New) The latest power outage incident has been assessed by the NCSC as not Cyber related, but the question remains how vulnerable is our CNI if it is creaking to this degree through other reasons? Comment: It is probable that this incident isn’t cyber related but on the other hand if it were and the Government wanted to keep it quiet from the public, the NCSC statement would be as issues. However, it is too easy to be overly machiavellian. Comment Ends.

(New 2) Now that the power is back on the power regulator Ofgem has asked for an “urgent details report” to find out what went wrong. Last night Julian Leslie, Head of National Control at National Grid ESO did a quick Twitter Vlog to try and explain what happened. However, all he said was how when two generators (power company speak for whole power stations!) went off line simultaneously the ” system protected itself by losing some demand,” the grid did what it should do and shut parts of itself down. He made no comment on what caused two completely different, geographically separated powers stations to fail at exactly the same time. All of the official commentary avoids that question. In addition the two “generators” were brought back online relatively quickly suggesting this wasn’t a mechanical failure but electronic or control.

We have to look at a few issues here to keep what I admit freely is an unlikely scenario alive, but the questions still have to be asked. Would a hostile state actor have the capability and the intent and with that why?

In June the BBC reported, “Russia has said it is “possible” that its electrical grid is under cyber-attack by the US. Kremlin spokesman Dmitry Peskov said reports that US cyber-soldiers had put computer viruses on its electrical grid was a “hypothetical possibility”. His comments came in response to a New York Times (NYT) story which claimed US military hackers were targeting Russian power plants.

That same month Wired reported, “Over the past several months, security analysts at the Electric Information Sharing and Analysis Center (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets, apparently looking for entry points into their networks.” Those sophisticated hackers were linked to the Russian Government.

Further capability and examples are covered in great detail in Gordon Corera’s fantastic book INTERCEPT reviewed here: https://greyharemedia.com/intercept-by-gordon-corera/

So a ‘hostile’ state has the capability and seemingly the intent to carry out action in the UK (the Skripal attack and I personally suspect Gatwick disruption). Why now? We are in a period of political turmoil with a new Prime Minister with a majority of only one in Parliament, the looming no deal BREXIT anxiety and a very left leaning opposition and a country still smarting over its outing for the Skripal attack. So why not? It is a Russian tactic to “stir the pot”. The 2007 Cyber attacks by Russia shutting Estonia down for a protracted period are a perfect example and there have been many more since.

So, it is important to ask wast it a hostile state? Even though the probable answer is no. The real positive that came out of this is if it were a hostile state action, it was defeated very quickly and normality restored so our defensive processes clicked in quickly. But that is only a positive if it were a cyber attack.

Note: This blog is written by Philip Ingram MBE, a former British Military Intelligence Officer and now journalist who has served in the Gulf. If you would like any further comment from Philip, please contact him by clicking HERE

Finally a bonus – a Tin Foil Hat Podcast done with The People Hacker – Jenny Radcliffe: