Elements of the UK’s critical national infrastructure seems to have been creaking recently. We have seen the baggage handling system at Heathrow break down, the BA check-in IT system fail, signals out of Euston station fail and then two power generating stations fail almost simultaneously at rush hour on a Friday causing chaos in hospitals, with traffic lights, on the rail networks and in airports. These incidents were not thought to be connected and the power generator failure was put down to near simultaneous lightening strikes at two geographically separated facilities designed to withstand such natural events.
Luckily all of the events were short lived but the disruption for thousands of people was disconcerting. One thing in common between Heathrow, Euston Station, BA, the power generators and the national grid, is that they all started detailed investigations into what happened.
In June, the BBC reported, “Russia has said it is “possible” that its electrical grid is under cyber-attack by the US.” Kremlin spokesman Dmitry Peskov said to the NY Times. That same month Wired reported, “Over the past several months, security analysts at the Electric Information Sharing and Analysis Centre (E-ISAC) and the critical-infrastructure security firm Dragos have been tracking a group of sophisticated hackers carrying out broad scans of dozens of US power grid targets.” Those sophisticated hackers were allegedly linked to the Russian Government.
In December 2018, Gatwick Airport was closed for 36 hours through, according to Superintendent Justin Burtenshaw the commander of the police force at Gatwick, “multiple simultaneous drone incursions.” This was just after a very sophisticated cyber-attack on the airport.
The power outage incident was assessed as not cyber related, by the National Cyber Security Centre (NCSC), and they added, “the Heathrow Baggage, BA check in and Euston signalling issues were not, as we are aware caused by cyber incidents.” They then said, “we have not attributed blame for the Gatwick incident yet.”
The incidents described suggest a pattern and any developing pattern warrants further investigation to see if they are linked or more likely are a series of unrelated one-off incidents.
The one thing that is clear is that internal investigations trying to get to the bottom of the causes of the various incidents have the possibility that they could identify some form of negligent or possibly malicious activity. The question is where the investigation should start and where could it end up. The power outages investigation will start with the national grid, include the companies running the generators who will likely need to run their own but could, in the unlikely event, the outage was through malicious activity need to be passed to the police or if it were through human error, lead to HR action that may be tested at an employment tribunal.
“The credibility of any investigation is based on the integrity of the evidence, the audit trail and the ability to retain all of the relevant data in a complex digital age. These are the basics any court, tribunal or regulatory body will require,” says Mick Creedon, the former Chief Constable of the Derbyshire Constabulary and no stranger to complex investigations. “I am very impressed with the way Altia-ABM Smartcase allows disparate elements of complex investigations, whatever their origin or subject, to be brought together in a way that meets the highest standards of data integrity,” he added.
Hopefully Smartcase is being used throughout the investigations into the infrastructure issues. I have no doubt they will result in some form of action that could be challenged legally.