Over a third of UK’s critical infrastructure organisations left open to cyber attacks

39% of the organisations that make up the UK’s national critical infrastructure – including police forces, fire services, healthcare organisations and energy suppliers – have not completed the government’s basic cybersecurity standards, leaving them potentially open to attacks.

The revelation, which was the result of a series of Freedom of Information (FOI) requests by cybersecurity provider Corero Network Security to 338 critical infrastructure organisations. Of the 163 that complied with the request, 63 admitted to failing to complete the UK government’s 10 Steps to Cyber Security programme.

Given the potential for damage – and even in some cases, loss of life – that comes with an cyber attack on a police force, hospital or fire service, this raises serious concerns about how prepared the UK’s critical infrastructure is for an attack.

“Cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society,” said Sean Newman, director of product management, Corero. “These findings suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats.”

A summary of the 10-step guide. Image courtesy of GCHQ. Featured image courtesy of Tim Peake

The UK government’s 10 Steps to Cyber Security programme was developed by GCHQ to provide a simple and clear guide for organisations to follow to ensure they are adequately protecting themselves from cyber attacks.

Originally published in 2012, it is used by two thirds of the FTSE350 – the country’s 350 largest companies – and was re-issued in 2015 alongside an additional document for businesses.

Covering technology and employee management, it includes steps such as user education and awareness, controls for removable media and the establishment of network security.

Many organisations will already follow some of these steps, but others remain under-followed, leaving critical infrastructure exposed.

Healthcare organisations, particularly NHS trusts, are at significant risk, despite already suffering a devastating attack earlier in the year

There have, of course, already been successful attacks on critical infrastructure, with the WannaCry attack crippling NHS systems earlier this year.

However, this does not seem to have resulted in dramatic improvements in security efforts, as 42% of the NHS trusts who responded to the FOI requests had not completed the programme.

As a result, it is likely that we will see more attacks on critical infrastructure providers in the future, potentially putting people and the UK economy at risk.

HD quantum encryption gets a step closer to everyday use with world’s first urban trial

Researchers have sent a message secured with high-dimension quantum encryption through the air above a city for the first time in history, bringing practical use of the technology a step closer.

Using photons to encode information, quantum encryption is increasingly being explored as an ultra-secure method of sending information. However, previous real-world tests have only been focused around 2D encryption, where a single photon only encodes one bit: a single one or zero. As a single letter needs eight bits, this severely limits the amount of information that can be sent.

High-dimension quantum encryption, however, allows numerous bits to be stored in each photon, allowing greater quantities of data to be sent, and making it a far more practical option for real-world use.

But as the real world contains considerable ‘noise’ from turbulent air, failed electronics and even attempts by third parties to intercept the data, it is important to demonstrate HD quantum encryption works in an urban setting.

“Our work is the first to send messages in a secure manner using high-dimensional quantum encryption in realistic city conditions, including turbulence,” said research team lead, Ebrahim Karimi, from the University of Ottawa, Canada.

“The secure, free-space communication scheme we demonstrated could potentially link Earth with satellites, securely connect places where it is too expensive to install fiber, or be used for encrypted communication with a moving object, such as an airplane.”

The research, which is published today in the journal Optica, involved sending HD quantum-encrypted data over the city of Ottowa, Canada, over a distance of 0.3km.

The data, which was sent between two buildings at the university, was secured using 4D quantum encryption. This is named as such because each photon encodes two bits of information instead of one, resulting in four distinct possibilities: 01, 10, 00 or 11.

4D quantum encryption is important not only for its ability to send more data on the same number of photons, but because it is also more resistant to noise, making it more practical for real-world conditions.

“This higher noise threshold means that when 2D quantum encryption fails, you can try to implement 4D because it, in principle, is more secure and more noise resistant,” said Karimi.

The messages, which were sent between to rooftops, demonstrated an error rate of 11%, which is considered a key success as it is comfortably below the widely recognised threshold of 19% that is needed to keep a secure connection.

The researchers also found that 4D encryption enabled 1.6 times more information to be sent per photon than 2D encryption.

Image courtesy of SQO team, University of Ottawa

While the research is promising, there is undoubtedly still a long way to go before quantum encryption can be used for commercial applications.

Next the researchers plan to implement their 4D encryption into a network of three links, located 5.6km apart. In the long term, this will be linked into an established network within the city, to further test the use of the technology,

“Our long-term goal is to implement a quantum communication network with multiple links but using more than four dimensions while trying to get around the turbulence,” explained Alicia Sit, an undergraduate student in Karimi’s lab.