Czechia has not faced grave cyberattack on infrastructure-report

CTK

The Czech Republic has not yet faced a sophisticated cyberattack on its critical information infrastructure, the Czech National Cyber and Information Security Agency (NUKIB) said in its 2018 report today that is to be addressed by the government next week. The document states, however, that the NUKIB cannot exclude the possibility of such attacks occurring in the future.

By critical state infrastructure, Czech directives mean the networks and services crucial for the security of the country, the functions of the state and the basic everyday needs of its citizens - hospitals, transportation, energy utilities and management, airports, the firefighter service, mobile network operators, information and economic systems.

If these infrastructure systems were to be disrupted, it would hamper the state's capability to provide services like electricity, water and heating utilities or its ability to defend its territory in case of a conventional attack.

The NUKIB said concentrated attacks that target critical infrastructure bear several specific characteristics. "The attackers are active within the system for long periods of time in order togather crucial information. Their end-goal usually consists of gathering sensitive data or taking over industrial control systems of particular elements of a state's critical infrastructure," the NUKIB report said.

By infecting control systems with malicious code, the attackers can then direct the infected element, putting it out of service or, in extreme cases, inflict physical damage and losses of life.

NUKIB states that critical infrastructure is a favourite target, but the preparations for an attack against it are difficult.

"That is why these attacks stay in the domain of national states or in the hands of groups sponsored by them. Paralysing one or more elements can inflict serious damage on the targeted state and that damage can be strategically advantageous for the attackers," NUKIB said.

For example, NUKIB warns about the security of smart electro meters that automatically send information about energy usage. If these devices can be made to disconnect people who have not paid for their utilities, having inadequate security means that hackers can also use them to induce mass outages.

"The manufacturers of such devices should focus on adequate security in order to make the threat of a cyberattack as small as possible," the agency said.

sinfin.digital