A flurry of cybersecurity contacts from UK critical national infrastructure (CNI) providers – including one granted with “extreme urgency” – show the emphasis utilities are placing on improving their security capabilities, as government and private sector concerns mount about the potential for a crippling cyberattack on CNI and HMG launches the new National Protective Security Authority (NPSA) to help protect businesses.
This week alone saw Wales & West Utilities – one of the UK’s five main gas distribution network providers which operates 35,000 kilometres of gas pipes running from North Wales to Cornwall – sign a three-year operational technology (OT) discovery contract with Claroty, which was negotiated without a prior call for competition, owing to “extreme urgency brought about by events unforeseeable for the contracting entity.”
See also: The British gov’t has identified “previously unknown CNI systems”
Wales & West Utilities said March 15: “[We are] required to comply with the requirements of the NCSC Cyber Assessment Framework (CAF) [by December 2023]. This includes maintaining high visibility and awareness of the operational technology assets present throughout our network, the communication paths between them, and having the ability to quickly detect changes and potential vulnerabilities in this environment.”
It was not immediately clear whether the “extreme urgency” was brought about by a cyber incident or regulatory demands being brought forwards; The Stack has asked the company for further information.
CNI cybersecurity contracts
At recent security conferences attended by The Stack, the CNI cybersecurity has been a key talking point among both CISOs and vendors; both the Colonial Pipeline (US) and South Staffordshire (UK) water utility ransomware attacks focused minds and the geopolitical fallout from Russia’s invasion of Ukraine has further raised concerns of spillover attacks by state-sanctioned cybercrime groups or other disruptors.]
The UK’s National Grid was another company planning major cybersecurity investment this week.
It is planning to spend £15 million with a strategic partner (or three) who will provide:
- SIEM (Security Information and Event Management)
- SOAR (Security Orchestration, Automation, and Response)
- TIP (Threat Intelligence Platform)
See also: Hey hackers! Grab some hardcoded Siemens crypto keys and go wild
“We have a strong preference towards vendors who can provide a hybrid architecture whereby infrastructure is split between on-premise and cloud. The required solution will integrate with internal IT infrastructure and external vendors of National Grid. Vendors will be expected to demonstrate how they can effectively integrate with other tooling in the environment. In addition to the software and hosting service, we will be looking for a robust plan around the operations support models available” National Grid said on March 15.
A full contract notice is expected to go live on 10 April 2023.
The company is also looking for a provider of “deception technologies” that could include honeypots, honeytokens (false credentials etc.) and deception networks, which it describes as “false networks that mimic production networks to gather intelligence on attacker activities and deflect their efforts away from the production network” as well as “deception documents: false documents designed to appear sensitive or valuable.”