National Grid plots ‘honeypots’ to catch hackers as cyber attacks ramp up

Infrastructure provider advertises contract of more than a million pounds for advanced technology

National Grid is to set “honeypots” and plant false documents online as part of efforts to counter a surge in cyber attackers.

The Grid has advertised a contract worth more than a million pounds to secure advanced cyber “deception” technology to help improve its digital defences.

The London-listed infrastructure provider, which runs Britain’s electricity network and supplies millions of customers in New York and Massachusetts, is seeking security experts who can deploy so-called “honeypots” or “honeytokens” to lure would-be attackers.

A “honeypots” is a cyber security term for decoys used to trick hackers so they can be observed and blocked from systems.

Covertly monitoring how potential attackers approach can help organisations to improve their defence.

The Grid’s contract suggests techniques may include planting “false documents designed to appear sensitive or valuable” online to entice hackers.

The sophisticated defence strategy comes amid growing concerns about cyber attacks, often backed by hostile states, on critical infrastructure in the West.

Deputy prime minister Oliver Dowden warned in April that “ideologically motivated” Russian hackers were increasingly trying to “disrupt or destroy” British infrastructure in response to sanctions and support for Ukraine.

More recently the National Cyber Security Centre, a division of GCHQ, has warned of the growing threat from Chinese hackers.

Martin Borrett, technical director of IBM Security, said: “As the energy sector becomes more digitised, the potential damage from cyber-attacks becomes even greater, making the industry a top target for attackers.

“Energy companies accounted for 16pc of all cyber-attacks IBM Security monitored in the UK in the past year.”

Technical failures in the UK’s air traffic control systems, which caused holiday chaos at airports over the last two days, have demonstrated the fragility of computer systems that Britain’s key services rely. However, a cyber attack has been ruled out by the Government, with a technical error blamed instead.

National Grid is preparing to deploy “honeypots” ahead of a government deadline to upgrade its cyber security defences.
Energy regulator Ofgem has set a December deadline for gas and electricity companies to comply with newly-tightened rules.

An Ofgem spokesman said suppliers faced new responsibilities under the recently-updated Network and Information Systems Regulations. 

They said: “We take cyber security incredibly seriously and work closely with energy suppliers to ensure they are doing everything they can to protect their systems and comply with their responsibilities.”

In a statement National Grid said its systems were “robust”, adding that it works closely with regulators and government departments to meet the new regulations.

It said: “Our systems enable us to monitor, detect and protect our network to keep energy flowing. We work closely with government, industry partners and regulators to protect our network from current and future threats.”

Christopher Budd, director of threat research at cyber security company Sophos X-Labs, said the tender document showed that National Grid has “the capability, expertise and staffing in house” to detect and defeat cyber attackers.

Countries such as Russia, Iran and China have been at the forefront of cyber attacks against critical infrastructure around the world.

Last year Russian hackers infiltrated computer systems at a Ukrainian power station, though they were stopped before they were able to cause any damage.

Ben Read, head of cyber espionage analysis at Google-owned Mandiant, said: “Russia has historically done a ton of this kind of thing, and it has been investing in it and showing great capability.”

In May, Chinese hackers were found to have planted malicious software inside a US military base on the Pacific island of Guam, with reports suggesting the “malware” was tailored to target power networks.

Industry experts warned that the drive to boost cybersecurity across the private sector was being hampered by a shortage of skilled people.

Mick Flitcroft, a principal security consultant with NCC group, said: “We are seeing a slow move to try and grow organic cyber capabilities, but there is a lack of resources in the workforce …  many systems [also] remain vulnerable due to legacy hardware and control systems.”