Electronic attacks

The potential for electronic attack against your computer networks is enormous. As users demand software with more features and services to improve business delivery, new opportunities for exploitation will continue to emerge.

CPNI examines all types of electronic attack on information and process control systems that form part of the UK's critical national infrastructure. This could include malware, hacking, botnets, keystroke logging and denial of service. We liaise with vendors about the responsible disclosure of patches for vulnerabilities discovered in their products, helping to prevent attacks that use previously unpublished vulnerabilities.

We recommend that all systems are patched and have current, up-to-date, anti-virus software and a firewall that restricts access on to services that users need for their business (typically web and email).

The UK statistics on network growth and speeds are dramatic. Broadband access is predominantly by Asynchronous Digital Subscriber Line (ADSL) connections and these are getting faster and more widespread. Wireless connectivity is also growing rapidly; a key implication of this unprecedented wireless connectivity is that attackers can reach you at all times.

Threats always evolve. The convergence of networking and telecommunications technologies around the Internet Protocol (IP) will likely lead to vulnerabilities being discovered in any new technologies, for example telecommunications networks rely on IP. Generally, vendors are improving the security of their products, including timely patch provision, so we expect to see new types of software applications being targeted - such as back-up software - which is a trend supported by the latest SANS Top 20, see SANS Top 20 website.

This section of our website gives you further information on the various types of attack and how to mitigate the threats. There are also CPNI technical notes on firewalls, web browser configuration, spam mitigation techniques and other important issues.