Why cyber attacks on critical national infrastructure are such a huge threat
Cyber attacks targeting national infrastructure are becoming increasingly prevalent – what are the underlying goals behind these attacks and how damaging are they?
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
You are now subscribed
Your newsletter sign-up was successful
Cyber attackers are increasingly targeting critical national infrastructure (CNI), such as energy grids, water supply, or telco networks. Although the target may only be a small part of a country’s infrastructure network, the goal is often far more wide reaching and such attacks can pose a significant security risk.
National infrastructure comprises the essential elements, such as power, transport and water, that a country needs in order to function and ensure the well-being of the population. Examples include high-voltage power transmission cables, telecommunication networks, hospitals and transport hubs, such as airports.
A recent example of an infrastructure attack was the cyberattack against Collins’ ARINC cMUSE check-in and boarding software on Friday, 19 September 2025. As a consequence of the cyberattack, passengers were unable to board planes at several airports throughout Europe.
The ultimate goal of the attack was not taking down Collins Aerospace, but the widespread disruption that it caused. By disrupting the life of the civilian population, malicious actors are making people feel vulnerable, causing them to question the ability of the government to safely run the country.
“Cyber attacks can go in various directions to create unsecureness in a population, so that we don't trust the things that work all the time,” says Kim Larsen, chief information security officer at Keepit and a former delegate for the Danish government in NATO and EU cybersecurity committees.
“We've seen ships pulling anchors over cables in the Eastern Sea, and that is probably most likely to test infrastructure. We have also seen distributed denial of service attacks towards critical infrastructure; tax department and defense departments around Europe – that is probably to test how stable we are on the more physical side.”
Cyber attacks for widespread disruption
The attacks targeting national infrastructure are varied and multifaceted. While physical attacks on CNI could see malicious groups sever undersea internet cables or use drones to disrupt the airspace above airports, cyber attacks on CNI have often come in the form of DDoS attacks that cause a critical server to fail, or ransomware attacks such as the 2021 breach of Colonial Pipeline. In many ways, these attacks are an escalating arms race between the attackers and security teams.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
In recent years, hackers have been exploiting the fact that more infrastructure has become either directly connected to the internet or indirectly linked to it in some way.
“We saw a lot of information gathering before the Ukraine war started, but when the attack went physical, cyber attacks lowered for quite a long time,” says Larsen. “It's now increasing again, and has been for quite a while with hybrid attacks.”
The anonymizing nature of the internet means that the identities of the attackers or where they are located may never be known for certain – unless the attackers come forward and reveal themselves. Most often it is state-sponsored hacking, with ransomware groups and other threat actors based in CRINK behind many advanced persistent threats (APTs).
“In the world of cyber it's always diffused, because you can hide yourself. I remember back in the day that there were a lot of attacks to critical infrastructure coming from an IP address in Beijing,” says Larsen.
“Well, if it's Chinese, they are probably more than clever enough to actually shadow their trace. On the other hand, sometimes an attack angle is to show who you are and that you're capable of doing something.”
The geopolitical sphere is currently rife with tensions due to the number of military actions taking place. Although the UK is not at war, neither is it at peace. The term ‘unpeace’ is sometimes used to describe a period of strife and dissension.
Almost all (95%) of CNI organizations in the UK experienced a cyber attack in 2024, according to cybersecurity firm Bridewell, with CNI respondents reporting low confidence in their ability to repel supply chain attacks. It’s hard to track the exact scale of attacks on CNI, as firms can be reluctant to publicly disclose incidents and when high-risk vulnerabilities are discovered, they may be kept private for reasons of national security.
It’s sometimes unclear whether critical national infrastructure is being disrupted due to cyber attacks or simply failures in the network. For example, a power cut might be due to a substation fault or a cyber attack. Initial reports of the blackouts in Spain and Portugal suggested they were caused by a cyber attack and Spanish authorities investigated the possibility. However, it was subsequently confirmed the incident occured due to a surge in voltage with which grid was unable to cope.
Ultimately, what infrastructure attacks are doing is causing disruption. When amplified by coverage on social media, this can have the secondary effect of destabilizing business operations and government.
Responding to the rising threat
The escalating cyber attacks against national infrastructure has driven the UK’s National Security Protection Agency (NSPA) to identify CNI in particular need of protection. These include telecommunications, emergency services, energy, healthcare, transportation and water. The National Cyber Security Centre (NCSC) is responsible for the cybersecurity of CNI.
The privatization of certain aspects of national infrastructure, such as telecommunication providers and water companies, adds a further regulatory complication. Information sharing and collaboration between organizations are vital in order to better protect national infrastructure against cyberattacks, and in some countries it’s possible to operate this as a more centralized operation than in others.
“Governments need to be transparent on the threats that they actually see, and to segment what is true, what is not true and what is serious,” says Larsen. “Then they can work with the industry on getting a solid cybersecurity trusted framework.”
A holistic approach to security, combining physical security with cybersecurity, creates a more robust security posture. For example, if high-voltage power-transmission cables are buried underground, then it is far more difficult for them to be physically interfered with.
Redundancy measures, either on-site or off-site, may be mandated for certain types of infrastructure. Any new national infrastructure including data centers needs a secure by design approach, with cybersecurity teams involved from the outset. Meanwhile, the security of existing infrastructure needs to be thoroughly tested and reviewed, with a risk-informed approach to enhancement of defenses if required.
Wars and heightened geopolitical tensions mean that cyber attacks against CNI are likely to become more frequent in the coming years. If threat actors succeed in causing major disruption to national infrastructure, the impacts will be felt widely. To mitigate against this, relevant organizations need to carry out risk assessments to highlight areas where improved security is needed.
With mitigations where required, and an appropriately robust security posture in place, cyber attacks against CNI will be less damaging. For new infrastructure projects, it is now more important than ever to consider physical and cybersecurity, and the interface between these, from the outset.
-
Ubuntu flaw exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
GoTo launches new LogMeIn Partner Network to drive MSP growthNews The new channel initiative introduces new tools, incentives, and support to help partners scale services and grow recurring revenue.
