The UK’s National Grid has issued a tender for a cyber security contractor to use “honeypots” in a bid to improve security resilience amidst heightened threats to critical infrastructure.
A contract worth more than £1 million ($1.2 million) has been advertised by the energy distribution service, according to the Telegraph, with the organization seeking contractors capable of using sophisticated “deception” technologies to dupe threat actors.
Honeypots are a common method used in cyber security. These can come in several forms, but a common theme involves creating a decoy system that is used to attract cyber criminals who think they have discovered a vulnerability of some sort.
Fundamentally, honeypots “mimic a target for hackers” and are used to observe attacks and gain valuable insights on how threat actors operate, according to Kaspersky.
There are several specific types of honeypots, according to the security firm. This can include email-based traps, decoy databases, or a malware honeypot, which mimics vulnerable software or APIs.
National Grid’s plans will include deliberately exposing false resources and documents “designed to appear sensitive or valuable” in an attempt to dupe hackers.
This would enable security teams at National Grid to learn from hackers’ attack methods and implement changes to security practices that will help mitigate future risks.
Honeypots in action
Honeypots are by no means a new technique, and NATO has used honeypots extensively in recent years in a bid to catch Russian-backed threat actors in the middle of their offensive operations for intelligence-gathering purposes.
In 2020, NATO’s Cyber Coalition conducted a large-scale exercise that involved setting up honeypots to identify threat actors and improve security practices amid a period of escalating threats against member states.
Honeypots have also been used by UK law enforcement to flush out cyber criminals. Earlier this year, the National Crime Agency (NCA) led a honeypot operation to identify users of DDoS-for-hire services across the country.
Learn about the six ways ServiceNow can help your enterprise build organizational resilience for a changing world.
This operation saw police create a fake DDoS-for-hire site that attracted “several thousand” suspected cyber criminals. The results of the sting operation have been used to investigate potential criminals.
Xavier Bellekens, CEO at Lupovis, told ITPro that advances in ‘Deception as a Service’ solutions mean that honeypots will continue to be a key method for organizations to identify potential threats and mitigate risks.
“Recent advancements in deception technology and deception as a service solutions now facilitate the rapid and scalable deployment of honeypots,” he said.
“This enables large organizations to enhance their cyber security measures more effectively, thereby fortifying their defenses against an evolving threat landscape.”
Critical infrastructure threats
The move by National Grid comes against a backdrop of escalating threats against critical national infrastructure in both the UK and worldwide.
Last month, the UK government said it now views the risks of cyber attacks on critical national infrastructure assets as on par with chemical or nuclear attacks.
The National Risk Register (NRR) report designates severity scores for hypothetical attack scenarios on the country based on the risk to human lives.
This year’s report identified cyber attacks on infrastructure targets as having a ‘moderate’ impact rating alongside severe weather conditions and terrorist attacks on public transport.
Attacks on energy infrastructure, which included nuclear energy, were specifically highlighted by the report alongside the potential associated with attacks on social care and telecommunications networks.
Rising concerns over the potential impact of energy sector attacks have prompted changes to requirements for operators in the industry.
The updated Network and Information Systems (NIS) regulations in the UK took effect in December 2022 and afforded a one-year window to ensure compliance.
Ofgem mentioned the updated regulations in a statement issued to the Telegraph, adding that it works closely with energy suppliers to ensure high-quality cyber security standards are achieved.
Bellekens noted that rising threats to energy infrastructure are a serious concern for operators and governments, and as such, proactive measures to counter threats should be welcomed.
“Energy infrastructure has increasingly become a focal point for cyber attacks, given its potential to cause widespread disruption,” he said.
“To counteract this growing threat, it is imperative to adopt a proactive approach that encompasses both information technology and operational technology networks.”
