The UK's critical national infrastructure has experienced more than 200 cyber incidents over the past year, with state-linked assailants responsible for three-quarters of the attacks, according to the National Cyber Security Centre (NCSC).
State-Linked Threats on the Rise
Richard Horne, chief executive of the NCSC, stated that hostile states such as Russia, China, and Iran are increasingly targeting systems behind the UK's key services. Critical national infrastructure includes the UK's nuclear deterrent, power plants, hospitals, and airports.
Horne described the UK as being engaged in an "ongoing contest with capable adversaries." He likened the cybersecurity landscape to a football or basketball game, where success depends on operating across the entire field of play.
AI to Accelerate Cyber Threats
Horne warned that advances in artificial intelligence are likely to accelerate the threat, exposing cyber flaws in national infrastructure. He predicted that 2028 could be the year when such threats crystallize.
He emphasized the importance of focusing on cybersecurity fundamentals, such as ensuring rapid recovery from attacks. "The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow," he said.
While the emergence of AI models like Anthropic's Claude Mythos raises concerns, experts note that most breaches still stem from well-established risks like weak authentication and unpatched vulnerabilities.
Previous Warnings and Recommendations
In 2024, former Chancellor of the Duchy of Lancaster Pat McFadden warned that Russia was targeting UK media, telecoms, political institutions, and energy infrastructure, with the potential to shut down power grids.
Horne's comments echoed a warning from MI6 head Blaise Metreweli, who said the UK is caught in "a space between peace and war" as tensions with Russia escalate.
The NCSC has recommended that consumers drop passwords in favor of passkeys, which are more secure against modern cyber threats.
