Hostile states including Russia, China, and Iran are increasingly targeting the UK’s infrastructure with online attacks, Britain’s cyber security chief has warned.
State-Linked Attacks on Critical Infrastructure
Richard Horne, head of GCHQ’s National Cyber Security Centre (NCSC), said around 75% of the more than 200 incidents affecting the UK’s critical national infrastructure over the past year could be linked to state actors. He called for co-ordinated action to strengthen the UK’s defences as he warned that artificial intelligence (AI) is likely to increase the online threat.
The NCSC warned that by 2028 AI-enabled cyber capabilities will be used by attackers to exploit vulnerabilities in older legacy technology systems across the UK’s critical national infrastructure.
“Between June last year and this May, we managed more than 200 incidents impacting organisations within our CNI (critical national infrastructure) and supporting ecosystem and of those incidents 75% were believed to be linked to state actors,” Mr Horne said.
“So in addition to protecting ourselves today this is why we must act with urgency as a nation and with international partners because we are not a digital island.”
Urgent Action Required
He called for urgent action from across society, with “no spectators”, arguing that efforts were needed now because in the event of a war a hostile state would seek to take advantage of any gaps in the UK’s defences.
Mr Horne said “we don’t have the luxury of time”, with work being carried out now by the UK’s adversaries to prepare for any future conflict. Part of that preparation involves “cyber espionage gaining a clear understanding of the landscape to inform and refine potential targets”.
“The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war,” he warned.
Pre-Positioning for Conflict
Hostile states are seeking to put in place measures which could be triggered in the event of war to cripple systems.
“We know that adversaries are pre-positioning today, establishing footholds within technology that underpins critical national infrastructure that could enable rapid exploitation to cause mass disruption in a time of conflict,” he said.
“In cyberspace, we are not preparing for tomorrow’s conflicts, to some degree we are fighting them today.”
Call to Action for Organisations
In a speech at the defence think tank the Royal United Services Institute in London, the NCSC chief executive called on “every board member and every executive, in every organisation” to strengthen cyber defences.
Organisations must take steps to understand their exposure to threats, build stronger protections and ensure resilience so they can keep operating if they come under a cyber attack.
He said: “We still see far too many significant incidents today that are possible because the fundamentals are not in place.
“The truth is that in this great contest there are no spectators, we are all on the pitch.
“From boardrooms to IT help desks, to sofas at home, the contest is everywhere.
“If we collectively embrace the contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail.”
