UK to be hit by 'category 1' cyber emergency, intelligence chief warns
Majority of attacks believed to be perpetrated by 'groups of computer hackers directed, sponsored or tolerated' by states hostile to Britain
Britain will be hit by a life-threatening “category 1” cyber emergency in the near future, the National Cyber Security Centre (NCSC) has warned.
The NCSC’s annual review revealed it is currently repelling around 10 attempted cyber attacks every week, with “hostile states” said to be responsible for the bulk of thwarted strikes.
Since it became fully operational two years ago, the centre’s teams have dealt with 1,167 cyber incidents.
Ciaran Martin, the centre’s head, said he had little doubt it would have to deal with the most serious type of cyber emergency in the future.
“The majority of these incidents were, we believe, perpetrated from within nation states in some way hostile to the UK,” he said. “They were undertaken by groups of computer hackers directed, sponsored or tolerated by the governments of those countries. These groups constitute the most acute and direct cyber threat to our national security."
He added: “I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a category 1 attack.”
The NCSC defines a category 1 incident as an attack which causes “sustained disruption” of essential services or affects national security, leading to severe economic or social consequences, or to loss of life.
Although there have been several “very significant” incidents, Mr Martin said the UK has yet to witness a category 1 event.
He added: “But even if this continues, we must be alert to the constant threat from countries who will attack critically important national networks to steal information for strategic or commercial reasons, and give themselves a starting point – ‘pre-positioning’ – for a significant attack in the future.”
The assessment comes less than a fortnight after Britain accused the GRU, the Russian military intelligence service, of being behind a campaign of cyber attacks which targetted political institutions, businesses, media and sport.
Mr Martin stressed there is “much, much more” to the cyber security threat faced by the UK than just Russia.
While nation state activity represents the most acute threat, he said, low-sophistication but high-volume cyber crime is the “most chronic” one.
The NCSC launched the Active Cyber Defence initiative to protect the UK from “high-volume commodity attacks” that affect people’s everyday lives.
Since its introduction, the UK share of visible global phishing attacks dropped from 5.3 per cent to 2.4 per cent, according to the report.