Hostile states will attempt deadly cyber attacks on UK, warns NCSC

The UK has faced hundreds of cyber incidents in the past two years, but the biggest test is probably still to come.
Written by Danny Palmer, Senior Writer on

It's only a matter of time before the UK faces a cyber attack that threatens loss of life and other major social consequences, the National Cyber Security Centre (NCSC) has warned.

Since the GCHQ's specialised cybersecurity arm's creation in 2016, it has dealt with 1,167 cyber incidents, with 557 of these in the past year, the equivalent of over 10 a week, according to figures in its second annual review.

Most of these attacks are thought to be the work of hostile governments or hacking groups working on their behalf.

"The majority of these incidents were, we believe, perpetrated from within nation states in some way hostile to the UK," said Ciaran Martin, chief executive of the NCSC.

"They were undertaken by groups of computer hackers directed, sponsored or tolerated by the governments of those countries. These groups constitute the most acute and direct cyber threat to our national security."

While the NCSC has been tested by many high-profile cyber attacks in the past two years, the annual review shows that the WannaCry ransomware attack remains the most prominent attack it has faced. But Martin believes bigger, potentially much more dangerous challenges lie ahead.

"I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a Category 1 attack," said Martin.

According to the NCSC's own definition, a Category 1 attack, or 'national cyber emergency', is a cyber attack that causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.

SEE: What happens when a nation-state cyber attack kills?

The NCSC has recently accused Russian military of intelligence of being behind a string of cyber attacks, including hacking the Democratic National Committee, the World Anti Doping Agency, and the BadRabbit ransomware outbreak, as well as an attack on a UK-based TV station. It also accused Russia of being behind the NotPetya attack.

However, Martin warns that Russia is far from being the only state that is using hackers in attacks against the UK. "There is much, much more to the cyber security threat to the UK than just Russia," he said.

Previously, the NCSC has also called out North Korea as responsible for the WannaCry ransomware attack, which it was recently revealed cost the NHS almost £100m. However, North Korea continues to dismiss the hacking accusations as a "smear campaign".

But nation states are not the only potential risk to organisations and consumers in the UK. Commodity attacks by cyber crime groups and low-level attackers are relatively simple to carry out using freely available tools and can potentially cause a lot of damage and disruption to targets.

To help organisations protect themselves from these attacks, the NCSC recently released a list of five questions that business leaders should be able to answer.

The cybersecurity agency has also issued Internet of Things device manufacturers with guidelines designed to ensure that their products can't be abused by hackers.


Editorial standards