NCSC warns of 'life threatening' cyber attack

Written by Hannah McGrath

The UK is battling more than 10 cyber attacks every week, the National Cyber Security Centre has revealed in a report that warned there was “little doubt” the country would face an incident so serious it could threaten lives in the coming years.

In its second annual review, the NCSC released data on the number of attacks it handles, recording more than 10 attacks per week in the last two years, totalling 1,167 cyber incidents, including 557 in the last 12 months.

The majority of the hacks and malicious attempts to compromise systems could be traced back to “nation states in some way hostile to the UK,” the report stated.

In his foreword to the review, Ciaran Martin, chief executive of the NCSC, said the attacks were mostly undertaken by groups of computer hackers “directed, sponsored or tolerated by the governments of those countries”.

“These groups constitute the most acute and direct cyber threat to our national security,” he added.

Whilst none of the 1,000 or so attacks had been rated category 1 - the most serious grade of attack which could pose risk to life - Martin warned that it was only a matter of time before the UK is hit by a strike of that severity.

“I remain in little doubt we will be tested to the full, as a centre, and as a nation, by a major incident at some point in the years ahead, what we would call a category 1 attack.”

The NCSC’s defines a category 1 national cyber emergency as: “A cyber attack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.”

Martin went on to advise companies and public bodies to remain alert to the “constant threat” of states actively attacking critically important national networks in order to steal information for strategic or commercial reasons, with the potential that smaller scale attacks were merely ‘prepositioning’ for a more significant strike in the future.

He also explained that while hostile nation state activity presented the most “acute” threat, the most “chronic” issue affecting businesses is a low sophistication but high volume cyber crime of the kind dealt with by the National Crime Agency.

Earlier this month the UK and Dutch governments took the unprecedented step of revealing that joint intelligence service operations had traced the source of cyber attacks on the UK foreign office computers at the Porton Down military research facility and the Organisation for the Prohibition of Chemical Weapons (OPCW) to Russia’s GRU intelligence services.

Responding to the review, Etienne Greeff, chief technology officer and and co-founder of SecureData, said: “Recent high-profile incidents at Facebook, Google+ and Reddit demonstrate both the far-reaching consequences of poor cyber hygiene and the subsequent impact a hack or breach can have on us all.

“As the report suggests, it would be completely unrealistic to believe that cybercrime can be entirely stopped,” he said, adding: “However, collaboration would make it that much harder for cyber criminals to operate successfully.

“The cyber fight is similar to Dad’s Army: we all have a role to play, even if we aren’t on the front line. Everyone is responsible for defending themselves and those around them, reporting suspicious activity and being vigilant at all times.”