‘The prospect of a category-one cyberattack is not receding’

Written by Sam Trendall on 26 April 2019 in News
News

The UK remains to be hit by a cyberattack of the highest level of severity, but NCSC chief reiterates that we should ‘expect it at some point’

Ciaran Martin pictured onstage at this week's CyberUK 2019 event   Credit: Andrew Milligan/PA Wire/PA Images

Two years on from WannaCry, the threat of an even more serious cyberattack hitting the UK looms as large as ever, the head of the National Cyber Security Centre has warned.

In the early days of 2018 – eight months on from WannaCry – Ciaran Martin, the chief executive of the NCSC, stated publicly that the UK suffering a category-one cyberattack is “a matter of when, not if”.

“We will be fortunate to come to the end of the decade without having to trigger a category-one attack,” he said, in an interview with the Guardian.

With another eight months left until the start of a new decade, PublicTechnology yesterday Martin whether an attack of the highest severity level remains as inevitable as ever, and whether the fact we have avoided one thus far is down to the UK’s defences, the shortcomings of our attackers – or, simply, luck.


Related content


“[It is] a combination of multiple factors,” he said. “I think we are doing a lot of very good work… in particular on resilience and critical infrastructure. But that is not, in and of itself, a guarantee against a category-one attack. I think that we have a good detection and deterrence operation – and I mean deterrence in its broader sense, in terms of making the UK a harder target, a harder place to bother with.”

He added: “I would say we have also come close to category-one attacks. The impact of WannaCry was categorised as a category two, but there are similar attacks in other countries that, had they occurred to that extent, might have been a category-one attack. I wouldn’t see the prospect of one receding, and I think we should expect it at some point. So, we will continue [our] work.”

A category-one attack is classed as a “national cyber emergency”, according to official NCSC classification.

It is defined as: “A cyberattack which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.”

WannaCry fell into category two, which is considered a “highly significant incident”, in which there is “a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy”.

Categories three to six are, respectively, classed as significant, substantial, moderate, and localised incidents.

Martin spoke to PublicTechnology at the NCSC’s annual CyberUK event, which took place in Glasgow this week. The two-day conference brought together several thousand attendees across the intelligence community and cybersecurity sector. 

Martin’s opening keynote speech (pictured above) was followed by a landmark public appearance of cyber officials from each of the five members – the UK, US, Australia, New Zealand, and Canada – of the Five Eyes intelligence alliance.

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

UK pins 'cynical and reckless' Olympic cyberattacks on Russia
20 October 2020

Government attributes 2018 campaign to Moscow and claims more assaults were planned for cancelled 2020 summer games

What sensitive data did the Home Office lose in Belgrade?
29 September 2020

Department’s annual report shows, for the first time in many years, documents or data lost from a secure government building had to be reported to the ICO. PublicTechnology finds out more...

The coronavirus ‘infodemic’: truth and conspiracy online
15 September 2020

The spread of online misinformation during the Covid-19 pandemic has exacerbated a public health crisis. PublicTechnology digs into a recent parliamentary inquiry to find out...

Personal data of all Welsh coronavirus cases compromised in breach
15 September 2020

Public Health Wales says leak that affected more than 18,000 people to have tested positive was attributable to ‘human error’

Related Sponsored Articles

Remote Working Strategy: Making the Right Decisions for the Future
29 October 2020

Many of us have adapted to new ways of working in 2020. Now we’ve mobilised our remote workforces, Six Degrees argues it’s time to review our remote working strategies to ensure we make the right...

Why it is time to change our approach to cybersecurity
29 September 2020

Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from...

Digital inclusion is vital during the COVID-19 accelerated channel shift
22 September 2020

Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend