Major cyberattack on UK likely in next two years, warns NCSC chief
Ciaran Martin claims that ‘it is a matter of when, not if’ the country suffers a top-level category-one assault
The chief executive of the National Cyber Security Centre Ciaran Martin has warned that a category-one cyberattack on the UK is an inevitability.
Martin added that the country will probably suffer such an attack at some point in the next two years. A category-one attack would require a national response, and could include an attempt to harm an election process, or an assault that brought down energy infrastructure or banking services. An aggressive cyber incursion from a rogue nation could also be classed in category one. Last year’s WannaCry ransomware attack that impacted the NHS was considered as a category-two attack.
- “Active cyber defence”: UK’s first National Cyber Security Centre chief sets out strategy
- GCHQ unveils cybersecurity playbook after pilot with ‘UK’s most spoofed brand’ HMRC
- NAO says preventable WannaCry damage shows DoH and NHS must ‘get their act together’
Speaking to the Guardian, Martin said: “I think it is a matter of when, not if, and we will be fortunate to come to the end of the decade without having to trigger a category-one attack,” he said. “Some attacks will get through. What you need to do [when they do] is cauterise the damage.”
Figures published by the NCSC in October revealed that, in its first 12 months in operation, the centre had worked to combat a total of 591 “significant” cyberattacks, including 30 that required NCSC to coordinate a pan-government response.
Housed within GCHQ, the National Cyber Security Centre was launched in October 2016 to serve as a central source of expertise and oversight for the government’s cybersecurity operations. In February last year, its new headquarters in London’s Victoria was opened by the Queen.
Auditors flag up a range of targets missed and benefits not delivered
PublicTechnology editor Sam Trendall believes that the government’s online harms strategy must address their impact, as well as their cause
Initial set-up meant investment required was unknown and objectives may not be achieved
Self-regulation by online platforms ‘clearing failing’ and regulatory framework ‘out-of-date’