UK’s ‘next cyber crisis’ likely to come from mistake or misfortune – outgoing NCSC head

Written by Jim Dunton on 7 September 2020 in News

Ciaran Martin believes major security incident is still more likely to come from ‘unintentional consequence’, rather than attackers’ expertise

Credit: Pxhere

Outgoing National Cyber Security Centre chief executive Ciaran Martin has said he believes the next cyber crisis the UK faces is likely to be a chance collision of staff error and lack of insight on the part of the attackers.

Martin, who stepped down from the helm of NCSC last week, said just as 2017’s WannaCry ransomware attack had not deliberately targeted the NHS – despite going on to create chaos for health-service systems running on outdated Microsoft software – a similar situation could happen again.

"My guess would be the next cyber crisis will probably be, at least in part, an unintentional consequence of an attacker not really understanding what they're doing," Martin told the BBC in an exit interview.

His fear, he said, was that someone working in a company or government department would make a small mistake that left an important system open to ransomware. He did not specify departments that may be particularly vulnerable.

Martin became GCHQ’s director general responsible for cybersecurity in 2013 and oversaw the creation of the National Cyber Security Centre – an executive agency of GCHQ – after the 2015 general election. He left the role last week to become a professor of practice in public management at Oxford University’s Blavatnik School of Government.

Related content

His successor at NCSC is Lindy Cameron, the former second-in-command at the Northern Ireland Office.

In the BBC interview, Martin also broached security concerns related to reliance on Chinese technology – after the government U-turn over Huawei's role in 5G telecommunications.

"We have never been in any way naive about risks associated with Chinese technology," Martin said, suggesting the UK needed to do some hard thinking about how to position itself. 

Martin was more sanguine on the level of danger posed by Chinese-owned social-media firm TikTok, despite US president Donald Trump declaring the firm a threat to domestic security.

"The amount of personal data it collects, people need to be aware of," Martin said, but "it is slightly less than some of the others".

Martin is more concerned about Russia’s position in the cyberthreat rankings, but insists activity – such as accusations of interference in 2019’s general election – has not yet had a demonstrable impact on UK politics.

“We are talking a lot more about political interference in 2020 than we were in 2014," he said. "It shows that there is an ongoing threat to democratic processes." 

But he added: "It is not the case in my judgement that there has been sustained high-quality effective disruption of UK politics by the Russians."

Martin said it should not be the job of UK intelligence agencies to regulate political debate.

"No-one wants to live in a country where the likes of parts of GCHQ or MI5 are in charge of verifying political information in the midst of an election," he said.


Share this page




Please login to post a comment or register for a free account.

Related Articles

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Government urged to update product safety standards for internet age
15 May 2023

Parliamentary committee laments pace of progress so far in changing rules

HMRC launches £140m procurement to support comms digitisation
26 April 2023

Five-year contract will cover all incoming and outgoing messages and ambition to operate in ‘similar ways to leading private sector companies’

Government formally unveils annual independent cyber audits for all departments
24 April 2023

Ministerial announcement follows initial examinations of Home Office and business department earlier this year

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...