UK infrastructure being targeted by hostile states, GCHQ cyber chief warns
Britain’s cybersecurity chief has warned that hostile states including Russia, China and Iran are increasingly targeting Britain’s infrastructure with online attacks.
Richard Horne, head of GCHQ’s National Cyber Security Center (NCSC), said around 75 per cent of the more than 200 incidents affecting the UK’s critical national infrastructure last year could be linked to state actors.
He called for coordinated action to strengthen the UK’s defences, warning that artificial intelligence (AI) was likely to increase the threat online.
The NCSC has warned that by 2028, AI-enabled cyber capabilities will be used by attackers to exploit vulnerabilities in legacy legacy systems across the UK’s critical national infrastructure.
“From June last year to this May, we managed more than 200 incidents affecting CNI (critical national infrastructure) and organizations within our supporting ecosystem, with 75% of these incidents believed to be linked to state actors,” Mr Horne said.
“So today, in addition to protecting ourselves, we must act urgently as a nation and with international partners because we are not a digital island.”
He called for urgent action “without spectators” from across society, arguing that efforts must be made now as in the event of war a hostile state would seek to exploit any gap in the United Kingdom’s defences.
Mr Horne said “we don’t have the luxury of time” as the UK’s enemies are currently working to prepare for any future conflict.
Part of this preparation includes “cyber espionage, which provides a clear understanding of the environment to inform and sensitize potential targets.”
“Many vulnerabilities that organizations tolerate today will be exploited in conflict tomorrow. If they are too expensive or difficult to fix in peacetime, then they will certainly be in war,” he warned.
Enemy states are trying to implement measures that will paralyze systems in case of war.
“We know that adversaries are prepositioning today, establishing footholds in technology that support critical national infrastructure and enable rapid exploitation in times of conflict to cause mass disruption,” he said.
“We’re not preparing for tomorrow’s conflicts in cyberspace; to some extent, we’re fighting them today.”
In a speech at the defense think tank Royal United Services Institute in London, the NCSC chief executive called on “every board member and every executive in every organization” to strengthen cyber defences.
Organizations need to take steps to understand their exposure to threats, build stronger protections, and build resilience so they can continue operating if they are subject to a cyberattack.
He said: “Today we still see many significant events that would have been possible because the foundations were not in place.
“The truth is that there are no spectators in this big competition, we are all on the field.
“From boardrooms to IT help desks to sofas at home, competition is everywhere.
“If we collectively embrace the challenge, understand the urgency, and believe that we can rival any opponent, then we can and will prevail.”
