NCSC building, London

Category One cyber attack ‘a matter of when, not if’, warns UK security chief

Image credit: PA

Ciaran Martin, the head of the National Cyber Security Centre (NCSC), has suggested that an assault that would cripple Britain's electricity grid is probably now inevitable. His warning comes just a day after General Sir Nick Carter urged the UK to prepare for Russian hostilities.

Ciaran Martin warned today that a major cyber attack on the UK is now a matter of “when, not if”.

Martin said the country had been lucky so far in avoiding an all-out assault, or so-called ‘Category One’ incident - a potentially fatal strike that would cripple infrastructure like the power grid or an economic pillar like financial services, possibly as a prelude to a conventional use of force.

The most serious cyber attack on the UK to date was the WannaCry ransomware attack on hospitals last May, which was classed as a ‘Category Two’ incident because there was no direct risk to life.

In an interview with The Guardian, Martin said: “I think it is a matter of when, not if, and we will be fortunate to come to the end of the decade without having to trigger a Category One attack.”

He said there had already been a “series of intrusions” by Russia “for espionage and possible pre-positioning into key sectors”.

British Army chief General Sir Nick Carter yesterday warned of the danger of a “hybrid” attack using both conventional military and cyber warfare methods. He called for investment in the army, navy and airforce to keep pace with Russia and said that Britain must prepare to “fight the war we might have to fight”.

Although the army chief stressed he did “not in any way” wish to suggest that Russia would go to war with the UK in the traditional sense, he said Moscow “could initiate hostilities sooner than we expect”.

Itsik Mantin, director of security research at cyber company Imperva, said the NCSC was right to issue its warning.

Mantin said: “If the attackers won’t find their way in through the fortified perimeter, they will find their way in through social engineering or recruiting an insider.

Security officers need not only to invest in building walls to prevent penetration and tools to detect attacks, but also to assume that breaches will happen - if they haven’t happened already - and to focus on post-infection detection and incident response procedures.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them