It is a only matter of time before the UK suffers a major cyber attack, the head of the National Cyber Security Centre has warned.
Ciaran Martin said it was a matter of “when, not if” an assault comes, adding that the UK had been lucky to so far avoid a “category one” attack crippling infrastructure such as energy or the financial services.
His warning comes after the head of the Army said Britain was not immune to a “hybrid” attack that could use conventional and cyber warfare methods.
The most serious cyber attack on the UK to date was the WannaCry ransomware attack on hospitals last May, which was classed as a category two incident because there was no risk to life.
In an interview with The Guardian, Mr Martin said: “I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack.”
Mr Martin said the WannaCry attack – which was blamed on North Korea – had also highlighted the risk of attack where the perpetrator loses control.
“What we have seen over the past year or so is a shift in North Korean attack motivation from what you might call statecraft – disrupting infrastructure – through to trying to get money through attacks on ransomware, albeit in a way that didn’t pan out the way the attackers wanted it to,” he said.
Ciaran Martin, head of the National Cyber Security Centre (NCSC), has said it is only a matter of time before the UK is hit by a major cyber attack (Dominic Lipinski/ PA)
Other intrusions have been blamed on Russia, China and Iran, which Mr Martin said may have been intelligence-gathering on infrastructure for potential attacks in the future.
“What we have seen from Russia thus far against the UK is a series of intrusions for espionage and possible pre-positioning into key sectors but in a more controlled form of attack from others,” he said.
The UK is also increasing its capabilities to retaliate to a cyber attack, he said, adding: “Offensive cyber will be an increasing part of the UK’s security toolkit.”
Mr Martin said he had not seen any successful attempt to interfere in the UK’s democratic process, but said the possibility would likely delay a move to electronic voting in the foreseeable future.
Mr Martin’s warnings follow calls by Sir Nick Carter, Britain’s defence chief of general staff, for greater defence spending to protect the UK from futuristic “hybrid” warfare developed by Russia.
Sir Nick said on Monday the UK is now vulnerable to both a military and cyber attack executed by Russia and must rapidly update its defence strategy.
“State-based competition is now being employed in more novel and increasingly integrated ways and must be ready to deal with them,” he said.
“The threats we face are not thousands of miles away but are now on Europe’s doorstep – we have seen how cyber-warfare can be both waged on the battlefield and to disrupt normal people’s lives – we in the UK are not immune from that.”