Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The UK faces a “widening gap” in its ability to tackle cyber threats as AI and readily available technologies increase the scale and severity of attacks, the head of the country’s top cyber security agency will say on Tuesday.
The last 12 months saw a tripling in the number of “severe” attacks on UK organisations and companies — including high-profile incidents that affected London hospitals and the British Library — according to the National Cyber Security Centre.
As he launches the agency’s annual review on Tuesday, chief executive Richard Horne will say that “hostile activity in UK cyber space has increased in frequency, sophistication and intensity . . . We all need to increase the pace we are working at to keep ahead of our adversaries.”
His warnings about state-led and criminal threats echo those of Britain’s domestic intelligence agency MI5, which said in October that Russian spies were seeking to generate “mayhem” on British streets.
The NCSC is the defensive arm of the UK’s signal intelligence agency GCHQ, which operates alongside MI5 and Britain’s foreign intelligence service MI6.
Last month Pat McFadden, the Cabinet Office minister, cautioned that North Korea was using AI to accelerate malware development, and accused Russia’s Unit 29155, the GRU military intelligence unit that carried out the Salisbury nerve agent attacks, for orchestrating a “campaign of malicious cyber activity . . . around the world”.
The NCSC described the past year as “diffuse and dangerous”. The agency received 1,957 reports of cyber attacks in the UK, of which 430 required agency support. Of these, 89 were deemed “nationally significant” with 12 being at the top end of the severity scale — three times last year’s level.
Among the most high profile incidents was a ransomware attack on laboratory services provider Synnovis, which disrupted healthcare for thousands of patients at big London hospitals, and the aftermath of the ransomware attack on the British Library, which took almost half of the library’s financial reserves to recover from.
“The cyber security of critical infrastructure supply chains and the public sector must improve. There is a growing disparity between the resilience of our infrastructure and the threat we face,” the NCSC said in its annual report.
At the report’s launch, Horne will highlight the “recklessness” of Russian cyber activity and how Moscow “routinely” seeks to interfere with countries, the “sophistication” and “ambition” of Chinese cyber threats, North Korea’s “prolific and capable” attacks — and the sheer “volume” of criminal attacks, which often abet and disguise state-led attacks.
“Yet despite all this, we believe the severity of the risk facing the UK is being widely underestimated,” Horne will say.
Defending against cyber attack is not technically difficult. According to the NCSC, minimum cyber hygiene — such as strong passwords, and using NCSC services like “web check” that find and fix website vulnerabilities — can stop the “majority of commodity cyber attacks”.
However, the severity of state-led threats is increasing, while state-sponsored “patriot hacktivists” are copying those techniques and off-the-shelf technologies mean that criminals can increasingly carry out sophisticated cyber attacks at scale, even without any expertise. AI also means that they can harvest stolen data better.
“AI will also almost certainly enhance actors’ abilities to extract intelligence value out of exfiltrated data,” the NCSC annual report said. “As more data is stolen” this will generate information that supports “their wider . . . goals”.