Unlock Editor’s Digest for free
Roula Khalaf, editor of the FT, picks her favorite stories in this weekly newsletter.
The UK faces a “widening gap” in its ability to tackle cyber threats as artificial intelligence and readily available technologies increase the scale and ferocity of attacks, the head of the country’s leading cyber security agency will say on Tuesday.
The number of “severe” attacks on organizations and businesses in the UK has tripled in the last 12 months – including high-profile incidents affecting London Hospitals and British Library — according to the National Cyber Security Center.
As he presents the agency’s annual review on Tuesday, chief executive Richard Horne will say that “hostile activity in UK cyberspace has increased in frequency, sophistication and intensity. . . We all need to pick up the pace at which we work to stay ahead of our opponents.”
His warnings about state and criminal threats echo those of Britain’s domestic intelligence agency MI5, which said in October that Russian spies were seeking to generate “mess” on British streets.
The NCSC is the defense branch of Britain’s signals intelligence agency GCHQ, which operates alongside MI5 and Britain’s foreign intelligence service MI6.
Last month Pat McFadden, the Cabinet Office minister, warned that North Korea was using artificial intelligence to accelerate the development of malware and accused Russia’s Unit 29155, the GRU military intelligence unit that carried out the Salisbury nerve agent attacks, of orchestrating “a campaign of malicious cyber activity . . around the world”.
The NCSC described last year as “diffuse and dangerous”. The agency received 1,957 reports of cyber attacks in the UK, of which 430 required agency support. Of these, 89 were deemed “nationally significant” and 12 were at the top of the severity scale – three times last year’s level.
Among the most prominent incidents were the ransomware attack on laboratory services provider Synnovis, which disrupted healthcare for thousands of patients in major London hospitals, and the aftermath of the ransomware attack on the British Library, which took away almost half of the library’s financial reserves in order to recover from.
“The cyber security of critical infrastructure and public sector supply chains must be improved. There is a growing disparity between the resilience of our infrastructure and the threat we face,” the NCSC said in its annual report.
At the launch of the report, Horne will highlight the “recklessness” of Russian cyber activity and how Moscow “routinely” seeks to interfere in countries, the “sophistication” and “ambition” of China’s cyber threats, North Korea’s “prolific and capable” attacks — and the sheer “scale” criminal attacks, which often instigate and cover up state-led attacks.
“However, despite all this, we believe that the seriousness of the risk facing the UK is vastly underestimated,” Horne will say.
Defending against cyber attacks is not technically difficult. According to the NCSC, minimal cyber hygiene — such as strong passwords and use of NCSC services like “web check” that finds and fixes website vulnerabilities — can stop “most commodity cyber attacks.”
However, the severity of state-led threats is growing, as state-sponsored “patriotic hacktivists” copy these techniques, and ready-made technologies mean that criminals can increasingly carry out sophisticated cyberattacks on a large scale, even without any expertise. AI also means they can better collect stolen data.
“AI will also almost certainly improve actors’ abilities to extract intelligence value from exfiltrated data,” the NCSC’s annual report said. “As more data is stolen,” it will generate information that supports “their broader . . . goals.”
