Hostile states behind three-quarters of UK critical infrastructure attacks
NCSC CEO warns that with the rise of AI, the danger is only set to get worse
The overwhelming majority of cyber attacks on critical infrastructure are coming from hostile states, the UK's cyber chief has warned.
Speaking at the Royal United Services Institute's (RUSI) Annual Security Lecture, Richard Horne, CEO of the National Cyber Security Centre (NCSC), said the organization had handled more than 200 cyber incidents affecting the UK's critical national infrastructure and its supporting ecosystem over the last year. Around 75% were believed to be linked to state actors, particularly Russia, China, and Iran.
"We know that adversaries are prepositioning today, establishing footholds within technology that underpins critical national infrastructure that could enable rapid exploitation, to cause mass disruption in a time of conflict," he said.
"The highest profile example of this was a campaign often referred to as Volt Typhoon against largely US critical national infrastructure, which was attributed in 2024. And we are seeing our critical infrastructure being targeted, regularly finding and stopping breaches, before their intent becomes clear."
Horne broke the threat down into 'near', 'mid,' and 'far' spaces, with the far space representing the adversary's home turf, systems, tooling, and networks. Here, he said, the UK and its allies bring pressure to bear through intelligence collection, sanctions, law enforcement action , and offensive cyber operations to disrupt and degrade their capability at source.
In the mid space, efforts are concentrated on hardening cloud, technology, and telecommunications infrastructure, and by disrupting adversary positions within those environments.
"The reality is much of this space is in private hands," he said. "Which means success here demands genuine collaboration between government and private sector, which is at the heart of our approach in the NCSC."
But, he said, it's the near space – the defense and resilience of the organizations and systems being targeted – where most action is probably required. The rise of AI is an important factor here, he said.
"Recent developments of frontier AI models have demonstrated their effectiveness at finding inherent vulnerabilities in the technology we rely on," he said.
"Our latest assessment shows that by 2028, it is highly likely that AI-Cyber capabilities will be used by attackers against known vulnerabilities in legacy technology in our critical national infrastructure."
British organizations should take note, said James Neilson, SVP of global at OPSWAT.
"The daily scale of hostile activity against the UK is vast, and until the NCSC revealed those figures, the threat and danger facing critical infrastructure was far greater than most businesses realized," he said.
"Many organizations neglect to secure data that moves in and out of their OT networks. By controlling data flows and scanning files in transit, organizations can detect and neutralise hidden malicious payloads before they infiltrate critical systems."
Horne called on organizations to strengthen cyber resilience by focusing on three core capabilities: understanding their exposure to threats, building stronger defences based on proven security fundamentals, and ensuring they can continue operating and recover quickly after an attack.
"By making our environment harder for adversaries to operate in, and engaging in the contest better, we can play an important part in altering potential adversaries' options and deterring conflict," he said.
-
NCSC urges organizations to shore up supply chain security practicesNews With attackers increasingly compromising open source packages to spread malware, organizations need to be on their guard
-
Security professionals want leaders who have already led their organization through a major cyber incident – regardless of how things turned outNews Research from ISC2 reveals what makes for a good security leader
-
Hospital cyber attacks are increasingly hitting patient careNews New research shows only 14% are confident they can lose access to health records for 72 hours without risk to patients
-
A ‘perfect storm’: NCSC chief issues warning over quantum threats, nation-state hackers, and the dangers of global ‘hacktivism’News NCSC CEO Richard Horne says nation-state attacks, AI and the looming quantum threat require stronger global collaboration
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
NCSC issues alert over Russian hacker campaign targeting SOHO routers
News The APT28 group has exploited vulnerable internet routers to covertly reroute internet traffic through malicious servers
-
Russian sentenced to jail for his part in ransomware attacksNews Aleksei Volkov operated as an initial access broker, helping cybercrime groups, including the Yanluowang ransomware group
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
