The head of the National Cyber Security Centre (NCSC) has warned that a major cyber attack on the UK before the end of the decade is likely.
Ciaran Martin said the UK had been fortunate to so far avoid a so-called category one (C1) attack - an assault that might cripple national infrastructure.
He said he anticipated such an attack in the next two years, and admitted total protection was impossible.
Mr Martin said: ‘I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack.’
The NCSC recorded 34 category two attacks and 762 category three attacks since its launch to December last year.
‘Most comparable western countries have experienced what we would consider a category one attack so we have been fortunate in avoiding that to date,’ said Mr Martin, who is a former director general for cybersecurity at GCHQ.
The weapons that don’t go ‘bang’
Meanwhile, General Sir Nick Carter, the British Army’s chief of general staff, has warned that enemy states using hybrid ‘weapons’ ranging from cyber attacks to the use of fake news now pose a greater threat to the UK and the West than terrorism - with Russia the ‘arch exponent’ of this form of combat.
General Carter said that what constitutes a weapon in the new grey area between peace and war 'no longer has to go “bang” . . . Energy, cash [as bribes], corrupt business practices, cyber attacks, assassination, fake news, propaganda and military intimidation are all examples of the weapons used to gain advantage in this era of “constant competition.”’
WEF warns on cloud attack
The annual global risk report from the World Economic Forum and insurance broker Marsh has warned that a cyber attack targeting an internet cloud provider poses as big a threat to global stability as climate change and natural disasters.
The Global Risks Report found cyber risks are the fastest-growing concern among businesses, rising from sixth on last year’s list of top 10 risks in terms of likelihood to third place this year.
Commenting at the launch of the report, John Drzik, president of global risk and digital at Marsh, said businesses are under-prepared and under-resourced for such attacks, even though they pose a significant threat.
He added that sophisticated cyber attacks could hit energy grids, transport networks and the financial system, also noting that ‘geopolitical trends could lead to more state-sponsored attacks.’
‘Estimates show that if an attacker took down a major cloud provider, the damages could be $50bn to $120bn - something in the range of a [Hurricane] Sandy to a [Hurricane] Katrina event,’ Mr Drzik added.
Want to read more stories like this? Our weekly news digest helps keep you up-to-date with cybersecurity news stories relevant to the legal sector.
Sign-up to our weekly cybersecurity news digest