Most serious cyberattacks against now from Russia, Iran and China: says UK cyber chief

The most serious cyberattacks in the UK are now carried out by hostile nations including Russia, Iran and China, the head of the UK’s National Cyber Security Centre said in a speech on Wednesday.

Richard Horne, the head of the National Cyber Security Centre (NCSC) — part of the UK’s signals intelligence agency GCHQ — warned that the UK is living through “the most seismic geopolitical shift in modern history.”

British businesses, he said, need to prepare themselves to defend against cyberattacks because the UK could be targeted “at scale,” if it became involved in an international conflict. 

In recent months, authorities in Sweden, Poland, Denmark and Norway have all warned that hackers linked to Russia have targeted their critical infrastructure including power plants and dams.

 Horne said the NCSC currently handles around four “nationally significant” cyber incidents a week and while criminal activity, such as ransomware, remains the most common problem, the most serious threat comes from cyberattacks carried out directly or indirectly by other states.

 Dan Jarvis, the UK security minister, said the NCSC handled more than 200 nationally significant incidents last year — more than double the year before.

Jarvis and Horne spoke at the Cyber UK conference in the Scottish city of Glasgow.

Cyber operations become more sophisticated.

In December, Blaise Metreweli, the head of Britain’s Secret Intelligence Service, or MI6, said the world is more dangerous and contested now than it has been for decades and that the UK is operating in a space between peace and war.

“Let’s be clear, cyberspace is part of that contest,” Horne said. 

China’s intelligence and military agencies display an “eye-watering level of sophistication in their cyber operations,” while Iran is “almost certainly using cyber activity to support the repression of British individuals on our streets who are seen as a threat to the regime,” he said.

Moscow, meanwhile, is using tactics and techniques honed during its war in Ukraine and is “moving them beyond the battlefield,” Horne said, pointing to “sustained Russian hybrid activity” targeting the UK and Europe.

Companies, he said, must learn how cyber operations have been used in conflict situations in order to boost their own resilience.

Hostile states, Jarvis said, know the most effective way to act is “not to confront us directly, but to quietly hollow us out,” by hacking logistics systems which move goods, for example, or compromising businesses.

He compared a cyberattack at Britain’s biggest automaker Jaguar Land Rover — that dented Britain’s economic growth late last year - to masked criminals turning up at car dealerships, breaking glass, smashing computers and stealing vehicles from the parking lot.

AI, Jarvis said, is also making it easier for adversaries to attack by finding vulnerabilities in systems “faster than any human team can patch them.”

He called for AI companies to work with the UK Government to develop bespoke programmes to boost Britain’s cyber defences.

EU countries report cyber-attacks on infrastructure

 In a conflict situation, Horne said, the UK would likely face cyberattacks at scale but - unlike with ransomware — companies will not be able to pay their way out in order to recover data and access to systems.

For that reason, he said, every organisation needs to understand the “full extent” of the risk they face and improve their cyber defences before it is too late.

On Friday, Swedish authorities said that a pro-Russian group with links to Russia’s security and intelligence services was behind a cyberattack on a heating plant last year.