Peter Yapp, the deputy director of the National Cyber Security Centre (NCSC) has stated that it will not be long before the UK will be at the receiving end of a category one cyber-attack, even though the country hasn’t been targeted with such an attack so far.
A cyber-attack can be termed as category one if it significantly impacts either the power grid, the airline network, railways, nuclear power plants or even the UK’s military weapon systems and impacts a significant percentage of the population.
Speaking at a cyber security conference in Monaco earlier this week, deputy director Yapp noted that as there is a real possibility of a category one cyber attack on the UK, the nation must stay alert and must act quickly to respond to cyber threats emenating from hostile countries.
“That’s why earlier this year, the NCSC joined forces with the US government to publish evidence that Russia had attacked critical parts of our national infrastructure. This was a landmark act – as it called out both unacceptable practices but also provided the tools to clean up that particular attack,” he said.
Repeated warnings of calamitous cyber-attacks
During his speech, Mr. Yapp clearly echoed warnings issued by Ciaran Martin, the head of the National Cyber Security Centre, earlier this year when he said that the question of a category one cyber-attack on the UK is a matter of when, not if.
Martin also gave an indication that several such attacks could be launched on British elections or critical infrastructure targets in the coming years, adding that since all cyber-attacks simply cannot be stopped, the UK should concentrate on reducing the after-effects of such an attack.
‘Most comparable western countries have experienced what we would consider a category one attack so we have been fortunate in avoiding that to date,’ he added.
Martin also spoke about the threats posed by enemy states like Russia and North Korea, only a day after it was revealed that the Chief of the general staff will ask the government for additional funds to face conventional, non-conventional and cyber threats posed by Russia.
“What we have seen from Russia thus far against the UK is a series of intrusions for espionage and possible pre-positioning into key sectors but in a more controlled form of attack from others.
“What we have seen over the past year or so is a shift in North Korean attack motivation from what you might call statecraft – disrupting infrastructure – through to trying to get money through attacks on banks but also the deployment of ransomware, albeit in a way that didn’t pan out in the way the attackers wanted to,” he said.
Last year, Dr Ian Levy, Technical Director at the National Cyber Security Centre, also said that a WannaCry-like cyber-attack could take place in the near future unless the cyber security space was demystified by including more science and data.
‘Predictions in cyber security are quite difficult, but I am going to make one I am reasonably confident about. Sometime in the next few years we are going to have our first ‘category one’ cyber incident, where you need a national response.
“There will be an independent investigation and what will really come out is that it was entirely preventable. Unless we start to put some science and data into cybersecurity to demystify it, that is really going to happen,” he said.