NCSC: UK Bombarded By State Cyber-Attacks

gchq

The UK is hit by dozens of serious threats to national cyber-security each month, says NCSC head Ciaran Martin

Ciaran Martin, the head of GCHQ’s new National Cyber Security Centre (NCSC), has warned the UK is being bombarded by dozens of serious cyber-attacks each month.

Ahead of the NCSC’s official opening by the Queen on Tuesday, Martin highlighted increased attacks by Russia against Western countries – something also spoken of by US national security officials in recent weeks.

ukraine

Personal data targeted

Russian state-backed hackers are increasingly looking to steal personal data from “soft targets” in the West, such as local councils and charities, and research secrets from universities, Martin said in an interview with The Sunday Times.

Separately, chancellor Phillip Hammond wrote in The Sunday Telegraph the NCSC had blocked 34,550 “potential attacks” on government departments and members of the public in the past six months, or on average about 200 incidents per day.

Martin said the UK had been targeted by 188 attacks in the past three months, “many of which threatened national security”.

“In the case of government departments, [it is] getting into the system to extract information on UK government policy on anything from energy to diplomacy to information on a particular sector,” he said.

Kettles ‘at risk’

He said a dramatic increase in Russian cyber-aggression over the past two years was “very well evidenced by our international partners and widely accepted”.

The Obama administration held Russian state-backed hackers responsible for disruptive hacks during the US elections last year, and blamed Chinese hackers for the theft of large amounts of personal data on government personnel.

Russia’s UK embassy responded in a Twitter post that the article presenting Martin’s comments contained “no proof, just allegations”.

Meanwhile, Hammond warned that the spread of Internet-connected home devices means hacking affects not only national infrastructure, but also “kettles and fridges”.

“Beyond hacked kettles and fridges, ‘internet of things’ devices, such as driverless cars, can present alarmingly real security threats that could be incredibly dangerous if the right security isn’t in place,” Hammond wrote.

In December MP Andrew Tyrie, chairman of the Treasury Committee, expressed concern that with the formation of the NCSC the government is focusing on risks to national infrastructure to the exclusion of increasingly disruptive cyber-attacks on financial institutions.

In an open letter to Martin he argued a new line of accountability to the Treasury should be created for Internet-based financial crime, which has “resulted in unacceptable interruptions to vital banking services, and weakened the public’s confidence in the banking system as a whole”.

Earlier this month parliament’s Public Accounts Committee (PAC) criticised the government for taking too long to consolidate the country’s “dysfunctional” data breach reporting system and challenged it to set out a “detailed plan” for the NCSC by the end of this financial year.

Do you know all about security? Try our quiz!