Major cyberattack on UK is ‘when, not if’
A crippling cyberattack targeting UK infrastructure such as energy or financial services is only a matter of time, according to the head of the National Cyber Security Centre.
It is a matter of "when, not if" a "category one" attack happens, said Ciaran Martin.
He said the UK had so far been lucky to avoid such an attack and that the country is working on "offensive cyber" to give it the option of retaliating.
The worst so far has been last year's WannaCry ransomware attack that caused problems across the world and demanded payment to restore systems.
In the UK, it infected machines at 81 health trusts across England – a third of the 236 overall. US authorities have accused North Korea of being reponsible.
Wannacry was classed as category two because there was no danger to life.
But Mr Martin told the Guardian: "I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack."
Russia, Iran and China have been blamed for intrusions into UK computer systems.
These may have been intelligence gathering for future attacks, according to Mr Martin.
"What we have seen from Russia thus far against the UK is a series of intrusions for espionage and possible pre-positioning into key sectors but in a more controlled form of attack from others," he said.
Hitting back against malicious attacks also looks like becoming a more important option.
"Offensive cyber will be an increasing part of the UK's security toolkit," added Mr Martin.
The National Cyber Security Centre was launched in 2016 and is part of GCHQ. It was set up to protect critical services and deal with any major attacks.
More from Cyberattacks
Its warning comes after the head of the Army said this week that the UK could be at risk from a hybrid attack by the likes of Russia, in which conventional warfare is used alongside cyberattacks.
Sir Nick Carter said: "The threats we face are not thousands of miles away but are now on Europe's doorstep – we have seen how cyberwarfare can be both waged on the battlefield and to disrupt normal people's lives – we in the UK are not immune from that."