Careless tech costs lives: UK warned to prepare for "severe" attacks on critical infrastructure
Britain faces a growing threat from “highly capable threat actors” seeking to bring down the systems that power modern civilisation.
The UK's National Cyber Security Centre has warned the nation to be on high alert for "sophisticated and potentially destructive" attacks on critical infrastructure.
Although the NCSC’s urgent briefing stopped short of declaring the onset of a full-blown cyberwar, it warned of a growing risk of “deliberate and highly disruptive cyber attacks”.
The NCSC did not say the UK is currently facing a “severe cyber threat”, but warned that if the threat environment escalates to that level, it is “feasible” that “capable threat actors” would target the UK’s critical national infrastructure (CNI) with devastating consequences.
"Cyber incidents targeting organisations – particularly those against CNI – are becoming more frequent, sophisticated and potentially destructive," the NCSC warned. "This is happening against a backdrop of greater geopolitical instability, rapid technological advances, and increasingly capable adversaries."
Advising that the "time to act is now", the NCSC said that a severe cyber attack would go far beyond breaching data or causing minor service disruptions.
Without naming any nation-state adversaries likely to carry out such attacks, officials said skilled attackers would seek to shut down critical services or operations for "extended periods".
Additionally, they may try to erase or corrupt data, making recovery "difficult or impossible", or damage physical infrastructure, such as Industrial Control Systems (ICS).
"Severe cyber attacks like this can trigger cascading effects across industries, governments and society," the NCSC warned. "The impact often includes substantial financial loss, prolonged operational downtime and increased risks to public safety and national security."
Code red for critical infrastructure
Unfortunately, we don't need to look too far for evidence of the threat facing the UK and the rest of Western civilisation.
Writing on LinkedIn, Jonathon Ellison OBE, director for national resilience at the NCSC, said colleagues in Poland had already reported "coordinated attacks" against power plants during the peak of winter - which appeared to be an attempt to bring down the heating systems keeping ordinary citizens warm.
"They likened the attempted disruption to arson," Ellison said. "Incidents like this speak to the severity of the cyber threat and highlight the necessity of strong cyber defences and resilience."
Yashraj Solanki, cyber threat intelligence analyst at Bridewell, told Machine that the power station attacks were a grim illustration of the potential damage attacks on CNI can cause.
READ MORE: Russian hacktivists blitz UK critical infrastructure and local government targets
He said: "Considering the proximity and overall timing of these attacks during harsh weather conditions, the assessed intention of disrupting the heating supply also serves as a reminder that such attacks on CNI entities can have significant physical impact extending towards public safety.
"The attribution by CERT Polska linked back the observed activity to Russian APTs. Considering that Poland is part of NATO, such intended targeting should be treated as a warning signal for other NATO countries, including the UK.
"Protection of CNI entities should no longer be treated as a check-box exercise but rather also be governed by active defence strategies and collaborative threat intelligence to counter such disruptive adversary operations."
The warning signs about the potentially catastrophic impacts of attacks on CNI have been flashing loudly and clearly for many years.
Keeping on hacking in the free world
As geopolitical tensions intensify, a massivelyt disruptive incident in the UK or elsewhere in what was once referred to as the free world now appears almost inevitable.
Matt Conlon, CEO & co-founder, Cytidel, said: "Threats against CNI have been escalating globally for several years, and recent incidents underline just how exposed essential services remain.
"From the Colonial Pipeline attack in 2021, which was fortunately detected before it escalated into physical disruption, to last week’s cyberattack on Romanian oil pipeline operator Conpet, reportedly claimed by the cybercrime group Qilin, the message is clear: CNI is firmly in the crosshairs.
"We’ve also seen the real-world consequences closer to home, with the Health Service Executive (HSE) crippled by ransomware in 2021, disrupting patient care nationwide. These attacks demonstrate that cyber incidents against CNI are no longer hypothetical IT issues; they are national resilience issues."
READ MORE: Five Eyes probes LLM-wielding hacker-for-hire in China’s state-controlled digital underworld
The NCSC advised CNI defenders to take four urgent actions:
- Develop organisation-wide response strategies and plans.
- Enhance situational awareness through monitoring and intelligence sharing.
- Harden systems and networks to reduce vulnerabilities and enable rapid escalation.
- Ensure the ability to maintain operations and recover during disruption.
You can read the full NCSC guidance here.
We've launched a brand new cyberwar section on Machine to focus on stories like this.
Please get in touch with jasper@machine.news to share tips and pitches.
Follow Machine on LinkedIn country new
