Russia, China and other hostile actors are exploiting the UK’s dependence on technology to cause “maximum disruption and destruction”, Britain’s cyber security chief will warn.
In his first major speech, Richard Horne, head of GCHQ’s National Cyber Security Centre (NCSC), will highlight the “widening gap” between the threats facing the UK – from both state-backed hackers and online criminals – and the defences in place to protect businesses and public services.
Speaking at the launch of the NCSC’s annual review in London, he will say the UK must wake up to Russia’s online “aggression and recklessness”, as well as the risks posed by “highly sophisticated” Chinese hackers.
“Hostile activity in UK cyberspace has increased in frequency, sophistication and intensity. We see this in the intelligence we can access through being part of GCHQ.
“Actors are increasingly using our technology dependence against us, seeking to cause maximum disruption and destruction”, Mr Horne will say.
The NCSC’s annual report shows a threefold increase in the most serious cyber incidents affecting the UK in 2023-24, but the danger is still being “widely underestimated” by both public and private sector organisations, the cyber security chief will warn, calling for the UK to “increase the pace we are working at to keep ahead of our adversaries.”
Mr Horne, who has been in post since October, will warn of “the aggression and recklessness of cyber activity we see coming from Russia”, both from organisations linked to Vladimir Putin’s government and groups operating without direct Kremlin control.
Speaking on Tuesday, he will say: “We can see how cyber attacks are increasingly important to Russian actors, along with sabotage threats to physical security, which the director general of MI5 spoke about recently.
“All the while, China remains a highly sophisticated cyber actor, with increasing ambition to project its influence beyond its borders.
“And yet, despite all this, we believe the severity of the risk facing the UK is being widely underestimated.”
“There is no room for complacency about the severity of state-led threats or the volume of the threat posed by cyber criminals”, he will add, saying the “defence and resilience of critical infrastructure, supply chains, the public sector and our wider economy must improve.”
The NCSC’s report described Russia as a “capable, motivated and irresponsible threat actor in cyberspace” and through its actions in Ukraine Mr Putin’s government is also inspiring “non-state threat actors” not officially linked to the Kremlin to carry out cyber attacks against critical national infrastructure.
Chinese hackers such as the Volt Typhoon group had targeted US infrastructure and “could be laying the groundwork for future disruptive and destructive cyber attacks” while in the UK Beijing-linked groups are believed to have targeted MPs’ emails and the Electoral Commission’s database.
The report also warns that Iran “is developing its cyber capabilities and is willing to target the UK to fulfil its disruptive and destructive objectives” while North Korean hackers were targeting cryptocurrency to raise revenue and attempting to steal defence data to improve Pyongyang’s internal security and military capabilities.
The NCSC also believes that UK firms are being targeted by workers from North Korea “disguised as freelance third-country IT staff to generate revenue for the DPRK regime”.
The report highlights major incidents including the British Library hack in October 2023 and the Synnovis incident in June 2024, which saw a Russian gang carry out a ransomware attack which disrupted health services.
The Synnovis incident, Mr Horne will say, “showed us how dependent we are on technology for accessing our health services. And the attack against the British Library reminded us that we’re reliant on technology for our access to knowledge”.
“What these and other incidents show is how entwined technology is with our lives and that cyber attacks have human costs.”
In all, 2023-24 saw the NCSC receive 1,957 reports of cyber attacks, 430 of which needed support from the centre’s incident management team, up from 371 the previous year.
Of these incidents, 89 were nationally significant, 12 of which were at the top end of the scale and more severe in nature, a threefold increase on last year.
The increasing availability of artificial intelligence can increase the volume and heighten the impact of cyber attacks, the report warned.
Cabinet Office minister Pat McFadden said: “As this report shows, while AI presents huge opportunities, it is also transforming the cyber threat.
“Cyber criminals are adapting their business models to embrace this rapidly developing technology – using AI to increase the volume and impact of cyber attacks against citizens and businesses, at a huge cost.”