The UK's critical national infrastructure has been hit by more than 200 cyber incidents over the past year, with state-linked assailants responsible for three-quarters of the attacks, according to the National Cyber Security Centre (NCSC).
State-Linked Threats
Richard Horne, chief executive of the NCSC, stated that hostile states such as Russia, China, and Iran are increasingly targeting systems behind the UK's key services. Critical national infrastructure includes nuclear deterrents, power plants, hospitals, and airports.
Horne described the UK as engaged in an “ongoing contest with capable adversaries.” He likened the situation to a football or basketball game played across a large field, where success depends on operating across the entire pitch.
AI and Future Threats
Horne warned that advances in AI are likely to accelerate cyber threats, with 2028 being a potential year when such threats crystallize. He emphasized the need for organizations to focus on cybersecurity fundamentals, such as ensuring quick recovery from attacks.
“The many vulnerabilities that organisations tolerate today will be exploited in conflict tomorrow. If they are too expensive or hard to fix in peacetime, then they certainly will be in war,” Horne said.
The emergence of AI models like Anthropic's Claude Mythos has raised concerns about AI-enabled cyber-attacks, though experts note that most breaches still stem from weak authentication and unpatched vulnerabilities.
Widespread Impact
Horne described the cyber threat as affecting boardrooms, IT help desks, and homes. “If we collectively embrace the contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail,” he added.
In 2024, former Chancellor of the Duchy of Lancaster Pat McFadden warned that AI could be weaponized against the UK, with Russia targeting media, telecoms, political institutions, and energy infrastructure, potentially shutting down power grids.
Previous Warnings
In April, Horne cautioned that the UK could face “hacktivist attacks at scale” if involved in a conflict, similar to recent ransomware incidents. His comments echoed a warning from MI6 head Blaise Metreweli, who said the UK was in “a space between peace and war” amid tensions with Russia.
The NCSC recommended in April that consumers adopt passkeys instead of passwords, describing passkeys as a “digital stamp” stored on devices for secure login.
