#InfosecurityEurope2022: The NCSC Sets Out the UK’s Cyber Threat Landscape

Written by

The current state of the UK’s cyber threat landscape was outlined by Marsha Quallo-Wright, deputy director for critical national infrastructure at the National Cyber Security Centre (NCSC), during a keynote address on the final day of Infosecurity Europe 2022.

Quallo-Wright began by describing the cyber threats posed by nation-states, particularly Russia and China. She said that Russia remains “one of the world’s most prolific cyber actors and dedicates significant resources to conducting cyber operations across the globe.” However, the threat from Russia to the UK has not significantly changed since the start of the invasion of Ukraine. Nevertheless, the conflict “has demonstrated that Russia’s risk appetite has grown significantly” regarding its willingness to use cyber to “further its wider aims and ambitions.”

Indeed, the NCSC and international partner organizations have attributed a number of high-profile attacks related to the conflict to Russian state actors, including the Viasat incident on the eve of the invasion of Ukraine on February 24. Therefore, the NCSC recommends that organizations prepare for a dynamic situation that is liable to change rapidly.

Quallo-Wright then emphasized that a more significant long-term threat comes from China, citing GCHQ director Jeremy Fleming’s assertion that “Russia is affecting the weather, but China is shaping the climate.” She described the nation’s “highly sophisticated” activities in cyberspace, born out of its “increasing ambitions to project its influence beyond its borders.” This includes a keen interest in the UK’s commercial secrets. This was demonstrated by the attacks on Microsoft exchange servers last year, which was “highly likely the most severe state-sponsored cyber-attack of 2021.”

In addition to nation-state attacks, Quallo-Wright noted that cybercrime is continuing to rise, with ransomware a continuing concern. She said that in 2022, “the ransomware threat has not diminished, rather it’s evolving.” The likely impact of a ransomware incident on a critical infrastructure organization means this attack vector “is potentially as harmful as state-sponsored attacks.”

Going forward, Quallo-Wright expects these attacks to grow in scale, with threat actors likely to increasingly target managed service providers (MSPs) “to gain access to a wider range of targets.” More generally, she believes cyber capabilities will become more commoditized over the next few years, meaning they are “increasingly available to a larger group of would-be attackers who are willing to pay.”

Quallo-Wright also pointed out the danger posed by the growing use of connected devices in everyday operations, as it is creating a wider attack surface. “For CNI providers, it stresses the need for resilient systems to reduce the likelihood of a successful incident.”

The geopolitical ramifications of growing cyber-attacks were then addressed by Quallo-Wright. One issue is companies “selling high-end capabilities to governments.” Therefore, it is essential that agreements are put in place to ensure “all cyber actors use capabilities in a way that is legal, responsible and proportionate.”

Additionally, there is a battle ahead for the next stage of the internet. Quallo-Wright noted that key emerging technologies are moving eastwards, which “may not have those democratic values baked in” and are likely to be used to control citizens. The UK and its allies must respond effectively to this threat to “invent the next generation of the internet.”

What’s hot on Infosecurity Magazine?