Major UK cyber attack is 'when, not if', says security chief

A major cyber attack on the UK is a case of “when, not if”, says the head of the National Cyber Security Centre.

Speaking to the Guardian, Ciaran Martin said the country had been lucky to avoid a “category one” attack – targeting infrastructure like energy companies and financial services.

But Mr Martin said the UK was increasing its defence capabilities.

His comments came after Gen Sir Nick Carter called for more defence spendingto tackle the threat.

The head of the British Army said the UK needed to protect itself from “cyber-warfare” from Russia.

Mr Martin told the paper: “I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having a category one attack.”

He also warned that whilst he had not seen any successful attempts to interfere with the UK’s democratic process, there may have been intelligence-gathering taking place for possible future attacks.

Mr Martin said: “What we have seen from Russia thus far against the UK is a series of intrusions for espionage and possible pre-positioning into key sectors but in a more controlled form of attack from others.”

Cyber ‘shift’

The most serious cyber attack on the UK so far took place in May 2016 when WannaCry ransomware hit the NHS.

The attack was classed as a category two incident as there was no risk to life.

Mr Martin warned that there had been a “shift” to more of these types of attacks to try and get money, but those who launched them did not always keep control of them.