Major cyber attack on UK only a matter of time, says NCSC boss

Published on: 23 Jan 2018

A major cyber attack on the UK is a matter of “when, not if”, according to the head of the UK’s National Cyber Security Centre (NCSC).

Speaking exclusively to the Guardian, Ciaran Martin said he believes that the UK has been lucky to avoid a category one (C1) attack so far.

C1 attacks tend to cripple infrastructure such as energy supplies and the financial services sector with a risk to life. The US, France and other European countries have already suffered C1 attacks.

“I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack,” said Mr Martin.

He suggested that absolute protection wasn’t possible and that preparing for the aftermath was equally as vital as preventative and defensive measures.

“Some attacks will get through. What you need to do [at that point] is cauterise the damage,” he added.

So far, the most disruptive cyber attack on the UK was the WannaCry ransomware incident that crippled NHS systems in May 2017. However, this was classified as only a C2 attack with no risk to life.