NCSC warns of increased threats to critical national infrastructure

National Cyber Security Centre says the public sector faces risks from state-aligned groups. 

NCSC, which is part of GCHQ, warns that the heightened threat comes particularly from state-aligned groups sympathetic to Russia’s invasion of Ukraine

padlock with keys from a keyboard

As the NCSC explains, these groups often align to Russia’s perceived interests but are often not subject to formal state control. This means that their actions can be less constrained and that they have broader targets than those of tradition cyber-criminals. 

This makes the threats less predictable. 

The NCSC alert warns that, ‘While the cyber activity of these groups often focuses on DDoS attacks, website defacements and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact against western critical national infrastructure (CNI), including in the UK.’  

‘We expect these groups to look for opportunities to create such an impact, particularly if systems are poorly protected.’ 

That’s why the NCSC issued its new warning to the wider public sector, as well as to cyber-security professionals and those in large organisations.

Dr Marsha Quallo-Wright, NCSC Deputy Director for Critical National Infrastructure, said: ‘In the wake of this emerging threat, our message to CNI sectors is to take sensible, proportionate steps now to protect themselves.’ 

‘The NCSC has produced advice for organisations on steps to take when the cyber threat is heightened and I would strongly encourage all CNI organisations to follow this now.’ 

This advice includes checking system patching, verification of access controls, and a range of other practical measures.  

NCSC has previously issued detailed guidance on secure system administration and a cyber assessment framework (CAF) for organisations that are responsible for vitally important services.  

The warning of heightened risks was given on the first day of NCSC’s CYBERUK conference held in Belfast, where experts in cyber security have gathered to discuss topics under the theme ‘securing an open and resilient digital future’. 

Earlier this year, NCSC published advice for organisations on how to avoid malicious cyber campaigns in light of phishing attacks from Russia and Iran. 

Photo by FLY:D


Leave a Reply

Your email address will not be published. Required fields are marked *

Help us break the news – share your information, opinion or analysis
Back to top