The boss of the new cyber security centre warns British infrastructure will only be safe when all outdated software is replaced.
The CEO of the new National Cyber Security Centre (NCSC) has warned the UK will face “a first order incident” of a “hostile foreign cyber attack”.
The NCSC will open in October and be part of GCHQ, the signals intelligence agency.
In his first public speech as CEO, Ciaran Martin told an audience in Washington that “development of lawful and carefully governed offensive cyber capabilities” was necessary “to combat and deter the most aggressive threats”.
According to Mr Martin, there were, on average, 200 national cyber incidents each month in 2015.
The USA, France and Ukraine have suffered first-order cyber attacks: the hack of Sony by North Korea; France’s TV5 Monde taken off air, apparently by a Russian hacking group; and an attack on Ukraine’s power grid that took several stations offline, leaving thousands without electricity.
Mr Martin also pointed to the problem of securing critical national infrastructure – networked computer systems like power and transport which rely on outdated and exploitable software.
“We can and are doing our best to mitigate the risks, but the strategic solution can only come when they are replaced,” he said.
He pointed to the NCSC’s work in developing brand new pieces of critical national infrastructure, in the new Universal Credit System and in work on smart meters, intelligent gas and electric meters installed in people’s homes and connected to the grid.
Much of the threat from online attacks doesn’t come from sophisticated actors, though, Mr Martin said.
He said the UK’s approach was to automate its defences against “these unsophisticated but prolific attacks” – using what he described as “active cyber defence”.
Active cyber defence involves automatically blocking government emails from incongruous IP addresses; sending automated takedown notices to the people (perhaps unwittingly) hosting attacks and by working with internet service providers (ISPs) to set up automatic filtering of known malicious websites and software.
Users will be able to opt out of the scheme.
Mr Martin also promised that the NSCS would publish data on its performance. (Sky News)