AI
Attacks and Vulnerabilities
Critical infrastructure
Industrial Cyber Attacks
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Reports
SBOM
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

UK NCSC Annual Review reveals ‘enduring and significant’ cyber threat to critical national infrastructure sectors

November 14, 2023
UK NCSC Annual Review reveals 'enduring and significant' cyber threat to critical national infrastructure sectors

The National Cyber Security Centre (NCSC) recognizes the emergence of state-aligned hackers as a new cyber threat to critical national infrastructure (CNI), the continuation of Russia’s illegal invasion of Ukraine, and the concerns around the potential risks from AI – all of which drive the need for NCSC interventions and support. The agency stated that critical sectors in the U.K. are facing an ‘enduring and significant’ threat, which is partly attributed to the emergence of state-aligned groups and a rise in aggressive cyber activity. 

“2023 has seen the addition of state-aligned actors to the ongoing threat from state actors, as a new and emerging cyber threat to CNI,” the NCSC’s seventh Annual Review disclosed. “While the cyber activity of these groups often focuses on DDoS attacks, website defacements, and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact against western CNI, including in the UK. The NCSC continues to prioritise the resilience of UK CNI.”

The review highlights the ongoing cybersecurity risks faced by the U.K., including evidence of China state-affiliated cyber actors employing advanced capabilities to pursue strategic objectives. These activities pose a threat to the security and stability of U.K. interests. The latest review reflects highlights and milestones between Sept. 1, 2022, and Aug. 31, 2023. 

In May, the NCSC and international partner agencies issued a joint advisory highlighting how recent China state-sponsored activity had targeted critical infrastructure networks in the U.S. and could be applied worldwide. In response to the ongoing challenge from China, the NCSC has called for continued collaboration with allies and industry to further develop its understanding of the cyber capabilities threatening the U.K.

The Annual Review highlights how Russia continues to be one of the most prolific actors in cyberspace, dedicating substantial resources towards conducting operations around the globe and continuing to pose a significant threat to the U.K.

The NCSC has continued to observe cyber activity targeting Ukraine by Russia and Russia-aligned actors, though these appear to be opportunistic rather than strategic. Overall, the impact on Ukraine has been less than many expected, in part due to well-developed Ukrainian cybersecurity and support from industry and international partners, which includes the U.K.’s cyber program.

Elsewhere, Russian language criminals operating ransomware and ‘ransomware as a service’ models continue to be responsible for the most high-profile cyber attacks against the U.K.

The ransomware model continues to evolve, with a sophisticated business model, facilitating the proliferation of capabilities through the ‘ransomware as a service’ model. This is lowering the barriers to entry and smaller criminal groups are adopting ransomware and extortion tactics which are making a huge impact.  

While less sophisticated than Russia and China, Iran continues to use digital intrusions to achieve their objectives, including through theft and sabotage, the NCSC Annual Review identified.

Last  September, the NCSC and international partners issued a cyber advisory highlighting that actors affiliated with Iran’s Islamic Revolutionary Guard Corps (IRFC) targeted known vulnerabilities to launch ransomware operations against multiple sectors, including CNI organizations.

In January this year, the NCSC warned of the threat from targeted spear-phishing campaigns and against U.K. organizations and individuals carried out by cyber actors based in Iran. Spear-phishing involves an attacker sending malicious links, for example via email, to specific targets to try to induce them to share sensitive information. The attacks were not aimed at the public but targeted specified sectors, including academia, defense, government organizations, NGOs, and think tanks, as well as politicians, journalists, and activists. 

The NCSC included five areas of specific interest to the cybersecurity community – setting out the NCSC’s thinking on AI cybersecurity, securing the U.K.’s critical national infrastructure, defending its democratic processes, the future of U.K. cybersecurity services (including the NCSC’s role in their provision), and reflecting on what has been learned from Russia’s further invasion of Ukraine. The agency went on to reiterate its warning of an enduring and significant threat posed by states and state-aligned groups to the national assets that the U.K. relies on for the everyday functioning of society. 

Over the past 12 months, the NCSC has observed the emergence of a new class of cyber adversaries in the form of state-aligned actors, who are often sympathetic to Russia’s further invasion of Ukraine and are ideologically, rather than financially, motivated.  

The Annual Review also highlights how the next general election will be the first to take place against the backdrop of significant advances in AI, which will enable and enhance existing challenges. More specifically, the NCSC assesses that large language models (LLMs) will almost certainly be used to generate fabricated content; that hyper-realistic bots will make the spread of disinformation easier; and that deepfake campaigns are likely to become more advanced in the run up to the next nationwide vote, scheduled to take place by January 2025. 

“Given the pace of change, it is vital that we get ahead of these fast-developing technologies to ensure the right mitigations are in place before the risks emerge,” Oliver Dowden, deputy Prime Minister and Chancellor of the Duchy of Lancaster, and secretary of State in the Cabinet Office, wrote in the NCSC’s Annual Review. “That is why the U.K. hosted the first-ever AI Safety Summit in Bletchley Park in November 2023. Through that summit, we started to spearhead a new form of multilateralism, one that brings together countries, companies, academics, and other experts in the field. Because it is only by working together that we will make AI safe for everyone.”

Dowden added that the same approach is needed towards cybersecurity more broadly. “We need a whole-of-society approach, where government and industry work in partnership – to defend as one – to make us all more resilient as a nation. And those who can must work to shift the burden away from end users and increase protections for all of us, as we increasingly live our lives and do our work in the virtual world. As I said to CYBERUK in Belfast in April, I urge businesses to look again at their security and strengthen it where they can. In turn, the government will do its bit, including through the National Protective Security Authority (NPSA).”

“This next year will come with new challenges,” Dowden wrote. “But by working together in partnership, underpinned by our values and alliances, and by building on the vital work of the NCSC to make the U.K. the safest place to live and work online, we will be ready for them.”

Anne Keast‑Butler, director of GCHQ, wrote that “cybersecurity remains a priority as part of GCHQ’s overall support to Ukraine in the face of Russia’s illegal invasion, as does the NCSC’s response to new and emerging threats, including that to critical national infrastructure (CNI) from state-aligned actors.” 

“AI has the potential to improve cybersecurity by dramatically increasing the timeliness and accuracy of threat detection and response, and while AI offers fantastic opportunities, all sectors need to be clear-eyed about the related cybersecurity risks,” Keast‑Butler detailed. “The NCSC has been championing the case for taking a ‘secure by design’ approach to AI, by building cybersecurity into technology solutions from the outset. Another vital consideration is to ensure diversity and ethics are built into every stage of AI’s development. Potential limitations and biases are cleverly demonstrated by the NCSC’s use of AI to create images for this review.”

“The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech,” Lindy Cameron, CEO of the NCSC, said in a media statement. “As our Annual Review shows, the NCSC and our partners have supported government, the public and private sector, citizens, and organisations of all sizes across the UK to raise awareness of the cyber threats and improve our collective resilience.”

Cameron added that beyond the present challenges, “we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities. We are committed to facing those head-on and keeping the UK at the forefront of cyber security.”

She added that to ensure the NCSC focuses on its most important work and achieves the objectives in the government’s National Cyber Strategy, “we will focus on three priorities over the coming year.”

Cameron identified that the NCSC must improve the U.K.’s cyber resilience to the most significant cyber risks. “We will continue to improve our understanding of the threats we face and use this knowledge to strengthen resilience in the areas that carry the most risk for the U.K., be that across government or to the companies involved in delivering our critical national infrastructure.”

“Secondly, we must retain our edge. Technology is developing faster than ever, and, in an increasingly unpredictable world, our adversaries are seeking to use this change for their own advantage,” according to Cameron. “We must ensure the U.K. retains its edge in the face of future cybersecurity challenges, including those emanating from China, which we know poses an epoch-defining threat in the years to come, as well as those posed by future technology shifts. We will need to ensure that the technology we deploy throughout our economy is secure by design and that we have the technological capabilities and partnerships for the future to enable us to counter these threats as they evolve.”

Lastly, Cameron said that the “NCSC will only be successful in its mission if we are the strongest organization we can be. We must continue to evolve as the U.K.’s national technical authority on cybersecurity, deepening our expertise and continuing to increase the diversity of our workforce. We will continue to listen to and learn from external specialists, ensure our services work for those who use them, and engage in public debates about the implications of evolving technology for our democratic values.”

The NCSC Annual Review expects 2024 to bring considerable challenges and more opportunities.” As has been set out in this review, the protection of democratic processes will be a focus for the NCSC in the U.K., as well as for global partners, as key elections shape the coming year. The NCSC is determined to remain agile in its approach, to ensure the U.K. is competitive and proactive, aiming to sharpen its focus on emerging technologies, like AI and quantum computing

The report added, “We’ll prioritise our collaboration with sector partners, nationally and globally to reach our organisational aims. And 2024 will see CYBERUK move from Belfast to Birmingham, building on our commitment to ensure the NCSC’s presence and guidance is felt across the U.K.”

Chris Grove, director of cybersecurity strategy at Nozomi Networks, said that “as the NCSCs review points out, the U.K., along with other global governments, faces a delicate balancing act. They must mitigate AI’s downsides, such as labor impact, misuse by criminals and nation-states, and inaccurate outputs. However, new regulations can stifle innovation and growth, giving adversaries a technological edge.” 

He added that it is crucial to address these negatives without hindering the positives. “Instead of imposing roadblocks, we should provide guardrails and guidance to support rapid AI development.”

“To counter AI-driven cyber attacks, organizations must enhance efficiency and decision-making abilities. AI is instrumental in achieving this,” according to Grove. “While it’s not yet viable for AI to fully automate cybersecurity, especially in critical infrastructure, its integration can help engineers prioritize tasks, from operations to cybersecurity. Failing to adopt AI could leave organizations at a competitive disadvantage. AI will be integral to many products in our society, making its protection and effective use vital for future growth.”

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates