The UK’s National Cyber Security Centre (NCSC) has raised the alarm about escalating threats to the nation’s Critical National Infrastructure (CNI) and warned that resilience is not at the required level.
“The threat is evolving. While we are making progress building resilience in our most critical sectors, we aren’t where we need to be,” states a NCSC report this week.
Dominic Trott, Director of Strategy and Alliances at Orange Cyberdefense, commented on the pressing need to protect vital assets: “Thwarting cyber-attacks targeting critical national infrastructure has always been important, as the consequences of failing to do so are profound.”
The report highlighted the evolving nature of cyber threats, with nation-states and state-aligned actors – particularly those linked to Russia, China, Iran, and North Korea – identified as major concerns. The conflict in Ukraine and a general surge in aggressive cyber activity contribute to the increasing risk to the UK’s CNI.
Over the past year, the UK has witnessed serious cyber assaults on critical services, including a significant attack on Royal Mail by the LockBit group and a breach at software supplier Advanced, forcing the NHS to resort to pen and paper.
The NCSC underscored the international dimension of the threat, citing major attacks on CNI in Ireland and the US. A detailed account from the Danish cybersecurity agency revealed a relentless two-week onslaught on over 20 CNI targets, emphasising the speed at which vulnerabilities can be exploited for widespread disruption.
The review also emphasised the need for CNI operators to address the imbalance of priorities. Commercial pressures on private sector operators, including the obligation to prioritise profits and shareholder value, can sometimes conflict with cybersecurity goals. Even in the public sector, where such pressures are absent, the delivery of critical services may compromise cyber resilience.
To counter these challenges, the NCSC and the UK government are collaborating to mandate resilience targets for all CNI sectors by 2025. The objective is to ensure every operator can defend against prevalent threats. The NCSC is also fostering international partnerships to share attack data and learnings, aiming to enhance global resilience based on collective experience.
“As ever, any cyber-resilience programme within CNI firms must begin with the security fundamentals, such as educating employees on the threats they face and the importance of adopting good basic security hygiene” commented Dominic Trott.
“They should also prioritise patch management to update and rid key systems of any potentially catastrophic vulnerabilities, which can prevent many breaches before they even occur.”
The inclusion of generative AI tools and the shift towards renewable energy in the energy sector add further layers of complexity to the cybersecurity landscape, requiring a comprehensive approach to security beyond basic hygiene factors.
“Orange Cyberdefense is pleased to see the NCSC and the UK government encouraging the adoption of a nationwide ecosystem approach to national resilience,” Trott added.
As the cyber threat landscape continues to evolve, the NCSC’s call for a unified effort and improved baseline security across industries underscores the imperative for collective action in safeguarding the UK’s Critical National Infrastructure.
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with Digital Transformation Week.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.