The head of the UK’s National Cyber Security Center (NCSC), Ciaran Martin, said that a major cyber-attack on the UK is a matter of when, not if.
Martin said that the UK had been lucky to avoid a so-called category one (C1) attack. Luck? That’s comforting.
A C1 attack is defined as an attack that might cripple infrastructure such as energy supplies or the financial services sector.
Other countries, such as France and the US have already had C1 attacks.
The US? Really? That is because interference with the elections is considered a C1 attack also.
Martin, in an interview with the Guardian, said that he anticipated a C1 attack in the next two years – that he doesn’t expect to make it to 2020 avoiding such an attack.
The NCSC is the public face of GCHQ, the British version of the NSA, so they likely have a pretty good idea of what is happening.
The worst attack the UK has faced so far was WannaCry last year. The NCSC categorized that as a C2 because there was not imminent threat of loss of life. It certainly had an impact on healthcare in the UK.
The NCSC has classified 34 attacks at the C2 level since it opened through the end of 2017 – about 15 months. They cataloged 762 C3 attacks in that same period.
We don’t have similar numbers for the US, but if we did, they would likely be larger. We are a bigger target than most.
President Trump suggested he might use nuclear weapons in case of a cyber attack. Hopefully, he was just bluffing, but that would be a good way to start World War III.
Cyber attacks are not going away any time soon. For nation states, it is pretty easy to “encourage” private hackers in another country to be their attack proxy, which is why using nukes to retaliate is so scary. What if the Chinese made an attack look like it came from Russia? Or Germany? Sometimes attribution is easy, but only if we have already hacked the hacker’s network. If a nation state is effective at getting hackers in another country to launch an attack, then attribution is hard. What if Chinese hackers compromise some computers in some place in the US, say Iowa, and launch an attack from those compromised PCs. If the PCs are consumer owned, it is unlikely that there are any logs to help figure out where the attack was launched from. At that point, figuring out where the attack came from is very, very difficult.
Information for this post came from The Guardian.