The UK’s National Cyber Security Centre (NCSC) expresses significant concern about the cybersecurity readiness of the nation’s critical national infrastructure (CNI) in its annual review. The report acknowledges progress but emphasizes that cybersecurity resilience in critical areas is not where it should be. Identified threats include nation states and state-aligned actors, particularly from Russia, China, Iran, and North Korea.
Furthermore, the NCSC highlights the enduring and significant threat to CNI operators, citing serious assaults on critical services in the UK over the past year, including attacks on Royal Mail International and software supplier Advanced, impacting the NHS.
Additionally, the ongoing conflict in Ukraine and a general increase in aggressive cyber activity contribute to the heightened threat level. The NCSC notes the interest of state-sponsored actors in compromising and persisting within CNI networks.
Concerns about China’s technological supremacy and its potential to become the predominant power in cyberspace are emphasized by NCSC CEO Lindy Cameron. The report underscores the rise of state-aligned actors expressing a willingness to cause destruction, adding that external assistance is currently unlikely for groups to deliberately cause a destructive impact. However, these groups may become more effective over time.
The NCSC acknowledges an imbalance of priorities for CNI operators in the private and public sectors, where commercial pressures may conflict with cybersecurity goals. The NCSC and the UK government collaborate to mandate resilience across all CNI sectors by 2025. The focus is on improving baseline security and fostering international relationships to share attack data and learnings.
Microsoft emphasizes the importance of information sharing and praises global measures to raise cybersecurity standards for CNI, including those by the US TSA, CISA, the EU, Japan, and Mexico.