Major cyber-attack on the UK is a matter of 'when, not if'

National Cyber Security Centre chief says an attack with the potential to hit infrastructure could come within the next two years.

Sarah McDermott Senior Sub-Editor

Sarah is CNET's senior copy editor in London. She's often found reading, playing piano or arguing about commas.

Expertise Copy editing, podcasts, baking, board games

See full bio

Sarah McDermott

Jan. 23, 2018 5:24 a.m. PT

security-privacy-hackers-locks-key-6780 — A category one (C1) attack could cripple infrastructure.
James Martin/CNET

The UK needs to brace itself for a major cyber-attack, and it's a matter of "when, not if" it happens.

That's according to Ciaran Martin, head of the National Cyber Security Centre. In an interview with the Guardian, he warned that a category one (C1) attack could cripple infrastructure such as energy supplies and the financial services sector. Interference in elections would also be classed as a C1 attack. He anticipates such an attack coming within the next two years.

"Some attacks will get through. What you need to do [at that point] is cauterise the damage," he said.

Last year's Wannacry ransomware hack, which hit hospitals in the UK, was classified as a category two attack.

Rob Norris, VP Head of Enterprise and Cyber Security EMEIA at Fujitsu, responded to the warning, commenting that the risk affects private companies as well as governments. "Cyber attackers are becoming increasingly inventive in their approach and, as demonstrated by the WannaCry attack, often see businesses as a soft target and a relatively easy 'way in' to cause wider disruption," he said.