Russian intelligence agents are hacking into computer systems in Britain to “pre-position” themselves to be able to launch devastating cyber attacks, a spy chief warned today.
Ciaran Martin, head of the National Cyber Security Centre, said Moscow was accessing systems in attempts to spy or as a first step towards unleashing attacks on the UK’s critical national infrastructure such as the energy or telecoms networks.
In an interview with The Standard, he said: “One of the things that we need to worry about is the fact that Russia and other hostile states have put down landing points on networks from which they could build out.
“They can use them for spying... but they can also use them as the potential foundation for future destructive attack.”
This “pre-positioning” was an initial step towards an attack and often involved being able to see part or all of a network and potentially altering it without authorisation; it would require considerably more work to unleash a destructive cyber attack.
Mr Martin explained: “If you watch Hollywood movies about cyber, somebody sits at a computer and from start to finish it will take them 30 seconds to hack into the Pentagon or a hospital network and so on..that is not how it works.
“If you are going to launch a destructive attack, you need an entry point, a landing point on that network, and you start and build from there and it takes time.
“If you want to do the most destructive type of cyber attack...unless you are very lucky...it will take time to build knowledge of the network, it will take time to gain the requisite accesses to be able to do the damage that an adversary would be seeking to do.”
Separately, the Cabinet minister in charge of cyber defences today wrote to all of the FTSE 350 companies in the UK to tell them to beef up their security.
David Lidington also announced that “cutting edge intelligence” will be used in new systems to guard giant public sector computers for the NHS and other organisations.
“Our critical national infrastructure continues to be a target for attack from nation states and cyber criminals,” he said.
All public sector infrastructure will be tested in simulations under a new scheme. “It uses cutting-edge intelligence to determine the objectives of our cyber attackers, their priorities for attack, and the techniques and vulnerabilities they may attempt to exploit,” said Mr Lidington.