'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief

The United Kingdom’s National Cyber Security Centre (NCSC) has “already responded to 50% more nationally significant incidents compared to last year,” its new chief executive announced on Wednesday.

Making his first international address during Singapore International Cyber Week, Richard Horne — who replaced Lindy Cameron earlier this year — warned of a widening gap between cyber threats and the world’s collective ability to defend against them.

“Increased dependence on technology is driving growth and transforming societies, creating exciting new opportunities. It also exposes us to greater cyber risks,” said Horne.

“Without collective action, we risk widening the gap between the escalating threats to our societies, critical services, and businesses, and our ability to defend and be resilient.”

Formerly the head of the cybersecurity practice at PwC, where in 2017 he helped expose the Cloud Hopper campaign, Horne is the first NCSC chief executive with a technical academic background and has a PhD in mathematics and cryptography. 

He told Singapore International Cyber Week that the “threat landscape is growing more complex, with significant incidents on the rise,” noting that in addition to the 50% increase in nationally significant incidents, there was a threefold increase in severe incidents — although neither of these terms reflect NCSC’s categorization model.

Stressing the importance of resilience, Horne said: “To close this gap, we need coordinated global efforts to strengthen cyber resilience, ensure security is built into technology from the outset, and prepare both the public and private sectors to not only defend but also recover swiftly from destructive cyber attacks.”

The dependence on resilience as a response to cyberattacks has been criticized by some, who note that the cumulative efforts in that space have to-date not stopped a surge in cyberattacks over recent years.

Although NCSC’s officials often state it isn’t their job to design government policy, the agency’s description of the issue does suggest the need for more government action on this front — and Horne explicitly called for governments to do more in Singapore.

His calls follow a speech by NCSC’s chief technology officer, Ollie Whitehouse, at the CyberUK conference in Birmingham earlier this year, when Whitehouse warned that the technology market was broken and failing to incentivize building resilient and secure technology. Whitehouse said regulation and legislation were not keeping pace with technology change.

“Today’s innovation is tomorrow’s legacy. The innovative technologies we are building today will become the legacy technologies of tomorrow. We must adopt a lifecycle management approach to ensure they remain secure and resilient in the future,” Horne told the audience in Singapore.

“This is a task that businesses and public services cannot tackle alone. Governments must step in to set the tone and guide the conversation.”