GCHQ foils Northern Ireland cyber attack
Exclusive: Omagh-born spy boss reveals ‘hostile foreign states’ target our infrastructure
Northern Ireland infrastructure has been hit by "significant" online attacks from hostile nations, the boss of the UK's top cyber security agency has revealed.
National Cyber Security Centre (NCSC) CEO Ciaran Martin (43), who is from Omagh, made the revelation on a two-day visit to Belfast, during which he briefed the permanent secretaries of Stormont departments and delivered a speech at Queen's University.
In an interview with the Belfast Telegraph, Mr Martin said major cyber attacks are inevitable, but the damage they do can be limited.
The Oxford University graduate explained: "We believe the aim is that they'll want to pre-position for times of tension, or they'll want to find out how systems work, so that potentially they can compromise them in future. Attacks on critical infrastructure are going to happen - what's important is that they can't do as much harm as they might otherwise do."
The NCSC was set up by the UK Government last year and is implementing a £1.9bn, five-year National Cyber Security Strategy.
Mr Martin moved to lead it from his previous position as GCHQ's director general for cyber security.
In its first year of operation, the NCSC managed 590 significant cyber incidents across the UK, and prevented tens of millions of attacks through active cyber defence measures.
While Mr Martin said that the UK had not yet been the subject of a 'category one' very serious national level emergency, such as an attack on power grids or a State broadcaster, he added that his organisation expected a "significant scale attack" in the next few years.
He said: "The risk is there, I don't want to over-hype the risk, but in a digital economy like NI there are critical systems - the NHS, there will be power grids and so forth - so part of our job is to help the owners of those networks and make sure that if there is a large-scale very serious attack that it can only do a certain amount of damage and it can't paralyse the system. Part of the NCSC's job is, over time, to build in that resilience into the system so that large-scale damage is less likely.
"So a very serious attack is possible. I wouldn't say it's statistically more probable or less probable that it would happen in Northern Ireland than England or the Republic or somewhere else. What I would say with high confidence is that there is an everyday risk to the economy here from that sort of low sophistication, but highly prolific, set of attacks. There is always the potential for a very serious attack, and certainly at a UK-wide level I think we expect a 'significant scale attack' in the next few years."
The agency chief revealed that much organised cyber crime originated in eastern Europe, particularly Russia.
He continued: "Mostly you're just talking about low-level prolific tech where someone wants to steal a few hundred pounds, someone wants to hold a business to ransom, someone wants to steal a data set. It's just that corrosive, low-level damage where each individual attack is of no particular strategic significance, you add them all up and you've got a big problem and that's what we're trying to fix.
"The main source of cyber attacks are hostile foreign states and international criminal groups, they're not terrorist groups or paramilitary groups whether here in Northern Ireland or elsewhere. Paramilitary and terrorist groups across the world tend not to have very sophisticated cyber attack capabilities. It's mostly an organised criminal network, it may be under the sponsorship of the state, but it's a bunch of people sitting in cubicles looking at screens trying to do a large-scale attack."
Last December, a Ballymena teenager was given a 12-month youth rehabilitation order and had his smartphone and computer hard drive confiscated after admitting hacking offences linked to the 2015 TalkTalk data breach.
At the time of the offence the youth was just 15.
Mr Martin said that the technique used to hack the firm "dated back to 1998" and that it "shouldn't have been able to use a technique from the 20th century to get into a 21st century network."
He explained: "The learning from that is that people need to put in place those steps to get the basic defences right."
Estimating the "ball park" annual cost of cyber crime to the Northern Ireland economy at around £100m, Mr Martin said that the biggest threat was from "pretty unsophisticated and very large-scale cyber attacks where people are trying to steal money or identities".
He advised that everyone take "sensible precautionary measures" against online threats.
"The main types that you're likely to encounter are theft of credentials in order to enable identity fraud, and as we've all seen, ransomware, where businesses are held to ransom - their data stolen and all their files are encrypted and they are asked to pay. Both of those are very large-scale problems," he said.
Mr Martin also revealed that he will be returning to Belfast in a few weeks' time to open a new research institute based around Queen's University - the Cyber Security Research Institute - which would be "one of the leading centres of research in the UK" and would be accredited by the NCSC.
When asked about his career trajectory to the top tier of GCHQ, he said it has been a privilege to lead the NCSC.
"It wasn't something that I thought I would do, but I've been in government cyber security for nearly four years and it's been an absolutely brilliant experience," he said.
Prior to his role at GCHQ, he spent eight years in the Cabinet Office.