UK’s critical national infrastructure: UK critical infrastructure hit by 200 cyber incidents in a year, agency says

UK’s critical national infrastructure: UK critical infrastructure hit by 200 cyber incidents in a year, agency says

UK Critical Infrastructure Hit by Over 200 Cyberattacks in Past Year, Most Linked to State Actors

The UK’s critical national infrastructure faced more than 200 cyber incidents in the past year, with state-linked adversaries responsible for three-quarters of the attacks, according to the National Cyber Security Centre (NCSC). Richard Horne, the NCSC’s chief executive, identified Russia, China, and Iran as the primary hostile states targeting systems underpinning the UK’s nuclear deterrent, power plants, hospitals, and airports.

Horne described the cyber threat landscape as an ongoing contest with capable adversaries, comparing it to a dynamic game played across a broad field rather than a confined battle. He warned that advances in AI could accelerate risks, with 2028 projected as a critical year for emerging threats. While AI-enabled attacks such as those posed by Anthropic’s Claude Mythos model have raised concerns, most breaches still stem from well-known vulnerabilities like weak authentication and unpatched systems.

The NCSC emphasized the need for organizations to prioritize cybersecurity fundamentals, including rapid recovery from attacks, as unaddressed vulnerabilities could be exploited in future conflicts. Horne’s remarks followed earlier warnings from government officials, including former Chancellor of the Duchy of Lancaster Pat McFadden, who highlighted Russia’s targeting of UK media, telecoms, political institutions, and energy infrastructure, with potential risks to power grids.

In April, the NCSC also recommended that consumers transition from passwords to passkeys a more secure, device-stored authentication method to mitigate modern cyber threats. The agency’s warnings align with broader concerns from UK intelligence, including MI6, which has characterized the current security environment as existing in a "space between peace and war" amid rising tensions with Russia.

Source: https://www.theguardian.com/uk-news/2026/jun/17/uk-critical-infrastructure-cyber-incidents-ncsc

National Cyber Security Centre cybersecurity rating report: https://www.rankiteo.com/company/national-cyber-security-centre

"id": "NAT1781714092",
"linkid": "national-cyber-security-centre",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': ['energy',
                                     'healthcare',
                                     'transportation',
                                     'defense'],
                        'location': 'United Kingdom',
                        'name': 'UK Critical National Infrastructure',
                        'type': 'government/state infrastructure'}],
 'description': 'The UK’s critical national infrastructure faced more than 200 '
                'cyber incidents in the past year, with state-linked '
                'adversaries responsible for three-quarters of the attacks. '
                'Russia, China, and Iran were identified as the primary '
                'hostile states targeting systems underpinning the UK’s '
                'nuclear deterrent, power plants, hospitals, and airports.',
 'impact': {'operational_impact': 'potential disruption to critical national '
                                  'infrastructure',
            'systems_affected': ['nuclear deterrent systems',
                                 'power plants',
                                 'hospitals',
                                 'airports']},
 'lessons_learned': 'Advances in AI could accelerate cyber risks, and most '
                    'breaches stem from well-known vulnerabilities like weak '
                    'authentication and unpatched systems. Organizations must '
                    'prioritize cybersecurity fundamentals and rapid recovery.',
 'motivation': ['espionage', 'disruption of critical infrastructure'],
 'post_incident_analysis': {'corrective_actions': ['adoption of passkeys',
                                                   'prioritization of '
                                                   'cybersecurity '
                                                   'fundamentals'],
                            'root_causes': ['state-sponsored cyber threats',
                                            'known vulnerabilities (weak '
                                            'authentication, unpatched '
                                            'systems)']},
 'recommendations': ['Transition from passwords to passkeys',
                     'Address known vulnerabilities (e.g., weak '
                     'authentication, unpatched systems)',
                     'Enhance monitoring and recovery capabilities'],
 'references': [{'source': 'National Cyber Security Centre (NCSC)'},
                {'source': 'UK Government Officials'}],
 'response': {'recovery_measures': ['rapid recovery from attacks'],
              'remediation_measures': ['transition to passkeys',
                                       'enhanced cybersecurity fundamentals']},
 'threat_actor': ['Russia', 'China', 'Iran'],
 'title': 'UK Critical Infrastructure Hit by Over 200 Cyberattacks in Past '
          'Year',
 'type': ['state-sponsored cyberattack', 'cyber espionage'],
 'vulnerability_exploited': ['weak authentication', 'unpatched systems']}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.