In its first month of operation, computer experts at the UK’s new GCHQ-led National Cyber Security Centre (NCSC) responded to nearly 70 reported hacking incidents including seven cases of ransomware attacks, it has been revealed.
In a parliamentary question submitted to the government, Jim McMahon, Labour MP for Oldham West and Royton, asked the Cabinet Office to outline how many cybersecurity breaches the government had recorded in the past 12 months.
In response to the question, Cabinet Office minister Ben Gummer MP said the UK government “does not comment on specific details” regarding the severity of cyberattacks but did elaborate further on statistics from the NCSC for the month of October.
“Sixty-eight cyber incidents from all types of organisations were voluntarily reported to the National Cyber Security Centre (NCSC) in its first month,” Gummer said, adding: “Seven of these were reported ransomware incidents.”
He said no more information would be provided “for security reasons” but stressed police and intelligence agencies are “continuously monitoring and managing the security risks to all HMG systems.” He noted that reported incidents varied in “scale, nature and target.”
Based in London, the NCSC was established to help combat the rising threat of cyberattack from nation-state adversaries, criminal gangs, hacking groups and terrorists. It is headed up by Ciaran Martin, a senior officer at GCHQ – the UK’s main signals intelligence (SIGINT) agency.
Recently, the UK has been impacted by a series of high-profile cybersecurity incidents including attacks at Tesco Bank, the National Lottery and mobile network Three. In 2015, telecommunications provider TalkTalk was hit with a hack that exposed over 150,000 customer records.
Despite refusing to release exact figures about hacking attacks, another parliamentary answer from Conservative MP Mike Penning MP, published on 31 October, admitted the UK is “regularly targeted by criminals, foreign intelligence services and other malicious actors.”
In terms of ransomware, it has been confirmed that three NHS hospitals in the UK were targeted last month by a strain of ransomware called Globe2 that forced officials to shut down critical computer systems and cancel nearly 3,000 patient operations.
The UK government believes the introduction of £1.9 billion-worth of investment into cybersecurity will help to bulk up security in the country. In November, an updated National Cyber Security Strategy was revealed that set out ambitious new policies and capabilities.
Chancellor Philip Hammond, in a speech launching the plans on 1 November, said these capabilities will include hacking back against those who attack UK interests.
He said: “In cyberspace those who want to harm us appear to think they can act both scalably and deniably. It is our duty to demonstrate that they cannot act with impunity. So we will not only defend ourselves in cyberspace; we will strike back in kind when we are attacked.”