Next ‘cyber crisis’ will probably be an accident, says outgoing NCSC chief

Ciaran Martin fears combination of departmental error and ransomware attacker “not really understanding what they’re doing”
Ciaran Martin photographed by Andrew Milligan/PA Wire/PA Images

By Jim Dunton

04 Sep 2020

Former National Cyber Security Centre chief executive Ciaran Martin has said he believes the next cyber crisis the UK faces is likely to be a chance collision of staff error and lack of insight on the part of the attackers.

Martin, who stepped down from the helm of NCSC earlier this week, said just as 2017’s WannaCry ransomware attack had not deliberately targeted the NHS – despite going on to create chaos for health-service systems running on outdated Microsoft OS – a similar situation could happen again.

"My guess would be the next cyber crisis will probably be, at least in part, an unintentional consequence of an attacker not really understanding what they're doing," Martin told the BBC in an exit interview.

His fear, he said, was that someone working in a company or government department would make a small mistake that left an important system open to ransomware. He did not specify departments that may be particularly vulnerable.

Martin became GCHQ’s director general responsible for cybersecurity in 2013 and oversaw the creation of the National Cyber Security Centre – an executive agency of GCHQ – after the 2015 general election. He left the role on Monday to become a professor of practice in public management at Oxford University’s Blavatnik School of Government.

His successor at NCSC is Lindy Cameron, the former second-in-command at the Northern Ireland Office.

In his exit interview, Martin also broached security concerns related to reliance on Chinese technology – after the government U-turn over Huawei's role in 5G telecommunications.

"We have never been in any way naive about risks associated with Chinese technology," Martin said, suggesting the UK needed to do some hard thinking about how to position itself. 

Martin was more sanguine on the threat posed by Chinese-owned social-media phenomenon TikTok, despite US president Donald Trump declaring the firm a threat to domestic security.

"The amount of personal data it collects, people need to be aware of," Martin said, but "it is slightly less than some of the others".

Martin is more concerned about Russia’s position in the cyber-threat rankings, but insists activity – such as accusations of interference in 2019’s general election – has not yet had a demonstrable impact on UK politics.

“We are talking a lot more about political interference in 2020 than we were in 2014," he said. "It shows that there is an ongoing threat to democratic processes." 

But he added: "It is not the case in my judgement that there has been sustained high-quality effective disruption of UK politics by the Russians."

Martin said it should not be the job of UK intelligence agencies to regulate political debate.

"No-one wants to live in a country where the likes of parts of GCHQ or MI5 are in charge of verifying political information in the midst of an election," he said.

Read the most recent articles written by Jim Dunton - MoJ demands answers after prison-staffing exposé

Share this page