NCSC: AI will increase speed and scale of critical infrastructure attacks

NCSC logo superimposed with a translucent background in front of an office building
(Image credit: Getty Images)

The UK’s National Cyber Security Centre (NCSC) has raised concerns over the rising possibility of AI-supported cyber attacks against critical national infrastructure (CNI) targets.

In its annual review, the security center warned that state-aligned threat actors are accelerating attempts to disrupt critical targets, such as hospitals or organizations operating in the energy sector. 

The NCSC pointed toward a range of tactics employed by threat actors, including ransomware and DDoS attacks, as well as the spread of misinformation to create chaos across the UK. 

“2023 has seen the addition of state-aligned actors to the ongoing threat from state actors, as a new and emerging cyber threat to CNI,” the review states. 

“While the cyber activity of these groups often focuses on DDoS attacks, website defacements, and/or the spread of misinformation, some have stated a desire to achieve a more disruptive and destructive impact against western CNI.”

The report further warned that the use of generative AI tools among threat actors could pose heightened threats to infrastructure targets across the country. 

“Our adversaries - hostile states and cyber criminals - will seek to exploit AI technology to enhance existing tradecraft,” it said. 

“In the short term, AI technology is more likely to amplify existing cyber threats than create wholly new ones, but it will almost certainly sharply increase the speed and scale of attacks.”

RELATED RESOURCE

Managing Data for AI and Analytics at Scale with an Open Data Lakehouse Approach: IBM watsonx.data whitpaper

(Image credit: IBM)

Learn about the key building block that comprise AI governance

DOWNLOAD NOW

Threats to CNI have been rising in recent years. A UK government report in August suggested that a successful attack against a target could wreak havoc on-par with a chemical or biological warfare attack

Andy Kays, CEO of Socura, a Cardiff-based security firm that works with CNI providers such as NHS trusts, said attacks on infrastructure targets have been escalating and have the potential to cause widespread national disruption. 

"Attacks on UK banks, hospitals and energy providers have all increased in recent years, especially since the start of the Ukraine war," he said. 

"These are typically well-resourced organizations, but they are prime targets for adversaries who are seeking to cause maximum disruption. The UK can always do more to protect these critical assets."

Ransomware still a potent threat

Ransomware still remains a pervasive and potent threat to critical national infrastructure, according to the NCSC, with threat actors now switching tactics to include double extortion techniques. 

Double extortion techniques differ from a traditional ransomware approach by both exfiltrating and encrypting stolen data, providing the threat actor with an additional degree of leverage to demand payments.

The NCSC warned that Russian-speaking threat actors have been observed conducting these style of attacks to great success in recent months.

Kevin Curran, IEEE senior member and professor of cyber security at Ulster University said the Colonial Pipeline attack in May 2021 still serves as a reminder of the devastating impact such an attack could have on CNI. 

"Ransomware remains one of the biggest threats to critical national infrastructure. Attacks have increased tenfold and in severity,” he said. 

“Consider the more recent attack in May 2021 on the Colonial pipeline in the US which runs from Houston to New Jersey and controls 50% of the fuel supply in North America.

"It revealed the damage ransomware can pose to vital national infrastructure and public services, which seem to be the main target at present, as it causes the most disruption."

AI election meddling 

AI-based cyber threats were a common recurring talking point in the NCSC’s annual review, with the center warning that countries such as Russian, China, or Iran may use the technology to interfere in elections. 

According to the report, the rise of AI and geopolitical pressures are putting UK electoral processes at risk. 

NCSC chief executive Lindy Cameron said geopolitical threats have been rising rapidly since the Russian invasion of Ukraine in February 2023, and warned that the country can expect to see additional threats in the coming years. 

"The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine, but also from the availability and capability of emerging tech," she said.  

RELATED RESOURCE

AI for customer service whitepaper

(Image credit: IBM)

AI for customer service

Get an overview of the conversational AI landscape and its three most common use cases

DOWNLOAD NOW

"Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities."

The UK government has said it's almost certain that Russian actors attempted to interfere with the 2019 general election. And, with the next set to take place before the end of January 2025, the NCSC warned that the changing geopolitical situation has made the prospect of influencing the political discourse ever more attractive.

The center warned threat actors will “almost certainly” harness large language models (LLMs) to generate election disinformation, which could then be spread by AI-created hyper-realistic bots. 

Simon Thompson, head of data science and AI at digital transformation firm GFT said the prospect of AI-generated misinformation is a serious concern given the current maturity of technologies designed to mitigate these threats.

"As it stands, the technology that is being used to assess and flag AI-made content, both positive and negative, has not yet matured as much as we would have hoped to prevent this content from reaching its intended audiences," he said.

"This means that election commissions and those charged with protecting the sanctity of the electoral process will have to focus on the impact that the technology could have on the democratic process and seek ways to combat it." 

The review also highlights a new trend of malicious actors targeting the personal email accounts of high-profile and influential individuals involved in politics. 

This warning from the NCSC follows a campaign conducted by Chinese-linked threat actors earlier this year which saw email correspondence belonging to US State Department officials exposed.  

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.