The head of Britain's National Cyber Security Centre (NCSC), Richard Horne, has warned that nation-state adversaries are responsible for approximately three-quarters of attacks on the country's critical infrastructure. Speaking at a Royal United Services Institute (RUSI) event, Horne described the situation as an active campaign of "prepositioning" by hostile states within these essential networks.
Horne cautioned that “kinetic targeting in any conflict tomorrow will be based on intelligence gathered today,” framing the cyber intrusions as a long-term strategic threat rather than isolated incidents. The warning underscores a shift in how the UK views these digital incursions — not merely as espionage or disruption, but as preparatory groundwork for potential kinetic warfare.
The NCSC chief did not disclose specific sectors most affected or name particular adversaries, but the assessment aligns with broader Western intelligence findings that Russian, Chinese, and Iranian state-sponsored groups have increasingly targeted energy, telecom, and transport infrastructure. The term "prepositioning" refers to attackers implanting persistent access or dormant malware within networks to activate during a crisis.
No specific mitigation measures or technical advisories were announced alongside the speech. The NCSC has historically urged critical infrastructure operators to adopt enhanced monitoring, network segmentation, and zero-trust architectures to detect and evict these footholds before they can be weaponized.
While Horne's remarks carry significant weight given his position, some analysts caution that the figure of three-quarters relies on internal NCSC threat assessments which may not capture the full picture of financially motivated or hacktivist attacks, which also target critical sectors but with different strategic intent.