Dr Melanie Garson, speaking exclusively to Express.co.uk, said that both the Government and private companies have seriously stepped up their cyber defences. But, the possibility of a latent “sleeper cell” like vulnerability in UK systems remains. Dr Garson is a lecturer on conflict resolution and international security specialising in cyberattacks at University College London (UCL).
She said there are big fears about how a cyber attack would play out – as an attack could target energy infrastructure or hospitals.
Attacks on hospitals in the UK are of particular concern following comments from the pro-Russian hacking group Killnet, which threatened to attack NHS ventilators following the arrest of an alleged pro-Russian cybercriminal in London earlier this month.
The threat was posted to the messaging app Telegram by an account reportedly linked to Killnet.
It said: “I will destroy your entire information structure and even your Ministry of Health.
“All ventilators will be attacked.”
Following a catastrophic worldwide ransomware attack which affected the NHS in 2017, hospital cyber defences have been strengthened.
Dr Garson says the most likely scenario for a cyber attack against the UK is a ‘sleeper cell’ like piece of latent code which could already be in the system.
She said: “The biggest fears are these sort of shutdowns on critical infrastructure systems, particularly with the energy grid or possibly on hospitals.”
Dr Garson added: “The key thing about any type of cyber attack, and this is where offensive use is a little bit unpredictable, is that it relies on, usually, on sitting in the system – kind of latent, a bit like a sleeper cell for quite a long time.
“It’s not as if you can push a big red button and it kind of happens. Often it relies on being in the system and then it relies on being undiscovered and not patched for any kind of routine reason during a standard patching exercise.
“The undiscovered vulnerability sits there sort of almost ready to activate when you need it.”
However, Dr Garson said that the UK, US and other Western powers had been working tirelessly to improve their cyber defences making them as “tip-top as possible”.
READ MORE: Putin humiliated following ‘huge losses of elite units’
Private companies like Microsoft and Google were also finding and patching, or fixing, vulnerabilities everyday.
Dr Garson conceded that even with these improved defences, it is possible, if unlikely, that a large-scale cyber attack could slip through Western defences.
She said: “There’s always a possibility that something unknown [is there] or there is something unpatched somewhere.
“There has been, certainly within the critical infrastructure system, a massive campaign to make sure that everyone is taking responsibility and really tightening their belts.”
Dr Garson suggests vulnerabilities could enter into the system through something as low tech as a USB memory stick or accounting software.
She said: “Literally someone comes into work with a memory stick from somewhere and puts it in and it can get into the system.”
: UK issues global alert as Russia ‘expanding’ [LIVE]
Putin puppets warn Russia now has ‘only one target’ in nuclear strike [REPORT]
Rejoiner alliance threat: Boris warned Brexit could be REVERSED [ANALYSIS]
In 2017, a worldwide cyber attack using WannaCry ransomware cost the NHS £92million after 19,000 appointments were cancelled.
The attack reportedly affected 70,000 NHS devices, including computers, MRI scanners, blood-storage refrigerators and operating equipment.
More recently, a ransomware attack in the US shut down a strategic energy pipeline for six days, causing a panicked rush on petrol stations.
Ransomware is software which locks a device or computer and will only unlock when the user has met certain demands, usually involving money.
Although neither of these attacks were attributed to Russia, it is widely accepted the Kremlin sponsors several hacking groups as well as a massive disinformation machine which has directly targeted the West via social media.