The National Cyber Security Centre (NCSC) – part of the UK government’s intelligence and security organisation, GCHQ – has warned critical national infrastructure (CNI) organisations to be vigilant to an increased cyber threat “from state-aligned groups” in an alert published today.

The alert emphasised that these groups are not subject to state control and their motivations are not financial, meaning they are unpredictable and will likely have broader targets than typical cyber criminals.

The NCSC has highlighted that some groups, particularly those sympathetic to Russia’s invasion of Ukraine, have stated they intend to cause disruption and destruction on western CNI, including that within the UK.

As such, the NCSC is advising organisations within CNI sectors to be proactive in taking proportionate steps to ensure they are protected – recommending that they implement measures previously recommended prior to the Russian invasion of Ukraine in February 2022.

In addition, the NCSC has advised CNI organisations and their partners to be mindful of the  guidance relating to secure system administration.

Organisations in the sectors listed below, or who are business and/or supply chain partners for these industries, should be aware of the heightened risk of cyber-attack by state-aligned groups.

  • Chemicals
  • Civil Nuclear
  • Communications
  • Defence
  • Emergency Services
  • Energy
  • Finance
  • Food
  • Government
  • Health
  • Space
  • Transport
  • Water

The NSCS’s Cyber Assessment Framework is recommended as a useful tool for such organisations and their partners to assess their current security measures and find areas for improvement.

If you would like any advice around your cyber requirements, please get in touch.

Written by

Hazel Moffat Web 2025Update4

Hazel Moffat

Partner | Board Member

Public Law

hazel.moffat@burnesspaull.com +44 (0)131 473 6328

Get in touch
Jake Wilson

Jake Wilson

Senior Solicitor

Financial Services Regulatory

jake.wilson@burnesspaull.com +44 (0)131 473 6002

Get in touch

Related News, Insights & Events

Data And The Digital Economy Conf

Data and the digital economy: Managing risk and making the most of opportunities

30/09/2025 - Edinburgh


Data is everywhere – and the ways in which we’re collecting, processing and utilising it are constantly evolving, while regulation and governance best practice struggles to keep up.

Read more
Data Protection Complaints Set To Surge Are You Prepared

Data protection complaints set to surge: Are you prepared?

26/08/2025

The recently enacted Data (Use and Access) Act 2025 introduces some important changes to existing UK data protection laws.

Read more
Sanctions Spotlight Summer 2025 6

Sanctions Spotlight – Summer 2025

11/08/2025

This sanctions update looks at key regime and legal changes, UK sanctions enforcement activity, and ownership and control issues.

Read more

Want to hear more from us?

Subscribe here Subscribe here