The National Cyber Security Centre (NCSC) – part of the UK government’s intelligence and security organisation, GCHQ – has warned critical national infrastructure (CNI) organisations to be vigilant to an increased cyber threat “from state-aligned groups” in an alert published today.

The alert emphasised that these groups are not subject to state control and their motivations are not financial, meaning they are unpredictable and will likely have broader targets than typical cyber criminals.

The NCSC has highlighted that some groups, particularly those sympathetic to Russia’s invasion of Ukraine, have stated they intend to cause disruption and destruction on western CNI, including that within the UK.

As such, the NCSC is advising organisations within CNI sectors to be proactive in taking proportionate steps to ensure they are protected – recommending that they implement measures previously recommended prior to the Russian invasion of Ukraine in February 2022.

In addition, the NCSC has advised CNI organisations and their partners to be mindful of the  guidance relating to secure system administration.

Organisations in the sectors listed below, or who are business and/or supply chain partners for these industries, should be aware of the heightened risk of cyber-attack by state-aligned groups.

  • Chemicals
  • Civil Nuclear
  • Communications
  • Defence
  • Emergency Services
  • Energy
  • Finance
  • Food
  • Government
  • Health
  • Space
  • Transport
  • Water

The NSCS’s Cyber Assessment Framework is recommended as a useful tool for such organisations and their partners to assess their current security measures and find areas for improvement.

If you would like any advice around your cyber requirements, please get in touch.

Written by

Hazel Moffat Web 2025Update4

Hazel Moffat

Partner | Board Member

Public Law

hazel.moffat@burnesspaull.com +44 (0)131 473 6328

Get in touch
Jake Wilson

Jake Wilson

Senior Solicitor

Financial Services Regulatory

jake.wilson@burnesspaull.com +44 (0)131 473 6002

Get in touch

Related News, Insights & Events

Data Governance Demands In 2025 2 Blog

Data Spring Webinar Series: Data Governance Demands in 2025

20/05/2025 - Online webinar


Our upcoming data webinar series will consider key data protection compliance requirements, explore data governance best practice, and highlight key areas of interest for the UK regulator (ICO).

Read more
M&S Ransomware Attack What Can We Learn

M&S ransomware attack – what can we learn?

Discussing the recent ransomware attacks on M&S and the Co-op Group, highlighting the risks of cyber crime, potential regulatory consequences, and the importance of strong cyber security measures

Read more
Cyber Security – Fin(E)Al Decisions From The ICO

Cyber security – fin(e)al decisions from the ICO

Highlighting the key ICO findings and what they mean for businesses handling sensitive data, with practical takeaways to help organisations strengthen cyber resilience and reduce regulatory risk.

Read more

Want to hear more from us?

Subscribe here Subscribe here