Internet vulnerabilities are being exploited aggressively by criminals and states alike to an astonishing extent, according to MI5 chief Jonathan Evans.
Speaking publicly for the first time in two years, Evans said entire states, and not just individual criminals, are conducting cyber crime and leaving our government secrets and safety at risk.
Evans, 54, spoke of MI5's efforts to tackle "industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime.
"Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states. The extent of what is going on is astonishing."
The MI5 chief revealed that one "major London listed company" estimated to have lost £800m following a hostile state cyber attack.
Evans, who has been the director general of the British Security Service since 2007, added: "This is a threat to the integrity, confidentiality and availability of government information but also to business and to academic institutions.
"What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and the commercially sensitive information that is the lifeblood of our companies and corporations."
The MI5 chief was delivering the Lord Mayor's Annual Defence and Security Lecture at Mansion House in London on 25 June.
Support of the draft Communications Bill
"It would be extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities while the law enforcement and security agencies were not permitted to keep pace with those same technological changes", Evans said.
If enforced, the draft Communications Bill Evans is defending would give police and intelligence agencies access to "header" information, such as email addresses and mobile phone numbers - and although a warrant would be needed to read the content of emails and text messages, it is still unclear if it is technically possible to separate this material from the "headers".
Looking to the future of cyber warfare, Evans added: "So far, established terrorist groups have not posed a significant threat in this medium, but they are aware of the potential to use cyber vulnerabilities to attack critical infrastructure and I would expect them to gain more capability to do so in future."
Security expert Graham Cluley has weighed in on Evan's speech, saying on his Sophos Naked Security blog that it is no longer the hobbyist hackers - those who hack for fun or to show off, with no malice - that we need to be worried about, but state-sponsored cybercrime and espionage, that are the real threats to national security.
"This area of cybercrime is shrouded in the deepest, thickest fog - and attribution continued to be a monumental problem - but speculation about government and military use of the internet to spy continues to grow.
Cluley adds: "It would be naive to think that states were not using the internet for such malicious and criminal activity as to hack computers and install malware.
"After all," Cluley says: "it's probably cheaper and less dangerous to spy on another state's government or a foreign company using malware than to use the old-fashioned method of planting a physical agent there.
"So, yes, I'm not astonished to read that UK businesses and governments are believed to be under internet attacks from other states. But I also acknowledge that my own country is likely to be doing the very same thing.
"That means that all of us, wherever we are in the world, should be working hard to maximise our computers' security."