Action needed on 'devastating' cyber threat: report
Written by Hannah McGrath
The government is failing to move quickly enough to counter the threat of a “potentially devastating” cyber attack on the UK’s critical national infrastructure, a parliamentary committee has warned.
A report published today by the Joint Committee on National Security Strategy has warned of the potential consequences of a major cyber hack on key sectors including energy, financial and health services, transport and water - so-called critical national infrastructure (CNI)- which, if disrupted, could pose a threat to national security.
It stated that the threat of a major cyber attack is “as credible, potentially devastating and immediate as any other threat faced by the UK” and added that the government was “not acting with the urgency and forcefulness that the situation demands”.
The report argued that “identifiable political leadership is lacking” and the committee had found little evidence to suggest a ‘controlling mind’ at the centre of government. As a result, the group of MPs urged the government to appoint a single cabinet office minister charged with delivering improved cyber resilience across the UK’s national infrastructure.
Last month, Ciarian Martin, head of the National Cyber Security Centre (NCSC), warned that a major cyber attack on the UK is a matter of ‘when, not if’.
The report acknowledged the work done by the NCSC to improve the UK’s cyber resilience since it was established two years ago, but raised concerns that expectations of the GCHQ-run centre were “outstripping the resources put at its disposal by the government".
The report read: “The G=government has explicitly acknowledged that it must do more to improve the cyber resilience of our critical national infrastructure, irrespective of whether it is owned or operated in the public or private sector.
“While we applaud the aspiration, it appears the government is not delivering on it with a meaningful sense of purpose or urgency. Its efforts so far certainly fail to do justice to its own assessment that major cyber attacks on the UK and interests are a top-tier threat to national security.”
Moreover, the report suggested that the threat to the UK from cyber attack and cyber espionage is “both growing and evolving”, naming malicious state actors including Russia as preparing for disruptive attacks on national infrastructure such as those which affected Ukraine’s energy grid in 2015 and 2016.
It also warned that some organised criminal groups are becoming as capable as states in their hacking ability, thereby increasing the threat from potential attackers.
The UK’s national infrastructure is “a natural target” for a major cyber attack because of its importance to daily life and the economy.
“Public opinion as yet has only a limited appreciation of what could befall us as a result of cyber attacks, which present as credible, potentially devastating and immediate a threat as any other that we face,” the report stated.
The committee urged the government to do more to help public and private sector providers of critical national infrastructure - so called CNI operators - to extend their supply chains and ensure that cyber security issues are addressed at board level as a business risk that must be proactively managed.
Announcing the report’s conclusions, Margaret Beckett, chairwoman of the joint committee, said: “We are struck by the absence of political leadership at the centre of government in responding to this top-tier national security threat.
"There are a whole host of areas where the government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.”
She said that the UK has too often been ill prepared to deal with emerging security risks and called for greater openness about our vulnerability, leading to measures which match the gravity of the threat to critical national infrastructure.
Earlier this month, the Bank of England conducted a cyber security ‘war gaming’ exercise with banks and financial institutions today to test the UK’s resilience in the face of a major cyber attack.