News Hub

UK at risk of ‘catastrophic ransomware attack’, says parliamentary report

Written by Thu 14 Dec 2023

The UK Government is at risk of a catastrophic ransomware attack because of poor planning and lack of investment, said a parliamentary report.

The report, titled ‘A hostage to fortune: ransomware and UK national security’ said an attack could potentially bring the country to a standstill.

The findings by the Joint Committee on National Security Strategy said many areas of critical national infrastructure (CNI) in the UK are at risk of ransomware attacks, especially in sectors using outdated IT systems. 

“It is clear to the committee that the Government’s investment in and response to this threat are not equally world-beating, leaving us exposed to catastrophic costs and destabilising political interference,” said Margaret Beckett, Chair of the Joint Committee.

Concerns were also heightened in cash-strapped fields like health and local government. The National Crime Agency (NCA) identified supply chains as particularly vulnerable, referring to them as the ‘soft underbelly’ of CNI.

The Joint Committee said the Government should invest significantly more resources in the NCA’s response to ransomware. This will allow the UK to pursue a more aggressive approach to infiltrating and disrupting ransomware attack operators. 

Harjinder Singh Lallie, reader in cybersecurity at the University of Warwick, told The Guardian that a ransomware incident targeting the NHS could disrupt appointments, compromise patient medical records, and affect staff payment systems.

“It could honestly be such a wide range of things. Any one of those could bring the NHS to its knees,” said Lallie.

Lallie added that if computer hardware and operating systems were upgraded every three to four years, the number of disruptions could be lowered.

The Joint Committee concurred. They said that due to these vulnerabilities, a well-coordinated ransomware attack could cripple significant portions of UK critical CNI and public services. This has the potential to cause extensive harm to the economy and daily life.

“It is vital that ransomware becomes a more pressing political priority, and that more resources are devoted to tackling this pernicious threat to the UK’s national security,” said the Joint Committee in the report.

Recommendations for Cyber Resilience

The Joint Committee stressed that due to the inadequate implementation of current cyber resilience regulations, the Government should assess the viability of creating a cross-sector regulator.

The report also said regular national drills should be conducted to simulate the impact of a major ransomware attack on multiple CNI sectors. This should be conducted within the National Exercise Programme.

The Joint Committee said engaging CNI operators in these exercises will help stress-test their response capabilities and ensure a prompt recovery.

The NCSC should also receive funding to establish an enhanced local authority resilience programme. This is expected to provide support for local exercise and secure council supply chains.

Victims of Ransomware

The Joint Committee said the impact of a ransomware attack on its victims is significant, with many organisations taking months to recover. Yet, most victims currently receive almost no support from law enforcement or Government agencies.

To counter this, the report said the NCSC and the NCA should be funded to provide support to all public sector victims of ransomware. The Joint Committee added this should be given to the point of full recovery.

The Government should also work with the insurance sector to establish a re-insurance scheme for major cyber-attacks. This is to safeguard the sustainability and accessibility of the market. 

The report recommended the Government to establish a central reporting mechanism for ransomware attacks. This is to ensure that it has a full understanding of the nature and scale of the threat, and how best to tackle it.

Vice President of UKI and Emerging Markets at Blackberry, Keiron Holyome, said malicious actors are working harder than ever to expand their range and volume of cyberattacks.

“This requires organisations to replace outdated antivirus and firewall protection with next-generation AI-powered cybersecurity solutions that defend against all vulnerabilities, from new ransomware and phishing threats to the very real potential for nation-state attacks,” added Holyome.

Joint Committee Suggests Home Office to Oversee Cybersecurity 

The report said responsibility for tackling ransomware should be transferred from the Home Office to the Cabinet Office. The Joint Committee said this is to ensure that ransomware is treated as a cross-government national security priority.

The report recommended this transfer be in partnership with the NCSC and NCA and be overseen directly by the Deputy Prime Minister.

The Joint Committee said the Government’s reporting on the ‘ambitious’ National Cyber Strategy (NCS) is currently ‘poor’. To improve this, the Committee recommended the National Audit Office to review the Government’s implementation of the NCS. 

The Government was also urged to establish a National Security Council sub-committee, to oversee progress against each of the Strategy’s five ‘pillars’ at least twice per year. 

Finally, the Government was strongly encouraged to bring forward legislation urgently to update the Computer Misuse Act, which is now over 30 years old.

“The UK is well prepared to respond to cyber threats and has taken robust action to improve our cyber defences, investing £2.6 billion ($3.2 billion) under our cyber security strategy and rolling out the first ever government-backed minimum standards for cyber security through the NCSC’s cyber essentials scheme,” said a Government spokesperson.

UK Battle Russian Cyberattacks

The Joint Committee said that most ransomware attacks in the UK originated from Russian-speaking actors. They added the Russian Government’s implicit or explicit endorsement aligns with the Kremlin’s disruptive, zero-sum-game stance towards the West.

However, the committee stressed that while this suggests a state-related threat, many Russian hackers view ransomware as a lucrative opportunity for significant financial gain.

David Gammie, CTO of iomart said: “It’s important for governments and organisations alike to properly secure their infrastructure to minimise damage. The public sector is especially struggling to keep up with this quickly evolving threat landscape and a constant barrage of cyberattacks.

A recent iomart study found that 56% of healthcare and 55% of government officials saw an increase of attacks over the past two years. The research also revealed that 48% of government officials claim it is more difficult to find and retain cyber staff, compared to the 34% total of respondents.

“This should be concerning because of the tangible consequences an attack on CNI and governments can have and the considerable risk for cyberattacks to leak over into the physical world and cause harm.

We cannot afford to leave room for opportunistic adversaries to cause harm due to our mistakes. Afterall, it is no longer a question of ‘if’ you will be attacked, but ‘when’,” added Gammie.

Earlier this week, the UK attributed ‘sustained unsuccessful’ cyber attempts to interfere in UK political processes to the Russian Federal Security Service, the successor to the KGB. As a result, the UK has sanctioned two members of the Russian hacking group, Star Blizzard.

In October, Russian hackers led a cyberattack that forced the Royal Family website offline.

In June, a cybercrime gang, believed to be based in Russia, warned major British companies, including the BBC, British Airways, and Boots to email them before 14 June, or stolen data from a MOVEit hack will be published.

> Read more: Women two-thirds more likely to fear losing critical national infrastructure security jobs than men

Join Cloud & Cyber Security Expo

6-7 March 2024, ExCeL London

Cloud & Cyber Security Expo is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Thu 14 Dec 2023

Send us a correction Send us a news tip