Time to get national cybersecurity strategy in order, UK committee warns
Mon 19 Nov 2018
As the threat to critical national infrastructure rises, a parliamentary committee has warned the UK is ‘wholly’ unprepared to stop a devastating cyberattack
Much has been made of Russia’s aggressive cyber-offensive in recent years, and while the UK has made threats of its own, the joint committee on national security strategy says the country needs to first and foremost shore up its own cyber defences, lambasting ministers for failing to act with a “meaningful sense of purpose or urgency”.
The committee called on Theresa May to appoint a cybersecurity minister, and prioritise multilateral cybersecurity cooperation, such as information sharing, with the EU during the ongoing Brexit negotiations.
The current state of UK cybersecurity strategy amounts to an awareness of the problem, without much in the way of concrete solutions, said the committee.
If UK critical national infrastructure were attacked it would represent a “top-tier” threat to national security, with potentially “devastating” consequences.
The most serious cyberattack on the UK so far was the WannaCry ransomware attack in May last year that disrupted hospitals. Although impactful, no patients were at risk, and only 1% of NHS activity was directly affected.
As more of UK critical infrastructure becomes connected through edge deployments, such as smart traffic and autonomous cars, it is no exaggeration to say that we are entering a period of unparalleled vulnerability that must be addressed.
“Identifiable political leadership is lacking. There is little evidence to suggest a ‘controlling mind’ at the centre of government, driving change consistently across the many departments and CNI sectors involved,” said the committee.
The committee criticised a lack of serious engagement from ministers and said the recently established National Cyber Security Centre is receiving inadequate funding.
“We are concerned that the current complex arrangements for ministerial responsibility mean that day-to-day oversight of cross-government efforts is, in reality, led by officials, with ministers only occasionally ‘checking in’.”
“This is wholly inadequate to the scale of the task facing the government, and inappropriate in view of the government’s own assessment that major cyber-attacks are a top-tier national security threat.”