Categories: SecurityWorkspace

Parliament Finds UK ‘Ill-Prepared’ For Critical Infrastructure Cyber-Threat

The government’s efforts to protect critical national infrastructure (CNI) from a major cyber-attack are “wholly inadequate”, a parliamentary committee has said.

The joint committee on national security strategy urged the Prime Minister to appoint a cabinet cybersecurity minister to provide “focused and proactive political leadership from the centre of government”.

Such leadership is “essential in driving change and ensuring a consistent approach across the many departments and agencies with responsibility for the resilience of CNI to cyber threats”, the committee said in a new report.

The government has assessed major cyber attacks on targets such as CNI as a “top-tier” national security threat, the committee noted.


‘Top-tier’ threat

And yet, it said the current cyber-security structure in the UK does not provide for effective political oversight of the matter.

“We are concerned that the current complex arrangements for ministerial responsibility mean that day-to-day oversight of cross-government efforts is, in reality, led by officials, with ministers only occasionally ‘checking in’,” the report found.

“This is wholly inadequate to the scale of the task facing the government, and inappropriate in view of the government’s own assessment that major cyber-attacks are a top-tier national security threat.”

The committee, made up of senior MPs and peers, also urged the government to continue information-sharing and collaboration on cyber-attacks with the EU during exit negotiations as a matter of priority.

‘Meaningful action’

The committee found that while the government appeared to be prioritising cyber-security, this was as yet merely an “aspiration” that was not being acted on with a “meaningful sense of purpose or urgency”.

Meanwhile, “hostile states” such as Russia are becoming increasingly aggressive in the cyber sphere, and are beginning to explore ways of disrupting critical infrastructure, in addition to more routine activities such as espionage and intellectual property theft, the committee said.

The establishment of the National Cyber Security Centre (NCSC) is a welcome move, but the expectations placed on the GCHQ agency may be “outstripping the resources put at its disposal”.

“There appears to be little beyond anecdotal evidence that the UK is at the forefront of international efforts on cybersecurity,” the report says.

Market forces not enough

Meanwhile, a recent tightening of the cyber-regulatory regime was not the government’s own initiative, “but instead flows from our acceptance of EU-wide regulations”.

More needs to be done at a ministerial level to ensure critical infrastructure operators address cyber-threats at a board level and manage it “proactively”.

But the government is, instead, continuing to “rely on market forces to improve operators’ cyber resilience, despite recognising the previous failure of this approach”, the committee said.

“Too often in our past the UK has been ill-prepared to deal with emerging risks,” said committee chair Margaret Beckett, the former foreign secretary.

“The government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago