British Cyber Security Strategy Is ‘Chaotic’

Responding to potential threats at a national level is unfeasible given the time ministers are currently dedicating to Brexit negotiations, says shadow Cabinet Office minister. The UK cyber security strategy is in a “chaotic” state, shadow Cabinet Office minister Jo Platt (pictured) has said.

Speaking at the ICT Public Sector event on 21 March 2019, Platt told the audience the security measures in place to protect the UK against a cyber-attack were insufficient.

“The current cyber strategy is not fit for purpose, it does not put the public interest first,” the Labour MP pointed out.

Platt said that since joining the shadow cabinet, she had met with several associations and trade bodies, many of which have said they lack direction, leadership and vision from government.

“It’s not difficult to see why. The current organisation of cyber across government is chaotic,” the shadow minister said, citing that six departments have various cyber responsibilities, with the same amount of secretaries of state and sets of civil servants, who deliver six different responses to the cyber security issue, without any cohesion.

Many point to Cabinet Office minister David Lidington for such direction, Platt said, which is unfeasible given the time he is currently dedicating to Brexit negotiations. “He just cannot be providing the focus, the drive and the steer needed,” she said.
Referring to the Joint Committee on National Security Strategy, which pointed out that ministerial responsibilities meant that everyday oversight of cross-government efforts was a task carried out mostly by officials, Platt said cyber security was not a task that could be delegated.

“Our nation’s cyber security cannot be led by ministers who just occasionally check in. I find it negligent that an issue with the gravity, the seriousness and the urgency of cyber security, an issue we know presents grave dangers, is treated as a side job, a distraction, an addition by this government,” Platt said.

The shadow minister argued that such an approach was “hardly surprising” as the government had “doubled up the role of Cabinet secretary with that of national security advisor” and “failed to appoint a chief data officer and a permanent chief security officer”.

“This is from the same government that has no idea how many public sector computers are running Windows XP, almost two years after WannaCry,” Platt said, adding that the government fails to record the number of attacks that hit the public sector each year.

Earlier this month, the National Audit Office (NAO) criticised the Cabinet Office over failings in how it set up the National Cyber Security Programme (NCSP), which means it may struggle to meet its goals. The NAO said it was unclear whether or not the NCSP, which was created in 2017 to establish a “focal point” for cyber security activity across government, would achieve any of its wider strategic outcomes by 2021.

To address the issues, Platt said a Labour government would create a new framework for tackling cyber security threats and facilitating cooperation and coordination across Whitehall and local authorities, which would also be provided with more resources.

Platt also said the current government’s cyber security plan “openly and explicitly” expects private companies to address threats.

“The UK’s cyber security measures] entrust [the private sector] to close the gaps without even a carrot or a stick. To put it simply, it too often asks private companies to find the solution to a public good,” Platt argued.
“We must be unafraid to reclaim the cyber landscape and to confidently put the public interest first, because where corners are cut, vulnerabilities lay idle and we take our eyes off the ball, other actors, hostile to us, will step in.”

Plugging the Cyber Security Skills Gap
Addressing the skills gap was also cited in Platt’s speech. She said 54% of all businesses and charities had a basic technical cyber security skills gap, but the government hadn’t even calculated the shortages in that particular area of expertise. Citing the current administration’s Immediate Impact Fund, designed to quickly plug the gap and help around 50,000 people, Platt said the fund was helping just 170 individuals.

“Clearly, the plan is failing,” she said, adding that rather than placing responsibility on the private sector to solve the skills issue, the government needed to take more effective action.

Platt said Labour intended to create regional skills councils to develop expertise and introduce a “vibrant cyber sector” to help vulnerable communities.

“We must look towards place-based schemes, not only to revitalise areas left feeling hollowed from the process of de-industrialisation, but also to ensure that no matter where a business is located, it is not compromised because of regional inequalities,” she added.

“It is only government that can provide that whole-system approach needed – stretching right from school through to employment. It must do its fair part to ensure the skills gap shrinks,” Platt pointed out.

The shadow minister concluded her speech by saying that where Conservatives had “absolved and abdicated leadership” for cyber security, Labour was ready to provide it.

“It’s clear that we need a new strategy. We cannot wait for another WannaCry or worse before we take action. We know a crippling attack is coming our way, the questions is when not if, and when it does, a Labour government will be ready for it,” Platt said.

Computer Weekly:

You Might Also Read:

No Brexit Deal? Then Its ‘Digital Dover’:

 

« AI Is The New Route For Both Cyber Attacks And Their Prevention
Five Tech Trends Driving Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

International Federation of Robotics (IFR)

International Federation of Robotics (IFR)

The International Federation of Robotics connects the world of robotics around the globe. Our members come from the robotics industry, industry associations and research & development institutes.

Assured Information Security (AIS)

Assured Information Security (AIS)

AIS is committed to providing our customers with critical information security products, services, and training. We support diverse needs throughout business and industry.

Avatao

Avatao

Avatao is an online training platform for building secure software, offering a rich library of hands-on IT security exercises for software engineers to teach secure programming.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

European Cyber Security Conference

European Cyber Security Conference

EU Cyber Security Conference will debate what Europe’s response to evolving threats in a dynamic global risk landscape should look like and what the next steps for all actors of the ecosystem.

MCPc

MCPc

MCPc improves the security and well-being of our clients. We protect data, manage the complexity and sustainability of technology, empower employee performance, and ultimately reduce business risk.

Hunton Andrews Kurth

Hunton Andrews Kurth

Hunton Andrews Kurth LLP serves clients across a broad range of complex transactional, litigation and regulatory matters. Practice areas include Privacy and Cybersecurity.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

PROVINTELL Cyber Security

PROVINTELL Cyber Security

PROVINTELL is a Managed Security Service Provider (MSSP) specialising in Next-Gen Cyber Defense and Response to detect and respond to threats.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.