UK Fails To Act Against Cyber Threats

Uploaded on 2018-11-27 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Ministers in the UK are failing to act with “a meaningful sense of purpose or urgency” in the face of the growing cyber threat to the nation’s critical national infrastructure, a parliamentary committee has warned.

The Joint Committee on National Security Strategy said while states such as Russia were expanding their capability to mount disruptive cyber-attacks, the level of ministerial oversight was “wholly inadequate”.

It urged Theresa May to appoint a single cyber security minister in the Cabinet Office to take charge of the efforts to build national resilience.

The committee, made up of senior MPs and peers, also called on the Government to “prioritise” continued information-sharing and collaboration on cyber with the EU in the Brexit talks. It noted the Government assessed a major cyber-attack on the UK critical national infrastructure (CNI) represented a “top tier” threat to national security, with potentially “devastating” consequences.

But while ministers had explicitly acknowledged the need to improve resilience, it said their efforts had failed to match the level of risk.

“While we applaud the aspiration, it appears the Government is not delivering on it with a meaningful sense of purpose or urgency,” it said.

“Identifiable political leadership is lacking.

“There is little evidence to suggest a ‘controlling mind’ at the centre of government, driving change consistently across the many departments and CNI sectors involved.

“We are concerned that the current complex arrangements for ministerial responsibility mean that day-to-day oversight of cross-government efforts is, in reality, led by officials, with ministers only occasionally ‘checking in’.

“This is wholly inadequate to the scale of the task facing the Government, and inappropriate in view of the Government’s own assessment that major cyber-attacks are a top-tier national security threat.”

The committee welcomed the establishment of the National Cyber Security Centre as the national technical authority but expressed concerns that expectations of what it could achieve were “outstripping the resources put at its disposal”.

It noted that a recent tightening of the regulatory regime “was not the Government’s own initiative but instead flows from our acceptance of EU-wide regulations”.

Ministers needed to do more, it said, to change the culture of CNI operators in the private sector to ensure the cyber threat was addressed at board level with an understanding that it must be “proactively managed”.

“It appears that the Government is reluctant to move more forcefully and, by default, continues to rely on market forces to improve operators’ cyber resilience, despite recognising the previous failure of this approach,” it said.

The committee chair, former foreign secretary Margaret Beckett, said: “We are struck by the absence of political leadership at the centre of government in responding to this top-tier national security threat.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

Gibraltar Chronicle:

You Might Also Read:

The UK Will Be Hit By A Category One Cyber-Attack

« The Way You Walk Will Reveal Your Identity To Surveillance Technology
Russians Impersonating US State Department Aide In Hacking Campaign »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

InfoSecurity Magazine

InfoSecurity Magazine

Infosecurity Magazine has over ten years of experience providing knowledge and insight into the information security industry.

Detectify

Detectify

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do.

Willis Towers Watson

Willis Towers Watson

Willis Towers Watson is a global risk management, insurance brokerage and advisory company. Services offered include Cyber Risks insurance.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

SecureBrain

SecureBrain

SecureBrain software and services help protect against Japanese-specific cybercrime and global internet security threats such as online fraud, phishing, drive-by downloads and malware attacks.

Viasat

Viasat

Viasat is a provider of high-speed satellite broadband services and secure networking systems covering military and commercial markets.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

CloudOak

CloudOak

CloudOak is a cloud channel provider for hybrid cloud Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Archiving to Small to Medium Business (SMB).

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.