Joint Committee on National Security Strategy launches CNI inquiry focused around cyber

In January last year, the previous Joint Committee on the National Security Strategy (JCNSS) launched an inquiry entitled ‘Cyber Security: UK National Security in a Digital World’, focusing in the main on the 2016 National Cyber Security Strategy. That inquiry was halted by the 2017 General Election.

Following on from the Dissolution of Parliament, there were numerous cyber attacks of significance perpetrated in the UK affecting elements of its Critical National Infrastructure (CNI). These have included the WannaCry attack, most notably affecting the NHS, in addition to the attack on the UK Parliament and that conducted against the Scottish Parliament.

The first Annual Report produced by the National Cyber Security Centre (NCSC), published last October, revealed that it had received more than 1,100 cyber incident reports in the previous year, of which 590 were classed as being ‘Significant’. More than 30 of these were assessed as being sufficiently serious to require a cross-Government response process co-ordinated by the NCSC.

With all of this in mind, the JCNSS has now determined to launch an inquiry into cyber security with a clear focus on the UK’s critical infrastructure.

Dame Margaret Beckett MP, chair of the Joint Committee, commented: “These incidents have highlighted the need for improved cyber security and the challenges involved in achieving this objective. The attacks have also raised awareness among the media and the wider population, making it an opportune moment for an inquiry to have a lasting impact. Our CNI must be prepared for these attacks, which are becoming more frequent in nature. The threat to the UK is extremely real. We must be ready, but the question is ‘How?'”

Dame Margaret Beckett MP

Dame Margaret Beckett MP

The Joint Committee will draw upon the work conducted by the previous inquiry, but has also issued a Call for Evidence on the following Terms of Reference:

*the types and sources of cyber threats to the CNI here in the UK

*the extent to which the Government’s definition of CNI is still valid in an interconnected economy

*learning points drawn from the 2011 Cyber Security Strategy and the fitness for purpose of the 2016 Cyber Security Strategy in relation to CNI

*the effectiveness of the strategic lead provided by the National Security Council, Government Departments and agencies and the NCSC, as well as the coherence of cross-Government activity

*the effectiveness of the Government’s relationships with, respectively, private sector operators and regulators in protecting the CNI from cyber attack

*the balance of responsibilities between the Government and private-sector operators when it comes to protecting the CNI against cyber attack

*the consistency of approach in the UK towards legislation, regulation and standards governing each CNI sector and cyber security

*the availability of skills and expertise to the relevant Government Departments and agencies, to regulators and, indeed, the private sector operators of CNI

*the extent to which the UK’s current approach to the cyber security of CNI draws on or otherwise represents international Best Practice

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts