Government efforts on cyber security “lack clear political leadership” asserts Parliamentary Committee

Dame Margaret Beckett MP

Dame Margaret Beckett MP

The Joint Committee on the National Security Strategy has published its report on the UK’s Critical National Infrastructure (CNI) in which it states that the threat to the UK’s CNI is both “growing and evolving”. Indeed, the cyber threat posed to the UK’s CNI – ie 13 sectors including energy, health services, transport and water – is said to be “as credible, potentially devastating and immediate” as any other threat faced at the present time.

However, according to the Committee, the Government is not acting with the urgency and forcefulness that the situation demands.

The report on ‘Cyber Security of the UK’s Critical National Infrastructure’ suggests that the UK’s CNI is a natural target for a major cyber attack because of its importance to daily life and the economy. Major cyber attacks are categorised by the Government as a top-tier threat to national security. As some states become more aggressive and non-state actors such as organised crime groups become much more capable, so the range and number of potential attackers is growing.

Matter of ‘when’ not ‘if’

Ciaran Martin, head of the National Cyber Security Centre, has said that a major cyber attack on home shores is a matter of ‘when’ not ‘if’. The state-sponsored 2017 WannaCry attack greatly affected the NHS even though it wasn’t itself a target and demonstrated the potentially significant consequences of attacks on the UK’s infrastructure.

Ministers have acknowledged that more must be done to improve the cyber resilience of CNI and the Government has taken some important steps in the two years since the National Cyber Security Strategy was published. It set up the National Cyber Security Centre as a national technical authority, but the Committee observes that the Centre’s “current capacity is being outstripped by demand for its services”.

A tightened regulatory regime, required by an EU Directive that applies to all Member States, has been brought into force for some, but not all CNI sectors. However, the Joint Committee on the National Security Strategy feels this will not be enough to achieve “the required leap forward” across the 13 recognised CNI sectors.

Absence of political leadership

Dame Margaret Beckett MP, chair of the Committee, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It’s a matter of real urgency that the Government makes clear which Cabinet minister has cross-Government responsibility for driving and delivering improved cyber security, and especially so in relation to our CNI.”

Beckett went on to comment: “There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors. My Committee recently reported on the importance of also building the cyber security skills base. Too often in our past, the UK has been ill-prepared to deal with emerging risks. The Government should be open about our vulnerability and rally support for measures which specifically match the gravity of the threat to our CNI.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts