UK Fails To Act Against Cyber Threats

Uploaded on 2018-11-27 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Ministers in the UK are failing to act with “a meaningful sense of purpose or urgency” in the face of the growing cyber threat to the nation’s critical national infrastructure, a parliamentary committee has warned.

The Joint Committee on National Security Strategy said while states such as Russia were expanding their capability to mount disruptive cyber-attacks, the level of ministerial oversight was “wholly inadequate”.

It urged Theresa May to appoint a single cyber security minister in the Cabinet Office to take charge of the efforts to build national resilience.

The committee, made up of senior MPs and peers, also called on the Government to “prioritise” continued information-sharing and collaboration on cyber with the EU in the Brexit talks. It noted the Government assessed a major cyber-attack on the UK critical national infrastructure (CNI) represented a “top tier” threat to national security, with potentially “devastating” consequences.

But while ministers had explicitly acknowledged the need to improve resilience, it said their efforts had failed to match the level of risk.

“While we applaud the aspiration, it appears the Government is not delivering on it with a meaningful sense of purpose or urgency,” it said.

“Identifiable political leadership is lacking.

“There is little evidence to suggest a ‘controlling mind’ at the centre of government, driving change consistently across the many departments and CNI sectors involved.

“We are concerned that the current complex arrangements for ministerial responsibility mean that day-to-day oversight of cross-government efforts is, in reality, led by officials, with ministers only occasionally ‘checking in’.

“This is wholly inadequate to the scale of the task facing the Government, and inappropriate in view of the Government’s own assessment that major cyber-attacks are a top-tier national security threat.”

The committee welcomed the establishment of the National Cyber Security Centre as the national technical authority but expressed concerns that expectations of what it could achieve were “outstripping the resources put at its disposal”.

It noted that a recent tightening of the regulatory regime “was not the Government’s own initiative but instead flows from our acceptance of EU-wide regulations”.

Ministers needed to do more, it said, to change the culture of CNI operators in the private sector to ensure the cyber threat was addressed at board level with an understanding that it must be “proactively managed”.

“It appears that the Government is reluctant to move more forcefully and, by default, continues to rely on market forces to improve operators’ cyber resilience, despite recognising the previous failure of this approach,” it said.

The committee chair, former foreign secretary Margaret Beckett, said: “We are struck by the absence of political leadership at the centre of government in responding to this top-tier national security threat.

“Too often in our past the UK has been ill-prepared to deal with emerging risks.

“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

Gibraltar Chronicle:

You Might Also Read:

The UK Will Be Hit By A Category One Cyber-Attack

« The Way You Walk Will Reveal Your Identity To Surveillance Technology
Russians Impersonating US State Department Aide In Hacking Campaign »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cyber Risk & Insurance Forum (CRIF)

Cyber Risk & Insurance Forum (CRIF)

CRIF helps organisations understand cyber risks and the damage that might occur by supporting the development of effective insurance solutions.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

Plixer

Plixer

Plixer delivers a network traffic analytics system used for monitoring, visualization, and reporting of network and security incidents.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Logic Supply

Logic Supply

Logic Supply is a global industrial PC company focused on hardware for the IoT edge. We design highly-configurable computers engineered for reliability.

Venkon

Venkon

Venkon provides effective and unique solutions to cyber-security threats and IT compliance requirements of your organization.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Tide Foundation

Tide Foundation

Tide's breakthrough multi-party-cryptography enables TRUE-zero-trust technology that unlocks cyber-herd immunity.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Zama

Zama

Zama - pioneering homomorphic encryption. We believe people shouldn't care about privacy. Not because it doesn't matter, but because it shouldn't be an issue!

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.

CyberAntix

CyberAntix

CyberAntix offers Premium CyberSecurity for your business using an advanced Security Operations Centre technology and process platform reinforced by a steadfast and expert SOC team.