Cyber committee urges government to do more to combat security risks
The UK government is in dire need of political direction on responding to national cyber security threats, as current efforts have left the country's infrastructure and businesses "wholly" unprepared for another attack.
The joint committee on the national security security strategy warned today that the UK's critical infrastructure sectors, including energy, health services and water, face a "potentially devastating" immediate threat from attackers.
In a report compiled by a number of senior MPs and peers, the committee said ministers are failing to deliver on its cyber security strategy "with a meaningful sense of purpose or urgency", leaving industry body the National Cyber Security Centre (NCSC) underfunded and underequipped to achieve its goal.
Moreover, it urged Prime Minister Theresa May to appoint a dedicated cyber security minister to cabinet, tasked with improving the country's cyber resilience across the critical infrastructure sectors.
"Identifiable political leadership is lacking," the report said.
"There is little evidence to suggest a ‘controlling mind’ at the centre of Government, driving change consistently across the many departments and CNI sectors involved. Unless this is addressed, the Government’s efforts will likely remain long on aspiration and short on delivery."
The move comes after the UK was hit by a string of national cyber security attacks and threats in recent years, culminating in several moves by the Russian government against its infrastructure.
The NCSC said last month that Russia's state spy agency was "almost certainly responsible" for a 2015 theft of email accounts and content from a UK TV station, the 2016 hack on the US Democratic National Committee, and the Bad Rabbit and World Anti-Doping Agency attacks in 2017.
In May last year, the National Health Service was one of many institutions internationally targeted in the WannaCry cyber attack, thought to be the actions of agents in North Korea.
The report also noted that recent robust regulation that has been introduced in the UK "was not the government's own initiative, but instead flows from our acceptance of EU-wide regulations".
It called on the government to do more to ensure cyber risks are properly understood at board-level, embedding the view that cyber risk is another threat that must be proactively managed by businesses.
"Too often in our past the UK has been ill-prepared to deal with emerging risks," said committee chair Margaret Beckett.
"The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure."