The UK’s public sector needs to be “agile” in employing the government’s new cybersecurity strategy, according to analysts, amid fears of a Russian devised cyberattack.
While the strategy, published last week, “looks good on paper” – there are significant areas of improvement, say experts.
“To cripple the UK, Putin does not need nuclear weapons,” explained cybersecurity expert Dan O’Dowd, who created the operating systems for Lockheed Martin’s F-35 Fighter Jets, the Boeing B1-B Intercontinental Nuclear Bomber and NASA’s Orion Crew Exploration Vehicle.
“Britain and the US are both vulnerable to cyberattacks against their infrastructure because we have connected up to the internet all the things our lives depend on, using software riddled with bugs.”
Around 40 per cent of cyberattacks are aimed at the public sector, according to the National Cyber Security Centre, which puts it at risk as tensions between Russia and Ukraine rise.
The increased digitalisation of public services will only serve as a catalyst for cyberattacks in the future, added Rajesh Muru, principal analyst at GlobalData.
“The UK government’s strategic initiative is essential, but the government needs to bring in additional strategic initiatives and programmes to reform and re-organise departments trying to build upon weak foundations,” he said. “It could learn a thing or two from the private sector, when it comes to preparing for future digital services.”
The 2017 Wannacry attacks, which wreaked havoc on the NHS, proved just how damaging cyberattacks can be to the UK public sector, chief technology officer at cybersecurity firm Sonatype, Ilkka Turunen said.
Speaking to City A.M., Turunen noted that the new strategy fails to address informal software supply chains which are present in software used by the public sector.
“If public sector institutions don’t know what the supply chains in their software are, they will leave the fastest growing form of cyberattacks potentially unaddressed,” he explained.
From across the pond
The US earlier this week sent its top cybersecurity official Anne Neuberger to NATO, in a bid to prepare European allies for potential Russian cyberattacks.
It follows intelligence assessments suggesting that Russia would issue cyberattacks on Ukraine’s electricity grid, its communications systems and its government, prior to invading.
The White House said in a statement: “We have been warning for weeks and months, both publicly and privately, that cyberattacks could be part of a broad-based Russian effort to destabilise and further invade Ukraine.”
The relationship between Russia and Ukraine has been turbulent since Ukraine gained independence in 1991, but an invasion appears to be looming following a build-up of Russian troops on the border.
The importance of software supply chains is something the Biden administration recognised last year, by requiring supplier to produce a Software Bill of Materials – which functions like an “ingredients list” for software Turunen continued.
And with such a thing “notably absent” from the UK’s public sector strategy, it “will ultimately cause the UK’s cyber resilience to lag behind the US’”.