MPs hit out at lack of urgency in government cyber threat plan

19 Nov 18

The government’s response to cyber security threats lacks “a meaningful sense of purpose or urgency”, MPs have warned.

Health services, transport, water and energy are just some of the sectors that will incur “potentially devastating” cyber attacks in the future, according to the joint committee on the National Security Strategy.

The committee’s report, published today, said “political leadership is lacking” on cyber security despite warnings earlier this year from head of the National Cyber Security Centre Ciaran Martin that future attacks are a matter of “when, not if”.

Committee chair Dame Margaret Beckett said: “We are struck by the absence of political leadership at the centre of government in responding to this top-tier national security threat.

“It is a matter of real urgency that the government makes clear which Cabinet minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure”.

The government has indentified 13 national infrastructure sectors that are critical to daily life including: energy, finance, food, government, health, defence, transport and water.

To oversee the nation’s cyber security efforts, the committee urged the government to appoint a single Cabinet Office minister “charged with delivering improved cyber resilience across the UK’s critical national infrastructure”.

The committee said it was “concerned” that current arrangements for ministerial responsibility mean that oversight is lead mostly by officials with ministers “occasionally ‘checking in’”. This approach was “wholly inadequate”.

Since the government unveiled its National Cyber Security Strategy in 2016 there have been 1,000 cyber attacks that have required the involvement of the NCSC, according to the committee report.

It said the strategy showed the government’s desire to improve cyber resilience but added: “It appears the government is not delivering on it with a meaningful sense of purpose or urgency”.

A high-profile cyber security breach was last year’s Wannacry attack on the NHS, which the government estimated cost £92m. The National Audit Office calculated that this attack affected 33% of NHS trusts in England.

A government spokesperson said: “Ensuring our critical national infrastructure is secure and resilient against cyber attacks is a priority for the government, which is why we are investing £1.9bn to improve our cyber capabilities. 

“Ministers have clear responsibilities that are rightly shared because every part of government must respond to the challenges we face”. 

A September poll found that auditors across Europe identified cybersecurity as their biggest concern for the coming year.

Analysis by a civil liberties campaign group earlier this year found that councils in England had been hit by nearly 100 million cyberattacks over five years.

Did you enjoy this article?