There have been calls to Theresa May from the Joint Committee on National Security Strategy to appoint a Cyber Security Minister in cabinet to take charge of the efforts to build national resilience after the committee found that ministers are failing to act with “a meaningful sense of purpose or urgency” in the face of the growing cyber threat to the UK.
According to the report, at a time when states such as Russia are ever-growing their capabilities to carry out major cyber-attacks, the UK’s level of ministerial oversight is “wholly inadequate”.
Chair of the Joint Committee on National Security Strategy, Margaret Beckett MP, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat.
“It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.
Government responds to UK critical national infrastructure and cyber skills report
“There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.
“My Committee recently reported on the importance of also building the cyber security skills base.
“Too often in our past, the UK has been ill-prepared to deal with emerging risks.
“The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”
Two-thirds of critical infrastructure firms have suffered service outages in last two years
Andrew Tsonchev, Director of Technology at Darktrace Industrial, said: “The joint committee is correct in identifying cyber-attacks on critical infrastructure as a “top-tier” threat to national security. The sudden increase in attacks targeting industrial systems and operational technology is rapidly blurring the lines between national defence and traditional IT security. Given the increased militarisation of cyberspace, the UK private sector is now directly exposed to transnational threats.
“There is a wide range of maturity amongst UK organisations that are now facing the prospect of nation-state threat of the highest level. Government oversight is essential but will not solve this problem alone. It requires significant investment from the private sector in new security technologies.
“The NIS directive is already doing great work to raise the level of cyber maturity among UK providers of critical infrastructure, but more can certainly be done. Digitisation and adoption of AI technologies are essential for the growth of UK business. This means that cyber security challenges are coupling UK business strategy with national security, creating potential trade-offs and strategic risks. The appointment of a dedicated Cyber Security Minister may indeed help to coordinate these efforts and align national priorities of growth and defence.”
New government software Code of Practice: security must be built from the code up