Cyber attacks are among the top four risks to the UK’s national security. Indeed, in November Chancellor Philip Hammond said that hostile “foreign actors” were developing techniques that threatened the country’s electricity grid and transport infrastructure.
This risk of threat is where the criticism has originated.
The Common Public Accounts Committee has said that government has taken too long to streamline the agencies responsible for preventing cyber attacks.
The MP’s report suggested that the Cabinet’s Office role in this ‘cyber war’ remained unclear, despite its traditional responsibility of protecting all government information from attack.
This chaos, or “alphabet soup” as the Committee referred to it as, has diminished confidence in the government’s ability to protect the UK from cyber attacks. The unorganised nature of the agencies combined with the severe skills shortage has left the country vulnerable, MPs warn.
“Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks,” said Labour MP Meg Hillier, who chairs the committee.
“In this context, it should concern us all that the government is struggling to ensure its security profession has the skills it needs.”
“Without a consistent approach across Whitehall to identifying, recording and reporting security incidents, the Cabinet Office is unable to make informed decisions about where to direct and prioritise its attention,” the committee said.
A spokesman for the Cabinet Office said: “The government has acted with a pace and ambition that has been welcomed by industry and our international partners right across the globe.
“Our comprehensive and ambitious national cyber security strategy, underpinned by £1.9 billion of investment, sets out a range of measures to defend our people, businesses, and assets; deter and disrupt our adversaries; and develop capability and skills.”
The Committee’s report comes after last night’s statement from Defence Secretary Sir Michael Fallon. In it he warned that Russia was carrying out a campaign of cyber attacks against western democracy and critical infrastructure.
Fallon said Moscow was “weaponising misinformation” in a move to destabilise western powers and cripple Nato.
At the heart of the report was the lack of cyber skills available. The government has tried to address this with the Cyber Retraining Academy among other schemes. It has started to recognise the problem and the urgent need to solve it.
Nevertheless Geoff Smith, managing director, Experis UK & Ireland commented stating that “while it’s concerning to see MPs questioning the UK’s front line defence against cyber threats in the news today, it’s not surprising, given the skills shortage we’re currently seeing in the market”.
“In our latest Tech Cities Job Watch report, it was revealed that demand for IT security skills rose by 46% in 2016, with the average salary now standing at £57,706. With cyber criminals becoming ever more sophisticated, companies are also prioritising longer-term investment – with a 52.9% surge in demand for permanent staff year-on-year.
UK’s National Cyber Security Centre
This centre, part of increased government investment in protecting the UK from cyber threats has been operational for four months and according to a spokesperson it has “transformed how the UK deals with cyber security”.
It has provided “real-time cyber-threat information to 3,000 organisations from over 20 different industries, offering incident management handling and fostering technical innovation”.
>See also: The UK’s new National Cyber Security Centre
Professor Alan Woodward, a computer security expert from the University of Surrey, said the report was “a little unfair”.
“Could we say that we are cyber-bomb proof? Probably not, but I’m not sure anyone could,” he said.
“But we are getting better, and the government is taking strides to get its own house in order.”
It is vital, concludes Peter Carlisle, VP EMEA at Thales e-Security that moving forward “the public sector works closely with industry through organisations such as the National Cyber Security Centre to develop stronger processes around data security and ensure the next generation are properly trained with the necessary cyber skills”.