UK vulnerable to ‘devastating’ cyber attacks, report warns

Image credit: kutubQ via iStock

The UK could be at risk of devastating consequences from cyber attacks on parts of its critical infrastructure as the government is unprepared to deal with a major incident, a parliamentary committee has warned.

A report by the Joint Committee on the National Security Strategy criticised ministers for failing to inject a sense of "purpose or urgency" into efforts to guard against such attacks, which is a major issue at a time when the risk posed by organised criminals and hostile nation-states is higher than ever.

It warned that it is now a matter of "when, not if" the UK comes under attack. But while ministers have acknowledged that more needs to be done to safeguard key parts of the country's economy and infrastructure, there has been little leadership to help put plans into action.

The potential consequences of a successful cyber attack have already been illustrated in incidents such as the 2017 WannaCry ransomware attack, which particularly affected the NHS. 

Even though it is not believed UK healthcare systems were a specific target of the ransomware, which has been blamed on North Korea, the impact it had was widely felt – and the effects of a targeted incident could be even more devastating.

Chair of the committee Margaret Beckett MP, said: "We are struck by the absence of political leadership at the centre of government in responding to this top-tier national security threat." 

In particular, she noted there is a lack of clarity about who in the Cabinet has responsibility for managing cyber security efforts, especially when it comes to critical national infrastructure.

Therefore, the committee urged the government to appoint a cyber security minister to take charge of these efforts and provide a single, cross-government focus that can drive change consistently across the many departments and sectors involved.

The report comes shortly after it was revealed by GCHQ's National Cyber Security Centre that the body has dealt with 1,167 cyber attacks since its formation in 2016, working out to around ten incidents per week.