The likelihood of a "major cyber attack" on the UK is a case of "when, not if," according to an assessment by the National Cyber Security Centre that is cited in a new report published by a parliamentary committee.
The report, entitled "Cyber Security of the UK's Critical National Infrastructure," looked at all aspects of the UK's cybersecurity protocols, assessing the government's efforts to reduce cyber attacks and looking at the likelihood of future attacks.
Unfortunately, the report concluded the UK Government "is not acting with the urgency and forcefulness that the situation demands," and with some states becoming more aggressive in their cyber warfare techniques, plus organized cyber crime groups becoming a lot more sophisticated, the "range and number of potential attackers is growing," said the report. (See Cyber Attacks Rank as Top Concern for European, Asian & US Firms.)
The UK's critical national infrastructure (CNI) -- 13 sectors crucial to UK society and the economy, including health services, water, transport, security and telecommunications -- is clearly a major concern. CNI is an obvious target for a major cyber attack, according to the report, due to its importance to daily life of the 70 million UK population and its importance to society and economy.
The government regards cyber attacks as a major threat to national security, but the report says it is not doing enough. (Image: Markus Spiske, Unsplash)
The report cites the 2017 WannaCry attack that compromised the NHS's computer network, noting that that the attack was not specifically aimed at the NHS. If an attack not specifically targeted at crippling the UK's health infrastructure could do that much damage, what damage could be done by an attack designed and built for the express purpose of taking out the NHS's systems? (See Global Cyber Attack: What Happened?)
The report recommended that more must be done to improve and strengthen the resilience of the CNI. While the National Cyber Security Centre is the main technical authority for thwarting threats, its resources are currently being outstripped by the demands placed on it.
Chair of the Committee, Margaret Beckett MP, said in a statement: "We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure."
She continued: "There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors. My Committee recently reported on the importance of also building the cyber security skills base. Too often in our past the UK has been ill-prepared to deal with emerging risks. The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure."