A parliamentary council has warned that ministers are failing to act with “a meaningful sense of purpose or urgency” in the face of growing cyber threats to the UK's critical national infrastructure (CNI).
The joint committee on national security strategy called the UK's level of ministerial oversight “wholly inadequate” at a time when Russia and other nation states are expanding their capabilities to mount disruptive cyberattacks.
The committee called on Theresa May to appoint a cybersecurity minister in cabinet to lead the country's efforts to build national resilience.
At the same time, it also called on the government to make information-sharing and collaboration with the EU on cyberattacks a priority during Brexit talks.
Threats to UK's national infrastructure
The committee, which is made up of senior MPs and peers, noted that the government had assessed a major cyberattack on the UK critical national infrastructure representing a “top-tier” threat to national security that could have potentially “devastating' consequences.
Ministers did acknowledge the need to improve the country's resilience but MPs said their efforts had failed to match the level of risk that a major cyberattack poses.
The committee further explained the gravity of the situation, saying:
“We are concerned that the current complex arrangements for ministerial responsibility mean that day-to-day oversight of cross-government efforts is, in reality, led by officials, with ministers only occasionally ‘checking in’. This is wholly inadequate to the scale of the task facing the government, and inappropriate in view of the government’s own assessment that major cyber-attacks are a top-tier national security threat.”
When it came to the National Cyber Security Centre, the committee praised its creation but expressed concerns that expectations were much higher than what it could achieve with the resources at its disposal.
- We've also highlighted the best antivirus software in this roundup