MPs claim gov not taking swift action to consolidate UK cyber-defences

News by Roi Perez

MPs have lambasted the government for its slow approach to consolidating law enforcement agencies' cyber-attack and data breach response.

The Commons Public Accounts Committee says that a cyber-skills shortage and mishandling of data breaches is undermining the government's ability to protect the UK from cyber-attacks.

Despite the announcement of the National Cyber-Security Strategy by the National Cyber-Security Centre, which combines various response agencies into one, the committee claims ministers have have taken too long in the consolidation process of agencies tasked with stopping attacks describing them as "alphabet soup".

The government responds that it has acted with "pace and ambition" when it comes to cyber-defences, and has ranked cyber-security among the top four risks to UK national security.

The committee also claimed that it's unclear what role the Cabinet Office has with regards to handling cyber-attacks, despite its responsibility in protecting all government information from attack.

Labour MP Meg Hillier, who chairs the committee said: "Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.”.

Hillier added that "It should concern us all that the government is struggling to ensure its security profession has the skills it needs."

This is despite the government investing money into both a new cyber-skills academy in Bletchley Park, the former site of the WWII code-cracking effort, and a number of cyber-incubators such CyLon and CSIT.

The committee also says that reporting of data breaches varied across Whitehall, with some departments reporting thousands while others recorded none at all. The MP's described the system as "inconsistent and chaotic".

"Without a consistent approach across Whitehall to identifying, recording and reporting security incidents, the Cabinet Office is unable to make informed decisions about where to direct and prioritise its attention," the committee said.

Speaking with the BBC, a spokesman for the Cabinet Office said: "Our comprehensive and ambitious national cyber-security strategy, underpinned by £1.9 billion of investment, sets out a range of measures to defend our people, businesses, and assets; deter and disrupt our adversaries; and develop capability and skills."

A spokesman for the UK's National Cyber Security Centre, which has been operational for four months, said the unit had "transformed how the UK deals with cyber-security".

David Ferbrache, technical director in KPMG's cyber security practice, commented: “The Public Accounts Committee report highlights the long overdue rationalisation of cyber-security roles and functions across Government.

“The National Cyber Security Centre (NCSC) plays a vital role in defending the UK against State sponsored cyber-attacks, the militarisation of cyber-space and an increasingly sophisticated organised cyber-crime threat.”

“The NCSC has made good progress in developing and implementing its cyber-security strategy, but there is clearly a long way to go. There can be a natural tendency for governments to cloak discussions around security in secrecy but when it comes to cyber-security, the best response is a community response that involves industry. The NCSC must be agile, flexible and unconventional – and it can only achieve that by drawing on talent from the community as a whole.”

The committee's findings follow a speech by Defence Secretary Sir Michael Fallon, who warned that Russia was carrying out a sustained campaign of cyber-attacks, targeting democracy and critical infrastructure in the West.

Fallon claimed that Moscow was "weaponising misinformation" in order to gain more influence, destabilise Western governments, and weaken Nato.

Fallon said Nato needed to do more to tackle the "false reality" being propagated by the Kremlin. "Nato must defend itself as effectively in the cyber sphere as it does in the air, on land, and at sea, so adversaries know there is a price to pay if they use cyber weapons," he added.

Despite his previous criticism of Nato, US President Donald Trump had met with British Prime Minister Theresa May, and May reassured he is '100 percent in support of Nato'.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop