JCNSS releases report on Cyber Security of the UK’s CNI
The Joint Committee on the National Security Strategy yesterday released its report, Cyber Security of the UK’s Critical National Infrastructure.
The wide-ranging report details the significant and growing challenges facing UK CNI from various actors, outlines the current Government response to date and describes the evolving regulatory landscape. The report states that the cyber threat to the UK’s CNI is as credible, potentially devastating and immediate as any other threat faced by the UK.
The report acknowledges the significant progress to date, particularly through the work of the National Cyber Security Centre (NCSC) and the effectiveness of the Network and Information Security (NIS) Directive in strengthening the resilience of CNI. It does, however, question whether this progress is quick enough or whether the NCSC has the resources to meet increasing demands. It outlines several recommendations the Joint Committee believes will ensure UK preparedness including appointing one Cabinet Office minister with designated responsibility for cyber security across Government departments.
Some of the key recommendations outlined in the report include:
- There should be a Cabinet Office Minister designated as cyber security lead, with oversight of both public and private sector initiatives and responsibility for progress;
- Government should produce continually updated plans for improving CNI to ensure agility in responding to this changing threats and in taking advantage of constant technological innovation;
- The next National Cyber Security Strategy, due in 2021 should be informed by a mapping of the key interdependencies between CNI sectors which the Government should complete as soon as possible and keep under continual review;
- The Government should resume publishing Annual Reports for the National Cyber Security Programme to improve transparency and aid external scrutiny;
- Given that cyber threats do not stop at national borders, the Government should prioritise maintaining access to the EU’s NIS Coordination Group and its workstreams to facilitate continued information sharing and collaboration with EU Member States; and
- The Government should give urgent consideration to non-regulatory incentives and interventions that have the potential to drive cultural change across CNI sectors, including insurance services, security-by-default and board level reforms.
Chair of the Committee, Margaret Beckett MP, yesterday said:
“We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure. There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.
“My Committee recently reported on the importance of also building the cyber security skills base. Too often in our past the UK has been ill-prepared to deal with emerging risks. The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”
Talal Rajab, Head of Cyber and National Security, techUK yesterday said:
“techUK is pleased to have contributed to the Joint Committee’s report into the cyber security of the UK’s critical national infrastructure and welcomes the important recommendations. The UK’s critical national infrastructure remains a key target for attack, whether from nation state actors or organised crime groups. Whilst the report correctly recognises the significant work that the National Cyber Security Centre (NCSC) has done in providing technical leadership on cyber resilience, it accepts that cyber risk within critical national infrastructure is still not fully understood or managed. This is an issue that requires utmost vigilance.
The recommendation for the creation of a Cyber Security Minister, responsible for the cross-government delivery of the National Cyber Security Strategy, has merit and should be explored further. Much has changed since the strategy was published in 2016, with the threat to government and businesses constantly evolving. As the current strategy draws to a close, it is vital that cyber security becomes business as usual across all areas of government. The appointment of a Cabinet Office Minister designated as a cyber security lead could help ensure government remains one step ahead of the threat and drive real change across departments.”
Latest News from
Top 100 Most Influential BAME Leaders in UK Tech13/11/2019 15:20:00
A fantastic list of influential leaders and roles models changing the landscape of the industry and enacting positive change #IB100.
Lost in Migration: Attributing Carbon to Data Centre and Cloud Service13/11/2019 14:20:00
This article was first published in Data Economy Magazine’s November 2019 edition.
Voting open for the JES Management Committee13/11/2019 12:20:00
Don't miss your chance to have a say in who will steer the JES Programme for 2020 and 2021!
Tackling London's biggest issues using tech & innovation12/11/2019 14:05:00
Mayor of London launches 2019 Civic Innovation Challenge which calls on innovators to develop solutions to London’s biggest challenges.
Health and Social Care Council: Vote for your preferred candidates12/11/2019 12:20:00
Vote for your new Health and Social Care Council members.
Welcome to techUK’s #QuantumFuture campaign week! (11 – 15 November)11/11/2019 13:05:00
Between 11 – 15 November, techUK will be highlighting quantum technologies emerging across the UK, delving deeper into the transformative potential!
Securing Cyber Resilience in Health and Social Care11/11/2019 11:25:00
The Department of Health and Social Care has released its progress report on improving cyber resilience in the wake of the 2017 WannaCry attack. Here techUK summarises...
Join techUK's Skills & Diversity Council08/11/2019 16:05:00
Do you work for a techUK member organisation? Applications are now open for techUK's Skills and Diversity Council.
UK Cyber Security Council Formation Project08/11/2019 14:25:00
The UK Cyber Security Council Formation Project is looking to widen engagement with industry.