JCNSS releases report on Cyber Security of the UK’s CNI
The Joint Committee on the National Security Strategy yesterday released its report, Cyber Security of the UK’s Critical National Infrastructure.
The wide-ranging report details the significant and growing challenges facing UK CNI from various actors, outlines the current Government response to date and describes the evolving regulatory landscape. The report states that the cyber threat to the UK’s CNI is as credible, potentially devastating and immediate as any other threat faced by the UK.
The report acknowledges the significant progress to date, particularly through the work of the National Cyber Security Centre (NCSC) and the effectiveness of the Network and Information Security (NIS) Directive in strengthening the resilience of CNI. It does, however, question whether this progress is quick enough or whether the NCSC has the resources to meet increasing demands. It outlines several recommendations the Joint Committee believes will ensure UK preparedness including appointing one Cabinet Office minister with designated responsibility for cyber security across Government departments.
Some of the key recommendations outlined in the report include:
- There should be a Cabinet Office Minister designated as cyber security lead, with oversight of both public and private sector initiatives and responsibility for progress;
- Government should produce continually updated plans for improving CNI to ensure agility in responding to this changing threats and in taking advantage of constant technological innovation;
- The next National Cyber Security Strategy, due in 2021 should be informed by a mapping of the key interdependencies between CNI sectors which the Government should complete as soon as possible and keep under continual review;
- The Government should resume publishing Annual Reports for the National Cyber Security Programme to improve transparency and aid external scrutiny;
- Given that cyber threats do not stop at national borders, the Government should prioritise maintaining access to the EU’s NIS Coordination Group and its workstreams to facilitate continued information sharing and collaboration with EU Member States; and
- The Government should give urgent consideration to non-regulatory incentives and interventions that have the potential to drive cultural change across CNI sectors, including insurance services, security-by-default and board level reforms.
Chair of the Committee, Margaret Beckett MP, yesterday said:
“We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure. There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.
“My Committee recently reported on the importance of also building the cyber security skills base. Too often in our past the UK has been ill-prepared to deal with emerging risks. The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”
Talal Rajab, Head of Cyber and National Security, techUK yesterday said:
“techUK is pleased to have contributed to the Joint Committee’s report into the cyber security of the UK’s critical national infrastructure and welcomes the important recommendations. The UK’s critical national infrastructure remains a key target for attack, whether from nation state actors or organised crime groups. Whilst the report correctly recognises the significant work that the National Cyber Security Centre (NCSC) has done in providing technical leadership on cyber resilience, it accepts that cyber risk within critical national infrastructure is still not fully understood or managed. This is an issue that requires utmost vigilance.
The recommendation for the creation of a Cyber Security Minister, responsible for the cross-government delivery of the National Cyber Security Strategy, has merit and should be explored further. Much has changed since the strategy was published in 2016, with the threat to government and businesses constantly evolving. As the current strategy draws to a close, it is vital that cyber security becomes business as usual across all areas of government. The appointment of a Cabinet Office Minister designated as a cyber security lead could help ensure government remains one step ahead of the threat and drive real change across departments.”
Latest News from
Cloud Week needs you!18/06/2019 11:25:00
On Monday 15th July, techUK will kick off this year’s Cloud Week exploring the future of cloud computing and how we keep the UK at the forefront of cloud adoption...
New research on current and future digital skills demands in the UK17/06/2019 11:25:00
Two new pieces of research examining the current demand in the UK for digital skills and looking at the digital skills needed to succeed now and in the next 10 years.
Delivering A National Digital Twin at the IoT World Europe Summit14/06/2019 16:25:00
On Thursday, techUK’s Director of Market Programmes, Matthew Evans delivered a thought-provoking talk at the IoT World Europe Summit, which explored how key decision-makers can deliver a national digital twin (DTw) and how companies are already benefiting from this technology.
dxw and MHCLG | Call for user research session participants14/06/2019 14:25:00
Guest blog: MHCLG has partnered with agency, dxw digital, to find out what support councils need to collaborate to deliver improved public services.
Government to boost 5G and simplify planning to help mobile deployment14/06/2019 14:02:00
DCMS announce a £40 million investment in 5G testbed and trial projects across UK as part of plans to improve mobile connectivity.
Energy Data Taskforce: Strategy for a Modern Energy System14/06/2019 11:25:00
The Energy Data Taskforce, commissioned by Government, Ofgem, and Innovate UK, has set out five key recommendations that will modernise the UK energy system and...
PwC Report - AI in healthcare: a perspective on the practicalities13/06/2019 17:05:00
PwC have today published a report into the practical steps that can be taken to ensure a symbiotic integration of AI in healthcare.
DCMS-Cabinet Office Digital Identity Unit to launch in the coming week13/06/2019 16:25:00
techUK yesterday welcomed the announcement from Oliver Dowden of specific government actions to 'enable the creation of a ubiquitous digital identity market'.
Join techUK's Climate Change Strategy and Resilience Group!13/06/2019 15:37:00
techUK members invited to join new cross-programme group on climate change strategy and resilience.