JCNSS releases report on Cyber Security of the UK’s CNI
The Joint Committee on the National Security Strategy yesterday released its report, Cyber Security of the UK’s Critical National Infrastructure.
The wide-ranging report details the significant and growing challenges facing UK CNI from various actors, outlines the current Government response to date and describes the evolving regulatory landscape. The report states that the cyber threat to the UK’s CNI is as credible, potentially devastating and immediate as any other threat faced by the UK.
The report acknowledges the significant progress to date, particularly through the work of the National Cyber Security Centre (NCSC) and the effectiveness of the Network and Information Security (NIS) Directive in strengthening the resilience of CNI. It does, however, question whether this progress is quick enough or whether the NCSC has the resources to meet increasing demands. It outlines several recommendations the Joint Committee believes will ensure UK preparedness including appointing one Cabinet Office minister with designated responsibility for cyber security across Government departments.
Some of the key recommendations outlined in the report include:
- There should be a Cabinet Office Minister designated as cyber security lead, with oversight of both public and private sector initiatives and responsibility for progress;
- Government should produce continually updated plans for improving CNI to ensure agility in responding to this changing threats and in taking advantage of constant technological innovation;
- The next National Cyber Security Strategy, due in 2021 should be informed by a mapping of the key interdependencies between CNI sectors which the Government should complete as soon as possible and keep under continual review;
- The Government should resume publishing Annual Reports for the National Cyber Security Programme to improve transparency and aid external scrutiny;
- Given that cyber threats do not stop at national borders, the Government should prioritise maintaining access to the EU’s NIS Coordination Group and its workstreams to facilitate continued information sharing and collaboration with EU Member States; and
- The Government should give urgent consideration to non-regulatory incentives and interventions that have the potential to drive cultural change across CNI sectors, including insurance services, security-by-default and board level reforms.
Chair of the Committee, Margaret Beckett MP, yesterday said:
“We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure. There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.
“My Committee recently reported on the importance of also building the cyber security skills base. Too often in our past the UK has been ill-prepared to deal with emerging risks. The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”
Talal Rajab, Head of Cyber and National Security, techUK yesterday said:
“techUK is pleased to have contributed to the Joint Committee’s report into the cyber security of the UK’s critical national infrastructure and welcomes the important recommendations. The UK’s critical national infrastructure remains a key target for attack, whether from nation state actors or organised crime groups. Whilst the report correctly recognises the significant work that the National Cyber Security Centre (NCSC) has done in providing technical leadership on cyber resilience, it accepts that cyber risk within critical national infrastructure is still not fully understood or managed. This is an issue that requires utmost vigilance.
The recommendation for the creation of a Cyber Security Minister, responsible for the cross-government delivery of the National Cyber Security Strategy, has merit and should be explored further. Much has changed since the strategy was published in 2016, with the threat to government and businesses constantly evolving. As the current strategy draws to a close, it is vital that cyber security becomes business as usual across all areas of government. The appointment of a Cabinet Office Minister designated as a cyber security lead could help ensure government remains one step ahead of the threat and drive real change across departments.”
Latest News from
Study set to further understanding on the fate of waste electricals15/02/2019 11:25:00
The WEEE Fund is seeking expressions of interest to carry out research into the fate of waste electricals and electronics by 15 March.
New Central Government Council Members announced14/02/2019 11:25:00
techUK is delighted to announce the new Council members.
SoS announces initial Transformation Fund investments13/02/2019 16:05:00
Defence Secretary Gavin Williamson speech outlining the future direction of the UK armed forces.
Tech Titans and techUK Sign Memorandum of Understanding13/02/2019 14:25:00
Two Technology Associations Partner to Facilitate and Enhance Trade, Strategic Partnering, Innovation, Entrepreneurship, Joint Ventures and FDI Between UK & North...
Where next for transforming local public services13/02/2019 12:43:00
techUK’s Georgina Maratheftis & Jessica Russell take a look at transforming local public services with a place based approach and invite members for their views.
The TechProducts & Associated Services OJEU to be released shortly13/02/2019 11:05:00
Guest blog, CCS: The Technology Products & Associated Services OJEU is to be released to the market very shortly and the briefing outlined some exciting changes for the...
Cairncross Review’s final report into the UK news industry12/02/2019 15:05:00
techUK and its members are committed to continuing to work with all parties to consider both the analysis and recommendations set out in the Cairncross Report.
SME Campaign Week 201912/02/2019 09:05:00
techUK will be holding a Campaign Week series for its insights blogs for SME Week from 11 -15 March 2019 and we would be delighted to have you contribute to it.