JCNSS releases report on Cyber Security of the UK’s CNI

19 Nov 2018 04:09 PM

The Joint Committee on the National Security Strategy yesterday released its report, Cyber Security of the UK’s Critical National Infrastructure.

The wide-ranging report details the significant and growing challenges facing UK CNI from various actors, outlines the current Government response to date and describes the evolving regulatory landscape. The report states that the cyber threat to the UK’s CNI is as credible, potentially devastating and immediate as any other threat faced by the UK.

The report acknowledges the significant progress to date, particularly through the work of the National Cyber Security Centre (NCSC) and the effectiveness of the Network and Information Security (NIS) Directive in strengthening the resilience of CNI. It does, however, question whether this progress is quick enough or whether the NCSC has the resources to meet increasing demands. It outlines several recommendations the Joint Committee believes will ensure UK preparedness including appointing one Cabinet Office minister with designated responsibility for cyber security across Government departments.

Some of the key recommendations outlined in the report include:

Chair of the Committee, Margaret Beckett MP, yesterday said:

“We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the Government makes clear which Cabinet Minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.  There are a whole host of areas where the Government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors.

“My Committee recently reported on the importance of also building the cyber security skills base. Too often in our past the UK has been ill-prepared to deal with emerging risks. The Government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”

Talal Rajab, Head of Cyber and National Security, techUK yesterday said:

“techUK is pleased to have contributed to the Joint Committee’s report into the cyber security of the UK’s critical national infrastructure and welcomes the important recommendations. The UK’s critical national infrastructure remains a key target for attack, whether from nation state actors or organised crime groups.  Whilst the report correctly recognises the significant work that the National Cyber Security Centre (NCSC) has done in providing technical leadership on cyber resilience, it accepts that cyber risk within critical national infrastructure is still not fully understood or managed. This is an issue that requires utmost vigilance.  

The recommendation for the creation of a Cyber Security Minister, responsible for the cross-government delivery of the National Cyber Security Strategy, has merit and should be explored further.  Much has changed since the strategy was published in 2016, with the threat to government and businesses constantly evolving.  As the current strategy draws to a close, it is vital that cyber security becomes business as usual across all areas of government. The appointment of a Cabinet Office Minister designated as a cyber security lead could help ensure government remains one step ahead of the threat and drive real change across departments.”