Select committee urges creation of cyber minister cabinet role
MPs and Lords find ‘absence of political leadership’ in government response to cyberthreats
Credit: Danny Lawson/PA Wire/PA Image
Ministers' oversight of cybersecurity threats is “wholly inadequate” in the face of a “potentially devastating” major attack on Britain's infrastructure, a parliamentary committee has said.
The Joint Committee on National Security Strategy said the government had failed to act with “a meaningful sense of purpose or urgency” on growing threats from the likes of Russia.
The body called on Theresa May to appoint a dedicated cybersecurity minister in the cabinet to build national resilience and lower the risk of attacks on sectors including energy, health services, transport and water.
The joint committee said ministers had assessed a major cyberattack on the UK’s critical national infrastructure (CNI) as a “top tier” threat with potentially “devastating” consequences.
"As some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing," it said.
- MPs and Lords express concern at government plan to address civil service cyber skills challenges
- MPs and peers to investigate scale of cyber security threat to UK
- Government admits failure of bid to recruit chief security officer
It warned that the 2017 WannaCry attack – which did not directly target the NHS – had “greatly affected” the health service and shown the significant consequences that attacks on UK infrastructure could have.
The group of parliamentarians meanwhile raised fears that current capacity at the National Cyber Security Centre had has already been outstripped by demand.
Committee chair Dame Margaret Beckett, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the government makes clear which cabinet minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.”
She added: “There are a whole host of areas where the government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors… Too often in our past the UK has been ill-prepared to deal with emerging risks. The government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”
With many government-developed services seeing poor uptake, the answer may lie in allowing citizens to ‘bring your own identity’, according to Arthur Mickoleit of Gartner
Government responds to PAC report to insist that each department needs its own rules
The body dedicated to upholding ethical standards across the public sector has published a major report examining how to ensure those standards are not threatened by AI and automation
Figures show almost £8m invested in new equipment in FY19