MPs and Lords find ‘absence of political leadership’ in government response to cyberthreats

Credit: Danny Lawson/PA Wire/PA Image

Ministers’ oversight of cybersecurity threats is “wholly inadequate” in the face of a “potentially devastating” major attack on Britain’s infrastructure, a parliamentary committee has said.

The Joint Committee on National Security Strategy said the government had failed to act with “a meaningful sense of purpose or urgency” on growing threats from the likes of Russia.

The body called on Theresa May to appoint a dedicated cybersecurity minister in the cabinet to build national resilience and lower the risk of attacks on sectors including energy, health services, transport and water.

The joint committee said ministers had assessed a major cyberattack on the UK’s critical national infrastructure (CNI) as a “top tier” threat with potentially “devastating” consequences.

“As some states become more aggressive and non-state actors such as organised crime groups become much more capable, the range and number of potential attackers is growing,” it said.

Related content

• MPs and Lords express concern at government plan to address civil service cyber skills challenges
• MPs and peers to investigate scale of cyber security threat to UK
• Government admits failure of bid to recruit chief security officer

It warned that the 2017 WannaCry attack – which did not directly target the NHS – had “greatly affected” the health service and shown the significant consequences that attacks on UK infrastructure could have.

The group of parliamentarians meanwhile raised fears that current capacity at the National Cyber Security Centre had has already been outstripped by demand.

Committee chair Dame Margaret Beckett, said: “We are struck by the absence of political leadership at the centre of Government in responding to this top-tier national security threat. It is a matter of real urgency that the government makes clear which cabinet minister has cross-government responsibility for driving and delivering improved cyber security, especially in relation to our critical national infrastructure.”

She added: “There are a whole host of areas where the government could be doing much more, especially in creating wider cultural change that emphasises the need for continual improvement to cyber resilience across CNI sectors… Too often in our past the UK has been ill-prepared to deal with emerging risks. The government should be open about our vulnerability and rally support for measures which match the gravity of the threat to our critical national infrastructure.”