The UK government may be sleepwalking towards a devastating ransomware incident, an influential committee has warned.
The Joint Committee on National Security Strategy responded to a report issued by the government after investigating ransomware.
In the report, the government follows recommendations made by the JCNSS late last year, particularly that responsibility for the ransomware strategy should be taken away from the Home Office and that a cross-sector regulatory body should be created to oversee the cybersecurity of critical national infrastructure. rejects recommendations that it should. operator.
“When the UK implemented the original EU Directive, the question of whether to use a single national regulator for cybersecurity, or instead multiple sector-based regulators, was considered,” the government said. Stated.
“Supported by feedback from industry, we agreed that a multi-sector-based regulatory system is the best approach. “We will have an opportunity to improve our products in a way that a single national regulator cannot.'' ”
However, the committee has given a scathing response, calling the government's stance an “ostrich strategy.''
Chair Margaret Beckett said: “Perhaps it is no surprise that the Government is not focusing on preparing for the perceived very high risk of a devastating and costly cyber attack on the UK.” commented.
“This response to our ransomware report shows that, despite our country being the third most cyber-attacked country in the world, the government has a clear understanding of the scope and cost of cyber-attacks across the country. It has become increasingly clear that we do not, and have no intention of doing so, and the stakes and resources increase accordingly.”
The commission notes that more than four in 10 essential service operators say they do not have the skills and capacity to carry out their obligations under current network and information systems regulations. . The commission said the government should provide new guidance to local governments, especially those that lack the necessary resources and do not recognize how unaffordable the insurance market may be for some victims of cyberattacks. He says he needs to make a proposal.
Mr Beckett said: “Despite the committee's report highlighting both the recent rapid increase in costly cyber-attacks and the government's lack of understanding of cyber-attacks, “This suggests that the rollout should start to reduce claims and therefore premiums.” The frequency and type of attacks that are actually occurring or the frequency and amount of ransoms being paid. ”
Industry opinion appears to be on the side of JCNSS.
“This is a damning report for the government, and the reaction to its findings is further alarming. The UK government has responded to many of the report’s findings, and the overall conclusion is that there is enough to combat ransomware. “But the committee doesn't agree with that,” says Mike Newman, CEO of My1Login.
“If the report's findings are correct, it appears that the UK is highly vulnerable to a devastating ransomware attack. No one knows how this will turn out, but it is now possible to Automation is being used to facilitate gas supply.'' If people's homes were to be invaded, vital utilities would likely be targeted. ”
He added: “The answer is not to respond to threats and bury one's neck.”
The report's recommendations will be consolidated during the review by the Competition and Markets Authority, and JCNSS hopes that these will be reflected in future emergency legislation. It also said it would continue to push for the recommendations to be fully implemented.
follow me twitter.