Four senior Cabinet Office officials have said years of inactivity, underfunding, and recruitment problems have exposed the UK to a growing threat of cyber warfare from hostile states and international criminals.
Bella Powell, cyber director at the Government Security Group (GSG) – a small taskforce within the Cabinet Office aimed at protecting government departments – said resilience levels across the UK are “substantially lower” than anticipated, while the “escalating threat” from hostile states such as Russia and China have become a “substantial risk”.
Cat Little, the Permanent Secretary at Cabinet Office, and chief operating officer at Civil Service, said officials are “running against the tide” to fill the gap between the threat from cyber attacks and UK defences.
The comments came during an evidence session at Parliament’s Public Accounts Committee (PAC) scrutinising the UK’s preparedness for a catastrophic cyber attack. The session examined the findings of a 2024 report on the issue by the National Audit Office (NAO) which found UK resilience lacking on several fronts.
square NEWS Big ReadCyber attacks, arson and spy ships: How Putin's hybrid war threatens the UK
Read More
He said: “Government departments have faced a lot of demands over the last 10 years. Probably we did not prioritise cyber security sufficiently, and it was not brought alive to us by serious incidents in the way that it has been in recent years.”
He said: “It is all of us that will suffer from that lack of resilience in systems on which we depend. But the same is true of known resilience gaps in the wider critical national infrastructure controlled by the private sector, and in our continuing everyday vulnerability to criminal attacks including ransomware.
It comes after a year of significant increase in cyber warfare incidents from international criminals and hostile states on UK critical services and businesses. Last year, a catastrophic cyber attack on the NHS caused over 10,000 appointments and operations to be cancelled.
The i Paper revealed the attacks were the work of a Kremlin-protected group of cyber hackers in what has been seen as a “major escalation” of cyber warfare tactics by Moscow.
As tensions in Europe increase over the war in Ukraine, Russia’s hybrid war on the West has intensified.
Powell, cyber director at the GSG, told the PAC that Russia and China pose “substantial risks” to the UK with significant concerns about espionage and data exfiltration activities by the GRU, Russia’s main intelligence agency, and disruptive campaigns from Chinese state actors.
“We have been principally concerned in the past about the loss of Government information—classic espionage—or about cyber crime, which again is information based,” he said. “We are now also worried about the risk of disruption of essential services.”
“With Ukraine, the idea of any leverage over Russian-speaking organised crime groups or Russian state actors evaporated overnight. Three years later and there is no real response.”
Recruitment
The NAO report found that skills gaps posed the “biggest risk” to UK cyber resilience, with one in three cyber security roles in government vacant or filled by temporary staff in 2023-24.
The Government recently introduced a new digital pay framework, designed to be more competitive with private industry. However, Little said there are still “very scarce” competitive salaries in a “very hot market.”
Legacy IT
A major weakness to UK defence against cyber attacks is the Government’s use of Legacy IT systems – outdated computing software that doesn’t allow for growth.
The PAC heard that, as of January, there were 319 Legacy IT systems still running across government, and “almost a quarter” of them were “red-rated” – deemed the highest risk of attack, operational failure, or inability to meet departmental objectives.
Little said that the gap in awareness was “not acceptable”, adding that more funding was needed from central government to update systems.
Labour MP and member of the PAC, Lauren Edwards called on the Prime Minister to view cyber resilience as part of the UK’s defence strategy.
“Cyber resilience needs to be viewed as a crucial part of the UK’s defence strategy, with strong messages from the Prime Minister down.
“An urgent priority is to attract cyber specialists onto the government payroll and to have in place a plan to develop these skills in our young people. There will be a cost to this – but the cost of failing to improve our government’s cyber defences could be so much more in the long run.”
Read More Details
Finally We wish PressBee provided you with enough information of ( The UK is unprepared and vulnerable to Russian cyber attacks. Here’s why )
Also on site :