The Government faces a ‘critical’ threat from cyber attacks on its computer systems after “significant gaps” in vital IT systems remain vulnerable, the National Audit Office (NAO) has warned.
Efforts to improve defences are being thwarted by skills shortages with one in three cyber security roles vacant, and Ministers do not know how vulnerable to attacks most of the 228 “legacy” IT systems as are.
The report says the Government’s new cyber assurance scheme, GovAssure, which independently assessed 58 critical departmental IT systems by August 2024, found “significant gaps in cyber resilience”.
The Government’s own strategy includes a target for key bodies to be “significantly hardened to cyber attack by 2025”. The NAO warns that resilience has not improved fast enough to meet this aim.
And it says that failure to thwart attacks can result in “devastating effects on government organisations, public services and people’s lives”.
Last June, an attack on a supplier of pathology services to the NHS led to two health trusts postponing more than 10,000 acute outpatient appointments and 1,710 operations.
The National Cyber Security Centre, set up eight years ago to provide technical authority for cyber threats, assessed that 89 of the 430 incidents it managed because of their potential severity, between September 2023 and August 2024, were “nationally significant”
The British Library, hit in October 2023, has spent £600,000 rebuilding its services and expects to spend more as it continues recovery work.
Gareth Davies, the NAO auditor general, warned ministers they must catch up with the risk.
He said: “The risk is severe, and attacks on key public services are likely to happen regularly, yet Government’s work to address this has been slow.
“To avoid serious incidents, build resilience and protect the value for money of its operations, Government must catch up with the acute cyber threat it faces.”
Departments needed to address the long-standing shortage of cyber skills, strengthen accountability for cyber risk, and better manage the risks posed by legacy IT, he said.
Legacy systems can be more vulnerable to cyber attack because they have stopped being updated by the companies that sold them to the civil service and there dwindling numbers of technicians sufficiently skilled to maintain them.
The government estimated that it used nearly half of its £4.7bn IT spending in 2019 to keep legacy systems running. The NAO warn that risks to public services posed by legacy technology have built up over many years.
The NAO said it found that more than half of the cyber roles in several departments were vacant, and that seven in 10 of specialist security architects in post were temporary staff.
Government departments reported the salaries offered and civil service recruitment processes are barriers to hiring and retaining skilled staff.
The NAO found confusion surrounded the respective roles of departments and organisations such as the NCSC. Senior civil servants, it said, “have not consistently recognised the relevance of cyber risk to their strategic goals.”
Some departments were reluctant to share information about their cyber incidents with other parts of government, limiting the opportunities for other organisations to learn and improve their own cyber resilience.
Sir Geoffrey Clifton-Brown MP, chair of the influential Public Accounts committee, said: “We have seen too often the devastating impact of cyber attacks on our public services and people’s lives.
“The Government’s response has not kept pace. Poor co-ordination across Government, a persistent shortage of cyber skills, and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.”
He described the NAO report as a “stark wake-up call”.
This report does not cover the cyber resilience of local government, public corporations, businesses or UK society more widely. This report focuses on the cyber resilience of IT systems at the ‘official’ level of security classification and not systems classified as ‘secret’ or above.
Read More Details
Finally We wish PressBee provided you with enough information of ( Whitehall gets a wake up call as Government IT systems face severe cyber threat )
Also on site :
- EU queen Ursula preached transparency – then did backdoor deals with Big Pharma
- Martial Arts Star Johnny Tri Nguyen To Headline Vietnamese Historical Epic ‘The Last Secret Of The First Emperor’
- Suspect in armed carjacking arrested after barricading himself in stolen car in Live Oak