The UK is unprepared for a large-scale ransomware attack and “at any moment” could be brought to a standstill, a new report says.
Parliament’s Joint Committee on the National Security Strategy (JCNSS) said responsibility for tackling ransomware attacks should be taken off the Home Office – which the report accuses of giving political priority to other issues – and given to the Cabinet Office and overseen directly by the deputy prime minister.
The report claimed former home secretary Suella Braverman “showed no interest” in the issue and instead focused on illegal migration and small boats.
Russian ‘Star Blizzard’ spies accused of years of cyberattacks on UK
Ransomware is a cyberattack where hackers breach a system and lock access to data and files, demanding payment in order to release the files or stop them being leaked.
It has been used in a number of high-profile cyberattacks, including the Wannacry attack on the NHS in 2017.
In its report, the JCNSS says the UK’s regulatory frameworks are insufficient and outdated, and warns that large swathes of critical national infrastructure remain vulnerable to ransomware because they rely on legacy IT systems.
It says there has been a failure to sufficiently invest in safeguards to prevent a major crisis, despite government agencies like the National Cyber Security Centre (NCSC) warning about ransomware attacks, particularly from groups linked to Moscow, Beijing, and Pyongyang.
As part of its report, the committee has also called for a private briefing from the NCSC on preparations to protect Britain from cyberattack ahead of the upcoming general election citing concerns over possible interference in the democratic process.
Dame Margaret Beckett, chair of the JCNSS, said: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations.
“It is clear to the committee that the government’s investment in and response to this threat are not equally world-beating, leaving us exposed to catastrophic costs and destabilising political interference.
“In the likely event of a massive, catastrophic ransomware attack, the failure to rise to meet this challenge will rightly be seen as an inexcusable strategic failure.
“If the UK is to avoid being held hostage to fortune, it is vital that ransomware becomes a more pressing political priority, and that more resources are devoted to tackling this pernicious threat to the UK’s national security.”
A Home Office spokesperson said: “We welcome the JCNSS’s report and will publish a full response in due course.
“The UK is well prepared to respond to cyber threats and has taken robust action to improve our cyber defences, investing £2.6bn under our Cyber Security Strategy and rolling out the first ever government-backed minimum standards for cyber security through the NCSC’s Cyber Essentials scheme.
“We have also, this year, sanctioned 18 criminals responsible for spreading a prolific ransomware strain, taken down a piece of malware that infected 700,000 computers and led on an unprecedented international statement denouncing ransom payments, signed by 46 nations.”
A government spokesperson said: “We welcome the JCNSS’s report and will publish a full response in due course.
“The UK is well prepared to respond to cyber threats and has taken robust action to improve our cyber defences, investing £2.6bn under our Cyber Security Strategy and rolling out the first ever government-backed minimum standards for cyber security through the NCSC’s Cyber Essentials scheme.
“We have also, this year, sanctioned 18 criminals responsible for spreading a prolific ransomware strain, taken down a piece of malware that infected 700,000 computers and led on an unprecedented international statement denouncing ransom payments, signed by 46 nations.”