UK Government Accused Of ‘Ostrich Strategy’ On Ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

The UK government may be sleepwalking towards a catastrophic ransomware incident, an influential committee has warned.

The Joint Committee on the National Security Strategy has responded to a report issued by the government following a ransomware inquiry.

In this report, the government rejects recommendations made by the JCNSS late last year, most notably that responsibility for ransomware strategy should be removed from the Home Office, and that a cross-sector regulatory body should be created to oversee cyber security for critical national infrastructure operators.

“When the UK implemented the original EU Directive, the question of whether to use a single, national regulator for cyber security or, instead, use multiple, sector-based regulators was examined,” said the government.

“Supported by feedback from industry, it was agreed that a multiple, sector-based, regulatory system was the best approach. Through this, regulators from specific sectors would have the opportunity to use their knowledge to improve the cyber resilience of individual sectors in a way that a single, national regulator could not.”

However, the committee is scathing in its response, describing the government’s attitude as an ‘ostrich strategy’.

“Perhaps it is not surprising that government is not focused on preparing for the acknowledged, extremely high risk of a destructive and ruinously costly cyber-attack on the UK,” commented chair Margaret Beckett.

“In this response to our ransomware report, it is ever clearer that government does not know the extent or costs of cyberattacks across the country – though we’re the third most cyber-attacked country in the world – nor does it have any intention of commensurately upping the stakes or resources in response.”

The committee points out that more than four in ten operators of essential services have said they don’t have the skills and capacity to deliver their obligations under the current network and information systems regulations. The government needs to make a new offer, the committee says, particularly for local authorities which lack the necessary resources, and is failing to acknowledge how unaffordable the insurance market can be for some cyber-attack victims.

“It instead suggests that the roll out of the National Cyber Strategy should begin to reduce claims and therefore lower premiums,” says Beckett, “despite the committee’s report highlighting both the rapid recent growth of costly cyber-attacks and the government’s lack of understanding of the frequency and type of attacks that are actually occurring or how often or what amounts of ransoms are being paid.”

Industry opinion appears to be on the side of the JCNSS.

“This was a damning report on the government, and the response to its findings raise further alarms. The UK government has responded to many of the findings in the report and their overall conclusion is that they are doing enough to tackle ransomware. But the committee doesn’t agree with this,” says Mike Newman, CEO of My1Login.

“If the findings in the report are correct, it sounds like the UK is highly vulnerable to a devastating ransomware attack. No one can say for sure what this will look like, but with automation now being used to facilitate electrical, water and gas supplies into peoples’ homes, there is a high chance important utilities would be the target.”

He adds: “Burying heads in response to the threat is not the answer.”

A review by the Competition and Markets Authority review is expected to integrate the recommendations from the report, and the JCNSS says it expects to see this reflected in forthcoming urgent legislation. It says it will also continue to press for its recommendations to be implemented in full.


Click Here For The Original Source.

National Cyber Security