British systems are in danger due to a chronic lack of investment, according to a government study
The United Kingdom is vulnerable to a “catastrophic” cyber attack that could cripple large sections of its most critical infrastructure, a parliamentary report has warned.
The report, published on Wednesday by the UK parliament’s Joint Committee on the National Security Strategy (JCNSS), claims that the government failed to adequately invest in systems designed to prevent large-scale cyber attacks. It was also highly critical of the UK’s Home Office – under whose remit the prevention of cyber attacks falls – and said that former Home Secretary Suella Braverman had neglected the issue.
The committee said that Braverman showed no interest in the prevention of ransomware, a type of cybercrime in which data and files are stolen and a payment is demanded to return the files or prevent them from being released.
“Clear political priority is given instead to other issues, such as illegal migration and small boats,” the report said, adding that a “catastrophic” attack – which it said might come “at any moment” – could pose a serious “threat to physical safety of human life.”
The UK’s critical national infrastructure vital to the proper functioning of society, including energy and water supply, as well as health, transportation, and telecommunications, is also in severe jeopardy, the report warned.
“In the likely event of a massive, catastrophic ransomware attack, the failure to rise to meet this challenge will rightly be seen as an inexcusable strategic failure,” Dame Margaret Beckett, the chair of the JCNSS, told Sky News on Wednesday.
The National Health Service (NHS) was also identified as a possible target, with the committee noting that it relies on out-of-date systems which complicate even “simple upgrades” because of a historical lack of investment.
Last year, NHS patient data was illegally obtained by hackers, causing widespread issues to services including ambulance dispatch, patient referrals, mental health services, and emergency prescriptions. The NHS was also struck by a similar ransomware attack in 2017.
Additionally, the committee also called for a briefing from the National Cyber Security Centre (NCSC) over concerns that the UK’s democratic process could be affected by a cyber attack ahead of an expected general election next year.
In response to the report, a Home Office spokesperson said that the UK was “well prepared to respond to cyber threats and has taken robust action to improve our cyber defenses,” and added that the UK has this year sanctioned 18 people it said was involved in spreading ransomware online.