UK MPs call for a cyber security minister to defend critical infrastructure
Joint committee on national security strategy called the current security leadership 'wholly inadequate'
20 November 2018 | 0
A parliamentary committee has urged the government to appoint a dedicated cyber security minister to help protect the country’s critical national infrastructure (CNI).
The joint committee on national security strategy warned that the current level of ministerial oversight was “wholly inadequate”.
It argued that the establishment of an identifiable political leader at the centre of government was required to drive change consistently across the different departments and the various CNI sectors involved.
“Unless this is addressed, the government’s efforts will likely remain long on aspiration and short on delivery,” read the committee’s report.
“We therefore urge the government to appoint a single Cabinet Office Minister who is charged with delivering improved cyber resilience across the UK’s critical national infrastructure.”
This minister would be tasked with assembling the necessary public and private sector resources and executing the measures required to defend against significant cyber threats.
They would also be responsible for the cross-government development and delivery of the National Cyber Security Strategy and Programme.
The committee recommended that the role is empowered to hold departmental ministers to account, sit on the National Security Council (NSC) and relevant NSC sub-committees, and oversees the work of the National Cyber Security Centre and the relevant section of the National Security Secretariat.
Talal Rajab, head of cyber and national security at industry body techUK, welcomed the suggestions.
“The recommendation for the creation of a Cyber Security Minister, responsible for the cross-government delivery of the National Cyber Security Strategy, has merit and should be explored further,” he said.
“Much has changed since the strategy was published in 2016, with the threat to government and businesses constantly evolving. As the current strategy draws to a close, it is vital that cyber security becomes business as usual across all areas of government.
“The appointment of a Cabinet Office Minister designated as a cyber security lead could help ensure government remains one step ahead of the threat and drive real change across departments.”
Changing government strategies
The risk of the type of attack on critical infrastructure that hit Ukraine’s energy grid in 2015 and 2016 is growing and the threat is evolving.
In January, Ciaran Martin, the head of the National Cyber Security Centre (NCSC), told the Guardian that he anticipated such as an attack on the UK within the next two years.
“I think it is a matter of when, not if and we will be fortunate to come to the end of the decade without having to trigger a category one attack,” he said.
There is currently no single minister with responsibility for the cyber resilience of critical infrastructure across the UK, or for cyber security in general.
Instead, day-to-day oversight of cross-government efforts to protect CNI is currently led by officials, with ministers only occasionally checking in, procedures that the committee said are unfit for the task.
IDG News Service