MPs question UK's cyber attack defences

The Commons Public Accounts Committee (PAC) has warned that the government's ability to protect the UK from cyber attacks is undermined by the ‘chaotic’ handling of personal data breaches.

Well documented data security breaches at Tesco, Northern Lincolnshire and Goole NHS Trust, Sage, and TalkTalk have recently thrown the challenge of protecting information into the spotlight. The PAC says that the Cabinet Office's role in protecting information remains ‘unclear within central government’, while there is little oversight of the costs and performance of government information assurance projects and ‘no coordination across the wider public sector’.

Additionally, the PAC’s report, Protecting information across government, highlighted that the government ‘faces a real struggle to find enough public sector employees with the skills to match the pace of change’.

Cyber attacks are ranked among the top four risks to UK national security, with the government reiterating that it had acted with ‘pace and ambition’ on the issue, pointing to the ‘ambitious national cyber security strategy’, the recent £1.9 billion of investment and the work of the UK's National Cyber Security Centre as evidence of how ‘the UK deals with cyber security’.

Meg Hillier, chair of the PAC, said: “The government has a vital role to play in cyber security across society but it needs to raise its game. Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.

“The threat of cyber crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. In this context it should concern us all that the government is struggling to ensure its security profession has the skills it needs.

“Leadership from the centre is inadequate and, while the National Cyber Security Centre has the potential to address this, practical aspects of its role must be clarified quickly. The government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support.”

Please register to comment on this article