UK government vulnerable to ‘catastrophic ransomware’ attack: Report

The UK government is at risk of a “catastrophic ransomware attack” that can potentially bring the country to a “standstill,” warned a new parliamentary committee report.

“A major ransomware attack could have a devastating impact on UK citizens and the economy, and undoubtedly represents a major threat to UK national security,” the report said. “It would also shine a spotlight on the inadequacy of the Government’s efforts to secure the UK against ransomware, and to prepare for the aftermath of a major cyberattack.”

A report by the Office for Budget Responsibility (OBR) last year revealed that a major cyberattack or ransomware attack on the UK government could lead to a loss of 1.6% of Gross Domestic Product (GDP) to the country’s economy.

A key reason for increasing cyber vulnerability is that the government infrastructure is being run on outdated systems, said the Joint Committee on the National Security Strategy (JCNSS). While the report acknowledged the efforts made by the National Cyber Security Center (NCSC) to improve the country’s cyber resilience, the UK government’s digital infrastructure continues to remain vulnerable, especially in areas where it has made inadequate investments to upgrade legacy systems.

“Supply chains are also particularly vulnerable and have been described by the NCA as the ‘soft underbelly’ of CNI [Critical National Infrastructure]. With different CNI operators sharing the same supplier, a single attack could also affect multiple sectors at once, with damaging and widespread consequences,” the report said.

The report recommended improved support by the UK government to support the local government and authorities. The NCSC should be adequately funded so it can establish a dedicated local authority cyber resilience program to ensure securing council supply chains, it recommended.

The report lambasted the UK government’s attitude in ignoring the risk, which may lead to “catastrophic costs” later on. “If the UK is to avoid being held hostage to fortune and avoid electoral interference it is vital that ransomware becomes a more pressing political priority, and that further substantial resources be devoted to tackling this pernicious threat to the UK’s national security,” the report added.

Growing attacks on state-owned infrastructure in several regions

The concerns of the Committee are not unfounded, as there has been a marked increase in cyberattacks on the country. Earlier this year, the UK’s National Cyber Security Centre issued an alert to Critical National Infrastructure (CNI) organizations and warned of an emerging threat from state-aligned groups. The UK is the third most targeted country, after the US and Ukraine, in terms of cyberattacks.

“The threat comes particularly from state-aligned groups sympathetic to Russia’s invasion of Ukraine and has emerged over the past 18 months,” the NCSC alert said.

In addition, the country’s National Health Service (NHS) was attacked last year, which not only disrupted several health services but might have led to the patients’ data falling into the hands of malicious elements.

Overall, there has been an increase in the number of attacks on critical infrastructure owned by the Government. Earlier this year, several federal agencies in the US faced attacks, which were related to MOVEit, a file transfer system. Similarly, Australia also reported a marked increase in cyberattacks on its critical infrastructure, with an attack on its infrastructure every six minutes.

Cyberattacks are growing in frequency across the world, making it imperative for governments to enhance measures to improve cybersecurity to keep pace with the growing sophistication of attackers. 


Go to Source