You can’t look at a newspaper or read the internet these days without seeing a story about another cyber attack on a company or a government organisation around the world. The highest profile case recently has been the undermining of the US presidential election by Russian organisations. The findings of the CIA report in to the case, which has been very public ally pooh-poohed by President Trump, show just how much influence hackers can have on the democratic process.
There are clear implications that not taking cyber security seriously enough could have an impact on our own democracy. Angela Merkel has warned that internet-based attacks and Russian misinformation campaigns could “play a role” in this year’s German election campaign.
Jean-Yves Le Drian, the French defence minister, warned that April’s presidential election was vulnerable to cyber attacks. He said it would be “naive” to think France was immune to the type of hack that had targeted the US election.
One of the most recent attacks on Norway’s intelligence service, has been linked groups with links to the Russian authorities, but president Trump’s attitude towards the Russian regime continues to fuel concerns about cyber security.
And how can we be sure that the government are doing enough to protect British democracy, and indeed British firms, who are vulnerable to attack? Whenever I’ve asked the government about this, I always get the same “it’s a matter of national security” response. But that’s just not good enough.
Just last week the Commons public accounts committee took the Cabinet Office to task for taking too long to get their house in order on the UK’s cyber security strategy. As they said, the government haven’t co-ordinated the “alphabet soup” of national cyber security.
Consolidation of all the agencies that are working on this issue is vital to making sure that the UK is protected from what has been identified as one of the top four risks to the country.
The National Audit Office made similar conclusions back in September, and yet we still haven’t seen any concrete action from the government. Every day that the government drags its feet on this issue, we are putting our national security, our infrastructure and the economy at risk.
The National Cyber Security Centre, set up in October 2016, has been tasked with bringing together the different organisations working to protect information. But it still seems that there is confusion and a lack of information about who the NCSC is there to help.
When the UK is judged to be below Brazil, South Africa and India at keeping personal data secure, we should all recognise the benefits of getting a solution in place.
There has also been criticism of the skills gap that is emerging in the government’s cyber security profession. The number of professionals working in cyber security has risen by 163 per cent in the last five years, but this number hasn’t been reflected in the numbers working for the civil service.
We are lagging behind on skills and the latest technologies are constantly out-pacing the work of the civil service. I recognise that this is a huge challenge for the government to deal with, and requires a whole new way of looking at the issues to be able to keep up with developments in the cyber world, but we can’t keep coming up with excuses.
We are in a situation where a Commons committee is calling on the government to take a lead on the serious issues; a lack of planning by those in charge of the strategy; a bad attitude towards reporting of breaches; and chaotic approach to joining up all the departmental systems currently in place.
I’ve asked the minister to take a lead on this whole issue. He needs to get the right people and technology in place; consolidate the work of various departments and not throw his civil servants under the bus for the Government’s inability to innovate. We need to see quick action on this very real threat to our country.
Ian Lavery is shadow minister for the cabinet office, Labour’s joint national campaigns co-ordinator and MP for Wansbeck.