UK 'considering all options' to tackle cyberthreats, says government minister

The British government is “considering all options” to strengthen its response to cyberthreats, according to a speech on Tuesday by the country’s security minister, Dan Jarvis. The speech is one of the first indicating the Labour Party’s approach to the issue following this summer’s general election.

Speaking at the Predict conference in London, Jarvis said these options included reforming the Computer Misuse Act (CMA), referencing the 1990 law that campaigners argue is outdated and exposes cyber defenders to additional legal risks when conducting legitimate cybersecurity activities.

While in opposition, the Labour Party had proposed a legal amendment to the CMA that would have introduced a public interest defense for hackers, although this was not passed at the time. It is not clear whether a similar provision will be included in the government’s forthcoming Cyber Security and Resilience Bill when it is introduced to parliament next year.

In his speech at Predict, a conference hosted by Recorded Future, Jarvis particularly praised those who worked in the cybersecurity industry. Recorded Future News is an editorially independent unit of Recorded Future.

He said: “This country, our country, is enormously in the debt of many of you in this room who strive day in and day out to protect us all. Your dedication and your accomplishments have never been more important.”

Daniel Cuthbert, a co-chair of the British government’s cybersecurity advisory board who was himself prosecuted under the CMA, wrote on social media that it was “great to hear” that the government was considering reforming the legislation.

Jarvis warned that cyberattacks impacting organizations in the United Kingdom were causing “significant harm” and “destroying businesses and ruining lives.”

“That’s why the government is reviewing the threats that we face and addressing priority cyberthreats like ransomware, which is the most acute cyberthreat facing the most U.K. organizations.”

He praised ongoing work, including at the Counter Ransomware Initiative, to tackle ransomware threats by drawing on different levers — including the insurance industry, which a senior White House official has demanded should stop funding ransomware payments.

Jarvis also said that law enforcement disruption operations were “increasingly” showing “impactful effects” but cautioned there was “much more that we need to do. We are considering all options available to us, including reviewing the Computer Misuse Act to strengthen our response to the threat.”

“Put simply, cybersecurity is national security. Therefore, cyber incidents such as ransomware attacks, network intrusions for cyber espionage or IP theft, have significant and complex consequences,” the minister added.

The Kremlin’s deliberate blind eye

However, the threat facing the United Kingdom was posed by far more than just criminal actors, said Jarvis. Britain’s intelligence agencies and their international partners are working “around the clock to expose and counter” the malicious cyber activities undertaken by others too.

“As the MI5 director general Ken McCallum set out earlier this month, autocratic states persist in their efforts to undermine U.K. security. States including Russia and China are investing in advanced cyber operations, and it is a national security priority to detect, disrupt and deter this activity,” said Jarvis.

“Russia is home to one of the most expansive and destructive cyber criminal communities of the world, which targets global businesses with ransomware and other forms of cyberattack for profit. The Kremlin deliberately turns a blind eye to the activities of many cyber criminals within its jurisdiction, choosing not to prosecute them as long as their crimes serve the regime’s interests.

“But the Russian state also has extensive cyber capabilities of its own. The National Cyber Security Centre has confirmed Russian attempts to target key sectors of the British economy, including the U.K. media, telecommunications, political and democratic institutions, and energy infrastructure.

“We will not tolerate Russian cyber interference and will continue to work with our international partners to expose Russian cyber aggression and hold the Kremlin to account for its malign activity,” said Jarvis.

“Compared to Russia, China presents a more complex and significant long-term cyber challenge, and there have been a number of high-profile China-linked cyberattacks over the past few years varying in intensity and sophistication,” he added.

While the British government has so-far urged caution over blaming Beijing for a breach of Ministry of Defence data earlier this year, it has also publicly accused China state-affiliated hackers with “carrying out malicious cyber activity targeting UK institutions and individuals important to our democracy.”

“We will continue to engage with China, and we want to see a constructive debate aimed at making cyberspace a safer place to do business for companies and consumers. That’s why we regularly raise issues with China, and we will keep calling out all state and non-state actors for malicious activity when it is necessary to do so,” said Jarvis.