UK government’s ransomware failings leave country ‘exposed and unprepared’

The British government has been accused by a parliamentary committee of taking the “ostrich strategy” by burying its head in the sand over the “large and imminent” national cyber threat posed by ransomware.

The criticism follows the government publishing on Monday its formal response to a report from the Joint Committee on the National Security Strategy (JCNSS) that warned the government’s failures meant there was a “high risk” the country faces a “catastrophic ransomware attack at any moment.”

The JCNSS report made a range of recommendations in December and was particularly critical of the former Home Secretary Suella Braverman, who it said “showed no interest in the topic” despite her department claiming to be the government lead on the issue.

In Monday’s formal response, the government rejected key recommendations in the JCNSS report — including that the Home Office be stripped of its responsibility to tackle ransomware — and argued that its existing regulations and the current National Cyber Strategy were sufficient.

On Monday, Dame Margaret Beckett MP, the committee chair, said it was not surprising that the government wasn’t focusing on preparing “for the acknowledged, extremely high risk of a destructive and ruinously costly cyber-attack on the UK,” noting that a similar risk assessment had been made for a pandemic, despite which “our national response … could fairly be categorised as shambolic.”

Read More: The latest figures from The Record's ransomware tracker

Beckett said the government’s response to the JCNSS report made it “ever clearer that Government does not know the extent or costs of cyberattacks across the country - though we’re the third most cyber-attacked country in the world – nor does it have any intention of commensurately upping the stakes or resources in response.”

As previously reported by Recorded Future News, ransomware attacks are reaching record levels in the United Kingdom, with almost as many in the first six months of last year as there were in the whole of the year prior — with central and local government reporting more attacks in that period than they ever had before.

On Monday, the committee expressed its “ongoing, deep concerns” that the government’s “short-termism and lack of preparation and planning” was risking “a severely damaging ransomware attack - with consequences that vary from ongoing damage to the economy and productivity to the real possibility of a national emergency.”

Beckett asked: “If the Government insists on operating the ostrich strategy for national cybersecurity — based on legislation made before the internet arrived, centered on a Department that seems to have difficulty mustering much interest in the issue, and in stark contrast to the cyber-attackers who are so fantastically well co-ordinated and resourced — where is the pro-active national security response to protect the UK supposed to come from?

“The UK is and will remain exposed and unprepared if it continues this approach to tackling ransomware. This response from the Government is not the assurance the Committee sought or that the country needs, and all the responsible and coordinating Departments would benefit from going away and reconsidering how the UK is to defend against this most pernicious threat.”