UK government risking ‘catastrophic ransomware attack,' parliamentary report warns

Because of the British government’s failures to tackle ransomware, there is a “high risk” the country faces a “catastrophic ransomware attack at any moment,” according to an unprecedentedly critical parliamentary report published Wednesday by the Joint Committee on the National Security Strategy (JCNSS).

In particular, the report singles out former Home Secretary Suella Braverman, who it describes as having “showed no interest in the topic” despite her department claiming to be the government lead on the issue as a national security risk and policy matter.

Citing “an exposé in The Record,” the JCNSS said it had “compared public statements on ransomware with those on another major policy issue — small boats.”

“We found that the Home Office’s public output on cyber security and ransomware has been almost nonexistent, and has been dwarfed by its focus on small boats and illegal migration,” the JCNSS said.

The report calls for the Home Office to be stripped of its responsibility for ransomware and for this to instead be given to the Cabinet Office, in partnership with the National Cyber Security Centre and National Crime Agency, to “be overseen directly by the Deputy Prime Minister, as part of a holistic approach to cyber security and resilience.”

Dame Margaret Beckett, the chair of the JCNSS, said: “The UK has the dubious distinction of being one of the world’s most cyber-attacked nations. It is clear to the Committee that the Government’s investment in and response to this threat are not equally world-beating.”

Beckett warned that “in the likely event of a massive, catastrophic ransomware attack, the failure to rise to meet this challenge will rightly be seen as an inexcusable strategic failure.”

What are the answers?

The government “knows that the possibility of a major ransomware attack is high, yet it is failing to invest sufficiently to prevent catastrophic costs later on,” warned the report, which recommended several areas for greater investment.

As previously reported by Recorded Future News, ransomware attacks are reaching record levels in the United Kingdom, with almost as many in the first six months of this year as there were in the whole of last year — with central and local government reporting more attacks in that period than they ever had before.

Alongside recommending handing over the responsibility for tackling ransomware to the Cabinet Office, the report calls for increased investment in both the NCSC and the NCA so they can assist public sector organizations when affected by a ransomware attack.

“The NCSC should be funded to establish an enhanced and dedicated local authority cyber resilience programme, including intensive support for local exercising and on securing council supply chains,” the Committee wrote.

It also called for the government to “invest significantly more resources in the National Crime Agency’s response to ransomware, enabling it to pursue a more aggressive approach to infiltrating and disrupting ransomware operators.”

Looking ahead to an expected election in 2024, Beckett said: “If the UK is to avoid being held hostage to fortune and avoid electoral interference it is vital that ransomware becomes a more pressing political priority, and that further substantial resource be devoted to tackling this pernicious threat to the UK’s national security.”

A government spokesperson said they welcomed the report and would “publish a full response in due course.”

Their brief statement highlighted how the government had, in two tranches of sanctions this year, targeted 18 criminals operating in the ransomware ecosystem — along with signing an international statement denouncing ransom payments as part of the Counter Ransomware Initiative.

The spokesperson stressed that there were no plans to remove the Home Office’s role as the lead department for cybercrime.

Paul Foster, the deputy director of the NCA’s National Cyber Crime Unit, said: “Cybercrime is borderless, with many cybercriminals operating from hard to reach jurisdictions, and so an innovative and collaborative response is required to tackle it… We are making good progress, but as the report makes clear, there is always more we can do as a system to ensure the UK is protected.”