MPs to examine cyber resilience of UK’s critical national infrastructure

The UK Parliament’s Science and Technology Committee has launched an inquiry into the cyber resilience of the nation’s critical national infrastructure (CNI). The Committee said it will assess the progress of UK CNI toward achieving recently announced resilience targets by 2025, what support the sector needs to achieve those targets and efforts to make computer hardware architecture more secure by design to protect CNI. It will also explore what the government’s approach to standards and regulations for cyber resilience and preparedness, supply chain access, and trusted partners should be. Submissions of evidence are welcome and can be made until Friday November 10, 2023, the Committee said.

In April, the UK National Cyber Security Centre (NCSC) issued an alert to CNI organisations warning of an emerging threat from state-aligned groups, particularly those sympathetic to Russia’s invasion of Ukraine. The alert stated that newly emerged groups could launch “destructive and disruptive attacks” with less predictable consequences than those of traditional cybercriminals, with CNI organisations strongly encouraged to follow NCSC advice on steps to take when cyber threat is heightened.

In the same month, research from cybersecurity services firm Bridewell indicated that the cost-of-living crisis could trigger a rise in cyberattacks and security risks impacting UK CNI. The Cyber Security in Critical National Infrastructure Organisations: 2023 report found that over a third (34%) of organisations across UK CNI anticipate a rise in cybercrime as a direct result of the current economic situation.

UK the third most targeted country in the world for cyberattacks

The UK is the third most targeted country in the world for cyberattacks, after the US and Ukraine, the Committee wrote. “In recent years the UK has seen the use of offensive cyber capabilities by state and non-state actors proliferate. The UK government’s National Cyber Strategy 2022 and the Government Cyber Security Strategy 2022-2030 recognised cyber threats to UK CNI – infrastructure whose disruption would have significant national impact – as an area of particular concern,” it added.

Digital infrastructure is critical for supporting growth and helping to transform the delivery of public services. It is also a keystone in developing critical and emerging technologies within the Science and Technology Framework, and essential to UK national security under the 2023 Integrated Review Refresh, the Committee said. “Much of the UK’s CNI is underpinned by this digital infrastructure, which must be resilient to cyberattack if it is to fulfil such fundamental roles in the UK economy.”

The Committee stated is will welcome submissions addressing any or all of the following topics:

• The types and sources of cyber threats to CNI most critical to the function of the UK digital economy:
  • Communications (including space)
  • Energy
  • Government
  • Finance
• The strengths and weaknesses of the UK government’s National Cyber Strategy 2022 and Government Cyber Security Strategy 2022-2030 in relation to CNI for the digital economy.
• The effectiveness of the strategic lead provided by the National Security Council, government departments and agencies, and the NCSC, and the coherence of cross-government activity.
• The effectiveness of the government’s relationships with, respectively, private sector operators and regulators in protecting and preparing CNI organisations most critical to the UK digital economy from cyber-attacks.
• The interventions that are required from government and CNI organisations most critical to the UK digital economy to ensure the government’s cyber resilience targets by 2025 are achieved.
• The role of “secure by design” and emerging technologies in the cyber resilience of CNI most critical to the UK digital economy and supply chains.