Government must urgently awaken to threat ransomware poses to UK national security
In May 2021, president Joe Biden declared a national state of emergency after a ransomware attack by Russian DarkSide forced one of the United States’ largest and most vital oil lines to shut down for six days.
Today in the UK we are at high risk of a catastrophic cyber-attack at any moment. Ransomware is a type of malicious software — ‘malware’ — designed to damage and destroy computer systems, usually to facilitate extortion.
It can cause severe disruption to the delivery of core government services, including healthcare and child protection, as well as ongoing economic losses. Swathes of UK critical national infrastructure (CNI) – much of which is operated by the private sector — remain vulnerable to ransomware, especially where sectors still rely on legacy IT systems.
Victims have described going ‘back to a pre-computer era of the 1950s in mere minutes’ as they were locked out of digital systems and forced to resort to pen and paper. A coordinated and targeted attack has the real potential to bring the country to a standstill.
MDU and Red Whale come together to support healthcare professionals’ educational needs
Humanists UK backs first reading of disestablishment Bill
The majority of ransomware attacks against the UK are from Russian-speaking perpetrators, and the government is almost certain that Russian actors sought to interfere in the 2019 general elections. With new UK and US elections on the horizon, we can expect to see the integrity of our democratic systems tested again soon.
But as the Joint Committee on National Security Strategy that I chair reports today, the UK’s response to this national security threat is severely lacking. Our main legislative framework, the Computer Misuse Act, is irresponsibly outdated – it was introduced before the arrival of the internet – and government missed another chance to rectify this in the latest King’s Speech.
The agencies tasked with detecting, responding to, and recovering from ransomware attacks – and degrading further attack capabilities – are under-resourced and lacking key skills and capabilities: a…
