Ransomware incidents in the United Kingdom are now so impactful that the majority of the British government’s recent crisis management COBRA meetings have been convened in response to them rather than other emergencies.
The need to regularly hold cross-departmental COBRA meetings reveals how little progress Westminster has made to address the risks ransomware poses to the country, according to multiple sources with knowledge of the government’s response, speaking to The Record on the condition of anonymity because they were not authorized to openly discuss the matter.
They noted that despite the repeated warnings of the National Cyber Security Centre’s (NCSC) chief executive Lindy Cameron describing ransomware as the most acute threat facing the country, there did not appear to be a proportionate level of ministerial interest. Successive Home Secretaries have instead prioritized the issue of small boat crossings of migrants in the English Channel.
The gatherings — officially known as a meeting of the Civil Contingencies Committee, which takes place in the Cabinet Office Briefing Room (COBR) — have historically been convened in response to terror attacks, but are now increasingly focused on cybersecurity incidents affecting critical services.
According to the NCSC’s annual review, the U.K. was impacted by 18 ransomware incidents this year which “required a nationally coordinated response” including attacks affecting the South Staffordshire Water utilities company and the National Health Service software supplier Advanced. The increased focus on these incidents at COBRA meetings has not previously been reported.
The surge in COBRA meetings follows a cross-Whitehall “sprint” — a project management term — on ransomware which concluded last December. Its intention was to come up with recommendations to deal with the issue that would be signed off on in advance of the G7 meeting of interior ministers at the end of 2021. However a year on from the conclusion of that “sprint” the government has still delivered no actionable…