The UK government has identifiedalongside terrorism. vast sums of money every year – and that’s just the cybercrime we know about because it is vastly under-reported. Government and (CNI) remain crucial targets for the organized crime gangs that run a large proportion of cybercrime and hostile nation-states, although these are rarer. However, they sometimes outsource this kind of “work” to crime gangs. So, (as we may well consider attacks on CNI) could be in the hands of hostile nations, and the criminal element of those w
The world has seen several times in fact, what happens when they are successful (think about Ukraine’staken down three times, and WannaCry and NotPetya disabling businesses and the NHS). But is our security enough to cope with this persistent and evolving threat? The biggest today is the general lack of conviction that any danger exists” – that was said by Lord Radcliffe in a Security Report in 1962.
To address this Tier One threat, there needs to be an accurate understanding at the heart of government – it is several years since the National Audit Office (NAO). The number of remotely managed or web-enabled systems grows every year, and, quite rightly, our CNI needs to benefit from the increased manageability and .
At the same time, the rush to interconnect numerous legacy systems continues unabated, making systems that were never designed to be internet-facing precisely that. Connectingto the internet makes them a “legitimate” target to nation-states using offensive attack capabilities and criminals and terrorists alike. They do not make distinctions based on any moral or ethical code – they seek a result.
So, if we continue to web-enable everything in our CNI, it would be forgivable to imagine that we have taken every possible measure to ensure their security and resilience. Yet as recently as 2017, we discovered that over a third of infrastructure organizations in the UK had not completed basic cyber security standards issued by the UK government, known as the. There can be little doubt, then, that there is a lack of long-term thinking around this area and what looks like an approach akin to “if it ain’t broke, don’t fix it”.