Britain is at the mercy of Russian hackers who are plotting cyber attacks that could bring the country to its knees, politicians have warned.
There are ten attacks happening every day, with many aiming to paralyse areas such as the NHS, the national grid and even Parliament.
And there is a ‘consistent rise in [Russia’s] appetite for attack’ on these sectors, according to the Joint Committee on National Security Strategy.
Such is the severity of the problem that the committee is now calling for a designated cyber security minister.
It said the UK needed a minister ‘who, as in a war situation, has the exclusive task of assembling the resources… and executing the measures needed to defend against the threat’. The Government is utterly failing to respond to the cyber ‘arms race’, the committee heard.
In a report, the group said ministers had a ‘wholly inadequate’ grip on the danger hostile nations posed to our critical national infrastructure (CNI).
The past year has seen cyber attacks on the health, telecommunications, energy and Government sectors. The head of the National Cyber Security Centre, Ciaran Martin, told MPs and peers in the committee that Russia has already established ‘a foothold [in the UK’s internet infrastructure], an intrusion that you can use for ongoing espionage purposes or can develop as the potential for a hostile, disruptive and destructive act in the future’.
He also warned that Russia has begun to diversify its targets to include ‘softer power democratic institutions’. But it is not just Russia that poses a major threat, Britain is ill-prepared to fend off computer hacking attacks from other nations such as North Korea, China and Iran.
Organised crime groups are also thought to be behind the regular attacks on UK institutions
State sponsored hackers are branching out from stealing secrets and intellectual property theft and ‘starting to explore offensive cyber capabilities to damage, disrupt or destroy the systems or networks of their adversaries’, according to the Cabinet Office.
Organised crime groups are also becoming as sophisticated and dangerous as nation states in their cyber capabilities and it has never been so easy and cheap to launch a catastrophic attack, the report suggests. In the last two years there have been 1,000 significant cyber attacks – around ten a week. Not all of these have targeted the UK’s CNI, but some such as the May 2017 WannaCry attack which crippled the NHS, have had a devastating impact.
Despite the escalating threat, Britain has not adequately protected such infrastructure from attack and there is ‘no silver bullet’ to solve the ‘wicked problem’, the committee concluded.
It found that ‘too many networks are still insecure’ and the operating systems in some areas such as electricity substations and transportation control rooms were often old, vulnerable to attack and difficult to fix.
Steve Unger, chief technology officer at the communications regulator Ofcom, told the committee: ‘Together with Government we need to find a way of upping our game in this area in what is ultimately an arms race, but doing so in a way that is still deliverable.’
Yesterday a Government spokesman said: ‘Ensuring our critical national infrastructure is secure and resilient against cyber attacks is a priority for the Government, which is why we are investing £1.9billion to improve our cyber capabilities.’
Attacks getting through
- Almost a third of hospitals were crippled in Britain’s worst ever cyber attack in May last year. The WannaCry malware, thought to be from North Korea, infected computers at 81 health trusts. A ransom was demanded to decrypt each computer. Nearly 20,000 operations and appointments were cancelled and five A&Es were shut down
- Last November it was confirmed state-backed Russian hackers had infiltrated Britain’s power grid in an unsuccessful plot to plunge the nation into darkness
- Hackers tried to guess 9,000 Parliamentary email account passwords, including those of cabinet ministers, in June 2017. Iran was later blame