The UK Government’s Science and Technology Committee has launched an inquiry into the cyber resilience of the UK’s Critical National Infrastructure.
The inquiry will explore the progress of the UK’s Critical National Infrastructure toward achieving resilience targets by 2025.
The Committee will also look at the support the sector needs to achieve those targets and efforts to make computer hardware architecture more secure by design.
The government’s approach to standards and regulations for cyber resilience will be investigated, and preparedness, supply chain access, and trusted partners will be looked at in particular.
Cyber threats to the UK’s Critical National Infrastructure are of particular concern
Exacerbated by Russia’s invasion of Ukraine, the UK has seen the use of offensive cyber capabilities by state and non-state actors proliferate.
After the US and Ukraine, it is reported that the UK is the third most targeted country in the world for cyber attacks.
In particular, the UK Government’s National Cyber Strategy 2022 and the Government Cyber Security Strategy 2022-2030 identified cyber security threats to the UK’s Critical National Infrastructure as an area of concern.
The disruption of this infrastructure would have a significant impact across the nation.
The role of digital infrastructure
Digital infrastructure is vital for developing emerging technologies within the Science and Technology Framework. Under the 2023 Integrated Review Refresh, digital infrastructure is reported to be essential to the UK’s national security.
The UK’s Critical National Infrastructure is said to be underpinned by this digital infrastructure, highlighting why it must be cyber resilient.
It is privately owned, using computer systems connected to large networks. Because of this, concerns have been raised about competing priorities between government and private operators over cyber resilience strategies. This includes appropriate investment levels and how fast a service is restored following an attack.
Operators can replace proprietary computer systems with commercial products with mixed levels of cyber resilience. This increases the opportunity for cyber attacks that have great physical disruption.
Previous cyber attacks
The Committee reported that the 2017 WannaCry ransomware attack is the best-known cyber attack affecting the UK’s Critical National Infrastructure. Despite not even deliberately targeting the UK, the attack caused significant disruption to NHS medical services.
The Electoral Commission announced in August this year that hackers had obtained the details of tens of millions of British voters in a complex cyber attack. This attack went undetected for over a year.
Submissions accepted by the Committee
The Committee is seeking submissions from experts on sources of cyber attacks to the Critical National Infrastructure.
Submissions should be concise, including an introduction to you or your organisation and a reason for submitting evidence.
Evidence submissions are open until Friday 10 November 2023.