The British government faces a potentially catastrophic threat that is described as “serious and advanced,” leaving it vulnerable to significant cyber attacks that could impact dozens of critical IT systems. The minister has been alerted to this threat.
According to the National Audit Office (NAO), there are 58 crucial government IT systems that have been identified with “significant cybersecurity gaps.” Additionally, at least 228 government IT systems are outdated and potentially vulnerable to cyber attacks. NAO did not disclose the specific systems to prevent revealing potential targets to attackers.
The data evaluated from the Cabinet Office reveals that multiple government organizations, such as HMRC and the Department for Work and Pensions, are at risk due to weak cybersecurity measures.
The warning about these vulnerabilities came after two recent cyber attacks, including one on the British Library by Criminal Ransomware Groups.
In May 2024, suspected Chinese hackers infiltrated military payment networks. The following month, a NHS foundation trust in South East London had to postpone thousands of appointments due to a cyber attack.
NAO expressed concerns that senior civil servants did not fully comprehend the importance of cybersecurity resilience due to inadequate investment and staffing. The government aims to significantly improve its cybersecurity by 2025.
The report by the expenditure watchdog highlights the need for bolstering UK resilience post-COVID-19 pandemic, focusing on various threats like floods and extreme weather events.
The National Cyber Security Center of GCHQ warned about the increasing complexity of cyber threats and the UK’s lagging defense capabilities to safeguard critical national infrastructure.
Notable ransomware threats come from China, Russia, Iran, and North Korea. Various cyber groups, including Bolt, Typhoon, Reborn, and Islamic State Hacking, pose significant threats to UK cybersecurity.
Jeffrey Clifton Brown, a member of the Conservative Party, emphasized the need for heightened government coordination, improved cyber skills, and updated IT systems to protect public services from cyber threats.
The government spokesperson acknowledged the past neglect of cybersecurity and announced new laws and projects to enhance national infrastructure resilience and cybersecurity skills.
NAO reported in April 2024 that 58 important IT systems were at high risk, indicating a pressing need for improved cybersecurity measures to prevent potentially catastrophic cyber attacks.
The increasing digitalization of government services makes it easier for malicious actors to disrupt critical services, emphasizing the urgency of enhancing cybersecurity defenses.
Gareth Davis of NAO warned that the threat of cyber attacks on public services is severe and ongoing, urging the government to prioritize cybersecurity resilience and protection of critical operations.
Nao highlighted the importance of addressing the long-standing shortage of cyber skills, improving accountability for cyber risks, and effectively managing risks associated with legacy IT systems.
The government’s efforts to address cybersecurity challenges were hindered by temporary staff shortages and outdated recruitment practices. NAO recommended addressing these issues to strengthen cybersecurity defenses.
Source: www.theguardian.com
