IT security leaders have called on the new Labour government to make enhancing the UK’s ability to counter and defend aggressive cyber attacks – particularly those from nation-state-backed threat actors – more of a priority as Westminster embarks on a new Strategic Defence Review.
Commissioned by prime minister Keir Starmer, overseen by defence secretary John Healey, and headed by former Nato secretary general Lord George Robertson, the “root-and-branch” review is tasked with making the UK secure at home and strong abroad, centering areas such as strengthening homeland security, maintaining the country’s role in Nato, modernising and maintaining the nuclear deterrent, and adapting military services and equipment programmes to meet changing needs.
The government said that cyber attacks and misinformation also required “in-depth” analysis as part of the review and last week, speaking to BBC Radio 4’s Today programme alongside the Nato summit in Washington DC, armed forces minister Luke Pollard teased that the review would focus on cyber security measures to some degree.
In response, Jamie Moles, ExtraHop senior technical manager, said it was encouraging to see cyber security remained on the radar, but he would feel more reassured if the government had presented a concrete plan, rather than just hinting at one.
“Pollard stated that Britain’s cyber security will be reviewed during the Defence Review, with spending contingent on the UK economy’s growth. This is quite concerning. We can’t afford to wait years for the Defence Review or for economic improvement, our systems are currently vulnerable to attacks,” he said.
“Cyber attacks can be detrimental to the economy, and the recent Synnovis attack, though financial details are undisclosed, undoubtedly strained NHS finances. A larger-scale attack on our critical national infrastructure or increasing cyber attacks on British businesses could significantly hinder our economic growth. The Labour government needs to move beyond discussions and take immediate action. Effective defences must be implemented now to safeguard our nation.”
Powerful cyber industry
Verona Johnstone-Hulse, UK head of government affairs at NCC Group, said the UK’s leadership in cyber security, thanks to its “powerful cyber industry” and world-leading bodies such as the National Cyber Security Centre, should extend more into the international sphere.
“It is imperative that cyber security and resilience are central to the Strategic Defence Review. We must maintain key ambassadorial roles, including a UK cyber ambassador, and invest in our national cyber defences. Failure to do so would not only put the UK at risk, but would undermine our position on the world stage,” she said.
Johnstone-Hulse cited several trends, including the war in Ukraine, cyber attacks with tangible real-world impacts, the ongoing high volumes of ransomware attacks, and the emergence of artificial intelligence as a threat vector, as indicators of the cyber sector’s criticality to the UK’s national security.
“While we have yet to witness the catastrophic ‘cybergeddon’ some predicted, it’s clear that cyber warfare is a crucial element in today’s hybrid battlefield,” she said. “In this challenging environment, collaboration with our allies to secure cyberspace is more vital than ever, ensuring our economies thrive in this digital age.”
The Strategic Defence Review comes barely three years after the Integrated Review of Security, Defence, Development and Foreign Policy, which was released in March 2021 during Boris Johnson’s tenure in Number 10.
The Integrated Review drew praise from the cyber community on a number of points, not least its ambition to make cyber security a tool of national defence, and an encouraging vision of a more joined up and resilient approach to the UK’s global role in light of both Brexit and the Covid-19 pandemic. It also drew criticism over language which, if read a certain way, implied that the UK might use nuclear weapons against cyber threat actors.