The government is setting new cyber resilience targets for the UK’s critical national infrastructure (CNI), with a compliance deadline of 2025. The news comes after the National Cyber Security Centre (NCSC) warned that hackers aligned to the Russian government are setting their sights on UK CNI.
Cabinet Office minister Oliver Dowden announced the targets for the organisations running utilities, such as the power grid and water network, as part of a speech at the CyberUK conference in Belfast this morning.
Critical National Infrastructure providers must be safe and secure
Dowden said the government would be “setting specific and ambitious cyber resilience targets for all critical national infrastructure sectors to meet by 2025″. He told delegates at the conference: “These are the companies in charge of keeping our country running, of keeping the lights on. Our shared prosperity depends on them taking their own security seriously, and that extends to their cybersecurity. A bricks-and-mortar business wouldn’t survive if it left the back door open to criminals every night.”
The targets could apply to all businesses in the CNI supply chain, Dowden added.
While the UK government is putting the emphasis on businesses to boost cybersecurity, the US government’s acting national cyber director Kemba Walden told the conference that governments must share more of the burden of responsibility of cybersecurity with the private sector.
“We need to rebalance responsibility for managing cyber risk by rethinking whom we ask to keep us all secure,” Walden said. “Today, across the public and private sectors, we tend to devolve responsibility for cyber risk downwards. We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all. This isn’t just unfair, it’s ineffective.”
NCSC warns of Russian threat to critical infrastructure
Downden’s comments came as the NCSC revealed that over the past 18 months, UK infrastructure has had to weather a growing threat from Russia-aligned cybercriminals.
These gangs do not appear to be in the control of the Russian state, which makes them more unpredictable, the NCSC said in a warning published today. Their motivations are thought to be ideological rather than financial.
Aggressive Russian cyber gangs targeting the UK are not a new threat, but the focus of some appears to be changing, causing alarm in the NCSC. “Some have stated a desire to achieve a more disruptive and destructive impact against Western CNI, including in the UK,” the NCSC said. “We expect these groups to look for opportunities to create such an impact, particularly if systems are poorly protected.”
It notes that these gangs are not currently at a level where they could cause chaos on a national scale, but is recommending that organisations shore up their defences now as the gangs may become more effective over time.