View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

UK government to set cybersecurity targets for critical national infrastructure to counter Russian threat

As UK organisations face a growing threat from Moscow's hackers, plans are afoot to boost security.

By Claudia Glover

The government is setting new cyber resilience targets for the UK’s critical national infrastructure (CNI), with a compliance deadline of 2025. The news comes after the National Cyber Security Centre (NCSC) warned that hackers aligned to the Russian government are setting their sights on UK CNI.

Cabinet Office minister Oliver Dowden says UK critical infrastructure providers will be set new cybersecurity resilience targets. (Photo by I T S/Shutterstock)

Cabinet Office minister Oliver Dowden announced the targets for the organisations running utilities, such as the power grid and water network, as part of a speech at the CyberUK conference in Belfast this morning.

Critical National Infrastructure providers must be safe and secure

Dowden said the government would be “setting specific and ambitious cyber resilience targets for all critical national infrastructure sectors to meet by 2025″. He told delegates at the conference: “These are the companies in charge of keeping our country running, of keeping the lights on. Our shared prosperity depends on them taking their own security seriously, and that extends to their cybersecurity. A bricks-and-mortar business wouldn’t survive if it left the back door open to criminals every night.”

The targets could apply to all businesses in the CNI supply chain, Dowden added.

While the UK government is putting the emphasis on businesses to boost cybersecurity, the US government’s acting national cyber director Kemba Walden told the conference that governments must share more of the burden of responsibility of cybersecurity with the private sector.

“We need to rebalance responsibility for managing cyber risk by rethinking whom we ask to keep us all secure,” Walden said. “Today, across the public and private sectors, we tend to devolve responsibility for cyber risk downwards. We ask individuals, small businesses and local governments to shoulder a significant burden for defending us all. This isn’t just unfair, it’s ineffective.”

NCSC warns of Russian threat to critical infrastructure

Downden’s comments came as the NCSC revealed that over the past 18 months, UK infrastructure has had to weather a growing threat from Russia-aligned cybercriminals.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

These gangs do not appear to be in the control of the Russian state, which makes them more unpredictable, the NCSC said in a warning published today. Their motivations are thought to be ideological rather than financial.

Aggressive Russian cyber gangs targeting the UK are not a new threat, but the focus of some appears to be changing, causing alarm in the NCSC. “Some have stated a desire to achieve a more disruptive and destructive impact against Western CNI, including in the UK,” the NCSC said. “We expect these groups to look for opportunities to create such an impact, particularly if systems are poorly protected.”

It notes that these gangs are not currently at a level where they could cause chaos on a national scale, but is recommending that organisations shore up their defences now as the gangs may become more effective over time.

Read more: Russian hackers are bypassing OpenAI’s ChatGPT restrictions

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.