April 6, 2022
In the spring of 2021, America’s Colonial Pipeline – the 5,500-mile fuel highway, which supplies half of the East Coast’s gasoline and diesel – came to an abrupt halt for six days. The cause was a cyber attack, launched by a criminal gang based in Russia. The stuff of nightmares for every board administrator.
President Putin’s war in Ukraine has included cyberattacks on the country’s government and banking sites. Western intelligence services have warned that more are likely to occur, with Russian cyber actors potentially already prepositioned in Ukrainian computer systems, gathering intelligence and preparing to launch disruptive activities.
The UK has been a strong supporter of Ukraine and is proud to have helped coordinate the international sanctions regime against Moscow, and many UK companies, including members of the CBI, have led the way in disengaging from Russia and Belarus.
Although the NCSC is not aware of any specific cyber threats to UK organizations in relation to the Russian invasion, there is an increased risk of hostile cyber activity. In the past year, two in five UK businesses have been the subject of some form of cyberattack or attempted breach.
If the UK is to be protected, government and business must act together.
That’s why today, as Minister responsible for cybersecurity and head of the UK’s largest business organization, we jointly call on businesses to work together and treat cybersecurity as a core board responsibility. administration; an equal threat to financial and other risks.
Strengthening collaboration and resilience is an integral part of the government’s national cybersecurity strategy, backed by £2.6 billion in funding. This includes a record investment in the National Cyber Security Center (NCSC), part of GCHQ, to provide resources and bring businesses together. Like the meeting today of directors of operators of critical national infrastructure, such as airports, power stations and major banks, to review, challenge and support preparations against cyber threats.
However, it is not just critical national infrastructure that needs to act. The government is also appointing senior business experts to our new National Cybersecurity Advisory Council, bringing lessons learned from all businesses to challenge and guide the UK’s approach and encourage lessons learned and greater collaboration.
A cyberattack knows no physical or geographic boundaries, and cybercriminals thrive on companies’ reluctance to share their experiences.
Companies must test the cybersecurity of their entire supply chains, down to the smallest partner, because any weakness can be exploited. It’s not hypothetical. The attack on the Colonial Pipeline, which disrupted the lives of millions due to supply shortages, soaring fuel prices, dry gas stations, was due to the theft of a single word of past.
The reluctance to share when something is wrong is entirely understandable, but cybersecurity is an area where healthy corporate rivalry will not help, and where cooperation and sharing of lessons learned, within and between our organizations , will make us all safer, and the customers and public we serve.
By report cyberattacks to the NCSC Incident Management team, businesses will be supported and their evidence will contribute to a better understanding to combat attacks more effectively in the future, and by following their advice Cyber Essentials at all levels of the company, you will be better protected. The public can also help – report suspicious activity like NCSC phishing emails has already identified and taken down 76,000 internet scams.
The greatest weakness of cyber defenses is often human error, just look at the Colonial Pipeline experience. While businesses have long recognized the importance of cybersecurity, the urgency is now much clearer. The invasion of Russia has increased the risk, and as the Russian economy shrinks under the weight of sanctions, more cybercriminals will turn to the West and the UK.
This means UK plc and the government are acting as one, prioritizing cybersecurity so the country can defend itself as one.