The National Audit Office (NAO) has found the UK Government's Cyber Resilience to Be Significantly Behind Where it needs to be, in the face of mounting and more dangerous thoughts.
In its Government Cyber Resilience Report, The Public spending watchdog Warned that the Cyber Threat to the UK Government is “Severe and Advanceing Quickly”. It found that 58 critical government IT systems, assessed in 2024, had significant gaps in cyber resilience, and the government does not know how vulnerable at least 228 “legacy” IT systems are to cyber attack.
The report does not cover the cyber resilience of local government, the nhs, or the nation as a whole. Fieldwork for the report was conducted between may and October 2024, with Nao Staff Interviewing Officials from the Cabinet Office About Efforts to Support Governments in the IMPARTENEMENTS DEPARTENMENTS in the IMPORNEMENT's in the Government Cyber Security Strategy: 2022-2030,
The Strategy Included A Target for Key Government Organizations to Be “Significantly Hardened to Cyber Attack By 2025”, but the government has not improved it Ao.
The NaO also interviewed officials from the national cyber Security Center (NCSC) and the Central Digital and Data Office (CDDO)Along with Cyber Security Civil Servants from Government Departments and The British Library,
The biggest risk to make the UK Government Resilient to Cyber Attack is a Yawning Skills Gap, According to the report. It found one in three cyber security roles in government was Vacant or filled by temporary-and More Expected-Staff in 2023-24, While more than half of Cyber Roles in Several Deepartments, and 70% of t security architects were staff on Temporary contracts.
The Nao Said Departments Reported That Salaries and Civil Service Recruitment Processes are Barriers to Hiring and Keeping People with Cyber Skills.
Other Concerns Include a Lack of Cordination Withnment, which is jeopardising effective cyber defense. The Nao Found That The Respective Roles of Departments and Central Organizations, Such as the NCSC, AR IR strategic goals ”.
The government must act now, urged the report's autums.
Gareth davies, head of the nao, said: “The Risk of Cyber Attack is Severe, and Attacks on Key Public Services are likely to happy regularly, YET GOVERNENMENMENT '
“To avoid serial incidents, build resilience and protect the value for money of its operations, Government Must Catch up with the Acute Cyber Threat Itss.
To avoid serial events, build resilience and protect the value for money of its operations, government must catch up with the acute cyber threat it faces
Gareth Davies, National Audit Office
“The government will continue to find it direction, it is until it successful addresses the long-standing shortage of cyber skills, strength accountability for cybe By legacy it. “
Cyber Resilience Gaps
The Nao Evaluated Whether Government is Keeping Pace with the Rapidly Evolving Cyber Threat It FACES from HOSTILE Asters. It found that it is not.
It spotted that the government's cyber assurance scheme, Govassurewhich has independent assessed 58 critical department Oss departments. Govassure Assesses the critical systems of government organizations. It was set up in April 2023.
According to the Nao Report, Government Departments Were Using at Least 228 Legacy It SystemsAs of March 2024, and the government does not know how vulnerable these systems are to cyber attack.
The report noted that in April 2024, The Cabinet Office Government Security Group (GSG) Reported to Ministers that Some Departments Had Significly Reduced their Cyber Cybeer Its. This was due to “cuts to program funding, Lack of access to cyber skills, challenges with delivery partners, and delays in Departmental and Cross-Government Approvals”.
As examples of how Damaging Cyber Attacks Can Be, The Nao Cited The Instruction, In June 2024, of An Attack on a supplier of pathology services to the nhs In south-east london, which LED to two nhs foundation trusts postponing 10,152 acute outpatient appointments and 1,710 Electoral Proceedings. It also cited The British Library Ransomware Attack In October 2023, which has alredy cost £ 600,000 to rebuild its services. The library expects to spend many times more as it continues to recover.
The report also Gave other examples of Attacks on the Ministry of Defense and Parliament. In May 2024, The Mod's Payroll Contractor's Network was compromised by an attacker – a network that help armed forces staff members' data. Further Back In Time, In 2021, A Chinese State-Arch-Filiated Attacker was, said the report, highly likely responsers Parliament.
The report stated that in March 2024, departments did not have full funded plans to remediati Around Half of Government's Legacy It Assets – 53%, or 120 out of 228.
The Nao recommends the government develops, shares and starts using a cross-government implementation plan for the government cyber security with strategy strategy within the next six. It also sugges the whole of government needs to operate differently.
Within the next year, the government should make make and enact plans to fill cyber skills gaps in workforces, said the nao.
Of the technology Trumpeted most by the current and Previous Government – Artificial Intelligence (AI) – The Report said: “Ai can improve government's cyber security, but it can also help threats looking to interfere or Undermine Trust In Oor Democratic System. The NCSC is collaborating with its partners to realise the benefits of ai and protect against the associates security risks. “
