Critical Infrastructure Security,
Geo Focus: The United Kingdom,
Geo-Specific
Lawmakers Address Escalating Risks of Espionage and Cyber Disruption
The British government has expressed significant concern regarding the rising threats of cyber espionage and disruptive attacks attributed to Chinese and Russian actors. This alarming assessment was presented to a parliamentary committee, highlighting an urgent need for enhanced cybersecurity measures.
During a recent hearing of the Parliament Public Accounts Committee, Bella Powell, the cyber director of the government security group within the Cabinet Office, stated that the UK has witnessed a “substantial escalation in cyberthreats” over the past three years. Powell emphasized that both Russia and China pose considerable risks to national security, with specific mention of Russia’s reckless cyber operations that could potentially impact various organizations across the UK.
Powell referenced the activities of the Chinese nation-state hacking group known as Volt Typhoon, suggesting that similar operations against the UK are a foreseeable threat. According to Powell, such actors have engaged in pre-positioning activities targeting critical national infrastructure in the U.S., which could easily extend to disruptive actions aimed at essential services in the UK, indicating a serious risk of escalation.
The growing sophistication of cyber attackers is another crucial concern. Vincent Devine, the government chief security officer, noted that hackers have become increasingly aggressive and reckless in their tactics, heightening fears regarding the potential disruption of essential services. Recent ransomware attacks on high-profile entities like the National Health Service and the British Library exemplify the damaging impact of cyber disruption.
The hearing follows findings from a National Audit Report indicating that the government has not adequately secured its legacy IT systems, with about 58 systems vital to national functions lacking fundamental security controls. This revelation has brought attention to the pressing need for updates and risk assessments across the government’s cyber landscape.
Catherine Little, the permanent secretary to the Cabinet Office, recognized the prevalence of outdated technology as a major security vulnerability. She highlighted the challenges posed by the complexities and scale of legacy IT, affecting the government’s ability to keep pace with evolving threats.
Despite previous shortcomings in assessing cyber risks, Powell noted that there has been significant progress in recent years, particularly in providing senior officials with a comprehensive overview of the current threat environment and required protective measures.
Given the context of these findings, it is clear that both state-sponsored actors and advancements in cyber tactics represent significant threats to critical national infrastructure in the UK. The potential use of tactics aligned with the MITRE ATT&CK framework—such as initial access, persistence, and privilege escalation—demonstrates the need for business leaders to prioritize cybersecurity readiness and proactive defense strategies.
