6 April 2022
In the spring of 2021, America’s Colonial Pipeline, the 5,500-mile fuel superhighway that supplies half of the East Coast’s gasoline and diesel, was abruptly closed for six days. The cause was a cyber attack, launched by a criminal gang based in Russia. The stuff of nightmares for all board directors.
President Putin’s war in Ukraine has included cyberattacks on the country’s government and banking sites. Western intelligence has warned that more are likely to come, with Russian cyber actors potentially already positioned in Ukraine’s IT systems, gathering intelligence and preparing to launch disruptive activities.
The UK has provided strong support for Ukraine and is proud to have helped coordinate the international sanctions regime against Moscow, and many British companies, including CBI members, have led the sell-off of Russia and Belarus.
While the NCSC is not aware of any specific cyber threats to UK organizations in relation to the Russian invasion, there is an increased risk of hostile cyber activity. In the last year, two out of five UK businesses were the target of some kind of cyber attack or attempted breach.
If the UK is to be protected, government and business must act as one.
That is why today, as Chief Minister for Cyber Security and as head of the UK’s largest business organisation, we are calling together for businesses to work together and treat cyber security as a core boardroom responsibility. ; an equal threat to financial and other risks.
Strengthening collaboration and resilience forms a central part of the Government’s National Cyber Security Strategy, supported with £2.6 billion of funding. This includes a record investment in the National Cyber Security Center (NCSC), part of GCHQ, to provide resources and bring business together. Like today’s meeting of directors of critical national infrastructure operators, such as airports, power plants and major banks, to review, challenge and support preparedness against cyber threats.
However, it is not just critical national infrastructure that must take action. The government is also appointing senior business experts to our new National Cyber Advisory Board, bringing lessons learned from across business to challenge and guide the UK approach and encourage lessons learned and further collaboration.
A cyberattack knows no physical or geographic boundaries, and cybercriminals thrive on companies’ unwillingness to share their experiences.
Companies must test the cyber security of their entire supply chain, down to the smallest partner, because any weakness can be exploited. This is not hypothetical. The attack on the Colonial Pipeline, which turned the lives of millions upside down due to supply shortages, a rise in the price of fuel, gas stations running out of fuel, was due to the theft of a single password.
The reluctance to share when something goes wrong is completely understandable, but cybersecurity is an area where healthy business rivalry will not help, and where cooperation and sharing of lessons learned, within and between our organizations, will make us all safer, along with the clients and the public we serve.
By report cyber attacks to the NCSC Incident Management Team, businesses will be supported and their evidence will contribute to greater understanding to combat attacks more effectively in the future, and by following their Cyber Essentials guidance at all levels of the business you will be better protected. The public can help too report suspicious activity like phishing emails the NCSC has already helped identify and remove 76,000 internet scams.
The biggest weakness in cyber defenses is often human error, just look at Colonial Pipeline’s experience. While companies have long recognized the importance of cybersecurity, the urgency is now much clearer. Russia’s invasion has increased the risk, and as the Russian economy shrinks under the weight of sanctions, more cybercriminals will look to the West and the UK.
That means UK plc and the government act as one, prioritizing cyber security so the country can defend itself as one.