UK Politics

Vince Cable warns of risks at cyber security summit

Graphic representing computer security Image copyright Thinkstock

Vince Cable has warned of the vulnerability of Britain's essential services to cyber-attack at a summit of regulators and intelligence chiefs.

The business secretary told the meeting - the first of its kind - more needed to be done to protect IT systems from attacks by criminals and terrorists.

He said there was a growing threat of disruption to "everyday life".

Banks, gas distribution, rail signalling and mobile networks were particularly vulnerable, he added.

All of these systems - and others - depended on "having efficient, non-disruptive cyber systems operating and they are becoming more sophisticated," Mr Cable told the meeting.

'Next step'

"The pressure from consumers is to make it more sophisticated and with that comes vulnerabilities and the need to address those vulnerabilities," he added.

He cited examples of "the kind of damage that can be done", such as a 2012 cyber attack on Saudi Arabia's national oil company, which shut down 30,000 of its computers, and a series of cyber-attacks on US banks.

Image copyright PA
Image caption Critical national infrastructure is under threat of attack

He added: "It is particularly important that those industries providing essential services such as power, telecommunications and banking are adequately protected to avoid disruption to our everyday lives.

"We can only achieve this objective through a partnership between government, the regulators and industry.

"Today's event marks the next step in highlighting the important role of the regulators in overseeing the adoption of robust cybersecurity measures by the companies that supply these crucial services."

The regulators, which included representatives from the Bank of England, Civil Aviation Authority, Office of the Nuclear Regulator, Ofgem, Ofwat and Ofcom, were briefed on the threat posed to systems by Sir Ian Lobban, the head of the government's secret listening post GCHQ.

In a joint statement, the government and regulators pledged:

  • More exercises to test procedures and resilience
  • The adoption of security standards and measuring progress against GCHQ's 10 Steps to Improve Cyber Security plan
  • More information sharing across different industry sectors on how to combat the cyber threat

It comes as the Bank of England published a report on Waking Shark 2, an exercise carried out last year to test the UK banking industry's response to a cyber-attack by a hostile nation.

More than 200 representatives from the major banks, financial regulators, the Treasury and infrastructure providers took part in the four-hour exercise, which was meant to test how they would cope with a major disruption to their computer systems.

The exercise was "desk-based" and did not involve the shutting down of actual systems - but was instead meant to find out how the different banks and agencies would work together to mitigate the impact of a cyber-attack that had shut down their websites and disrupted market data.

The Bank's report on the exercise recommends nominating a single body to coordinate communications across the industry during an incident and urges banks to report major attacks to the regulators as soon as possible. It also reminds banks to report cyber-attacks to the police.

Deputy Bank of England governor Andrew Bailey, who is chief executive of the Prudential Regulation Authority, said: "It is essential for financial stability that the UK financial system and its infrastructure continues to work towards improving its ability to withstand cyber-attacks."

More on this story