Skills shortage leaving Britain at mercy of cyber-attacks – former senior GCHQ spook
The caution came after the influential Public Accounts Committee (PAC) announced it had lost confidence in the government’s ability to protect Britain from cyber-attacks.
Ex-GCHQ deputy director Brian Lord argued that only a “few people” in the secret services are able to counter powerful cyber-attacks, like the ones Russia allegedly launched on the US Democratic Party ahead of the 2016 presidential election.
“Muscular diplomacy,” he said on Friday’s BBC Radio 4 Today, should be adopted to “legally and legitimately” show foreign nations and potential hackers that the UK is not a “weak target.”
Asked whether intelligence agencies wanted to push further than currently allowed under British law, he said: “Well of course they do – they are seeing an adversary, whether that’s state or criminal, who doesn’t operate under the same kind of shackles and therefore it becomes increasingly difficult with a few people with the skills necessary to be able to counter them.
“I think these are some of the areas where the UK is particularly vulnerable.”
Cyber-attacks are currently ranked as one of the four top risks to British national security.
“The government has acted with a pace and ambition that has been welcomed by industry and our international partners right across the globe,” a spokesman for the Cabinet Office insisted.
But PAC believes it has taken too long to consolidate the “alphabet soup” of intelligence agencies operating in Britain.
“Government has a vital role to play in cyber security across society but it needs to raise its game,” the committee’s chairwoman Meg Hillier MP said.
“Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.
“The threat of cyber crime is ever-growing, yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. In this context it should concern us all that the government is struggling to ensure its security profession has the skills it needs.
“Government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support.”