Critical local infrastructure that supports council services, social care services and local transport in the UK is falling through the gaps in government and business planning for cyber resilience, claims Jonathan Lee, director of cyber strategy at cyber security company TrendAI.
In an interview with Computer Weekly, Lee says that municipal areas, such as London or Greater Manchester, could be at risk from multiple cyber attacks that could damage local infrastructure, causing escalating problems for residents that could add up to severe disruption.
“We need to be thinking about what would happen if multiple attacks happened at the same time across the city region – and the human impact of not being able to do your job properly, not being able to travel around and not being able to deliver public services,” he says.
The Cyber Security and Resilience Bill (CSRB), which is currently going through Parliament, aims to ensure that critical national services, such as healthcare, water, transport and energy, are protected against cyber attacks that cost the economy billions of pounds a year. But local infrastructure has been relatively neglected, claims Lee.
The National Cyber Security Centre’s (NCSC) Cyber Assurance Framework, for example, aims to help operators of critical national infrastructure (CNI) demonstrate a base level of cyber security preparedness – but it is not mandatory, and not every organisation that should implement it is implementing it.
