Maksim Kabakou - Fotolia
Cyber law reform should be top of Labour's policy list
With Labour returning to 10 Downing Street after 14 years, the Computer Weekly Security Think Tank panellists share advice and wish lists for the new government
Although Sir Keir Starmer’s Labour Party enjoyed a landslide victory in the 2024 UK general election, the British public is still facing a vast array of assaults in cyber space, as recent history demonstrates with government assets, healthcare providers and private businesses all falling prey to financially driven cyber criminal gangs.
With Starmer’s tenure now officially underway, it should be noted that the Labour Party manifesto recognised the threat that cyber attacks pose to UK infrastructure, likely due to Britain having the sixth-largest national economy in the world measured by nominal gross domestic product (GDP), which makes it an attractive target for criminal gangs. Furthermore, UK companies have highly data-rich environments, including personal, financial, and corporate information that cyber criminals will likely view as lucrative to steal for identity theft, financial fraud, or corporate espionage.
Starmer will likely wish to use his experience as a prosecutor to crack down on financially driven cyber crime. With history showing that the UK is at a heightened risk of devastating ransomware attacks, the government’s cyber policies should be emphatic to ensure that British businesses are accountable for enhancing their preparedness frameworks for cyber incidents. This could be achieved through legislative reform to ensure that cyber security challenges are addressed whilst prioritising proactive strategies such as multi-factor authentication (MFA) methods to combat ever-present phishing. One would imagine that a wish list for Starmer in this respect should revolve around the public sector assets, especially critical national infrastructure (CNI), as the historical defence strategies relied upon to secure these systems is becoming less able to deal with the continuously developing sophistication level of the cyber threat landscape.
Speaking of legislation, prior to the announcement of the date of the UK General Election on 22nd May, a joint committee, composed of members of both the House of Commons and House of Lords, warned that ransomware actors could target the election as well as high-profile individuals, including political candidates, to extract sensitive data to exploit through extortion. The proposal was also set to outline a major reform requiring all ransomware victims in the UK to report incidents to the government as well as banning all critical sector organisations from paying ransoms.
The Computer Weekly Security Think Tank on cyber policy
- Aled Lloyd Owen of Onfido: A coherent Labour cyber strategy depends on consistency.
- Petra Wenham of BCS, the Chartered Institute for IT: Public education on security must be a top priority for Labour.
- Paul Lewis of Nominet: From manifesto to material: What No. 10 needs to make reality.
- Dhairya Mehta and Cate Pye of PA Consulting: How might the UK's cyber landscape change under Labour?
- Adam Button of Elastic: Labour's first cyber priority must be the NHS.
- Ameet Jugnauth and Mark Pearce of ISACA: Cyber lessons and policies for the UK's new government.
- Elliott Wilkes of ACDS: Labour should focus on talent to improve UK's cyber posture.
- Jon Carpenter of Advent IM: Is it time to refresh the UK's cyber strategy?
However, in accordance with national legislation, shortly after the election was called on 22nd May, the UK government and the civil service entered the pre-election period known as purdah, in which ministers, and their departments were prevented from making any public announcements that could directly impact election campaigns. Impacted proposals included a planned public consultation on reforming the government’s approach to the ransomware crisis, which can be revisited, now that the election is passed. This should be a priority for Downing Street as ransomware actors likely capitalise on this timeframe by launching attacks with there still being an incentive for hackers to target victims for financial gain, with payments still possible.
Starmer is also almost certainly aware of Britain becoming a prime target for state-sponsored cyber attacks, with government entities, defence contractors, and critical sectors being the most at risk. These trends are likely driven by the UK’s advanced technology and critical infrastructure systems that provide ample opportunity for state hackers to disrupt services, extract sensitive data and compromise target assets. Further, as a major player on the global stage, the UK’s political influence and involvement in international affairs almost certainly provides nation state attackers with intent to leverage cyber warfare to access sensitive government data, disrupt diplomatic relations, and undermine the very fabric of British democracy.
With details recently emerging of the UK being subjected to a wave of Chinese state-backed cyber interference targeting British voters and senior MPs, Starmer will likely desire to see cyber policies develop surrounding his Labour Manifesto outlining the need to form a long-term and strategic approach to managing relations with Beijing.
Craig Watt is a threat intelligence consultant at Edinburgh-based MSSP Quorum Cyber. This is his first Think Tank contribution.
