Source URL: https://www.theregister.com/2025/01/29/nao_blasts_uk_gov_cyber/
Source: The Register
Title: Spending watchdog blasts UK govt over sloth-like cyber resilience progress
Feedly Summary: Think government cybersecurity is bad? Guess again. It’s alarmingly so
The UK government is significantly behind on its 2022 target to harden systems against cyberattacks by 2025, with a new report from the spending watchdog suggesting it may not achieve this goal even by 2030.…
AI Summary and Description: Yes
**Summary:** The UK government is falling short on its 2022 commitment to enhance cyber resilience by 2025, with a new report highlighting significant gaps in critical IT system defenses. These vulnerabilities, exacerbated by a shortage of cyber-skilled personnel and reliance on legacy systems, threaten the security of public services. Immediate actions, including a cross-government cyber strategy and addressing the skills gap, are crucial for mitigating risks.
**Detailed Description:**
The National Audit Office (NAO) report underscores the UK government’s inadequate progress in achieving its cyber resilience objectives, which it aimed to resolve by 2025. Key findings from the report include:
– **Pledge Delays and Accountability:**
– The government pledged in 2022 to bolster cyber defenses but is now projected to struggle to meet these targets even by 2030.
– Cyber threats to the government are described as “severe and advancing quickly.”
– **Assessment of IT Systems:**
– Assessment focused on ministerial and non-ministerial departments’ IT systems, highlighting an alarming state of security.
– Out of 72 critical IT systems, 58 showed significant weaknesses, particularly in fundamental cyber resilience controls like asset management and protective monitoring.
– **Legacy Systems and Unknown Risks:**
– Acknowledgment of 228 legacy IT systems across government departments, with 28% classified as high-risk (“red-rated”).
– The NAO pointed out a lack of thorough understanding of the vulnerabilities these aging systems present, causing concern about operational and security risks.
– **Cybersecurity Skills Gap:**
– A critical barrier identified is the government’s failure to attract and retain talented cybersecurity professionals.
– Approximately one-third of cyber roles remain unfilled or are held by temporary staff, leading to higher costs and operational inefficiencies.
– Competitive salary disparities between the public and private sectors exacerbate recruitment challenges.
– **Call to Action:**
– The NAO recommended immediate development and implementation of a cross-government cybersecurity plan and strategies to bridge the cyber skills gap.
– Emphasis on the urgency for the government to catch up with escalating cyber threats to safeguard public services.
**Key Recommendations:**
– Establish a cross-government plan to implement the Cyber Security Strategy within six months.
– Define necessary transformations to achieve cyber resilience long-term.
– Develop and execute strategies to address the cybersecurity skills gap within the next year.
The report serves as a critical warning for governmental bodies to enhance their cybersecurity posture urgently, particularly within a climate of increasing threats to public services and infrastructure.