The newly released Labour manifesto sees Jeremy Corbyn’s party promise a clampdown on cybersecurity incidents by overhauling how the UK handles the issue.
The manifesto, which details how cybercrime threatens “every aspect of our lives, from the NHS to our nuclear facilities, from transport systems to communications networks”, promises to “overhaul our cybersecurity” with a number of key measures.
Labour has pledged to create a co-coordinating minister for cybersecurity, as well as conducting “regular reviews of cyber-readiness”.
It also pledges to review a number of the UK’s key cybersecurity institutions, with a view to beefing up their powers.
The focus on cybersecurity, as well as the decision to create a cabinet position. has been welcomed by experts.
“It is impossible to argue that a greater focus on cyber security is a bad thing; quite simply the issue is not going away and standing still is tantamount to going backwards,” said Malcolm Taylor, former British intelligence officer at GCHQ and now director of cyber security at ITC Secure.
“I have always thought that cabinet scrutiny of cybersecurity was a good idea; and that can only come from a Ministerial position. As a professional I espouse – maybe even proselytise – to my senior clients that security is not a technical issue but a strategic issue, and so must the response be. This is a good idea, in principle, though of course the details will matter a lot.”
Labour manifesto promises review of National Cyber Security Centre
One of the key pledges in the cybersecurity section of the Labour manifesto is a review of “the role and remit” of the National Cyber Security Centre (NCSC).
A UK government institution under the umbrella of GCHQ, the NCSC launched in 2016, and is dedicated to helping UK citizens and businesses avoid cybersecurity threats. Labour passed the details of its own cyberattack to the centre a week ago.
According to the party’s manifesto, the review will determine whether the NCSC should be given “powers as an auditing body, with the ability to issue warnings to private and public sector organisations and designate risk”.
This, however, has been met with some skepticism.
“I am less sure that the NCSC should have an auditing role. There’s too much of a tension between that and being the nation’s centre of excellence, let alone many other issues,” said Taylor.
There was no mention of fines, which are currently handed out for data breaches by the Information Commissioner’s Office.
Strengthening cybercrime response
The manifesto also included a pledge to review the “structures and roles of the National Crime Agency”, in order to “strengthen” the organisation’s ability to tackle economic crime, including cybercrime and fraud.
This, the party said, would “ensure a modern, technologically advanced police service that has the capacity and skills to combat online crime, supported by a new national strategy on cybercrime and fraud”.
Commenting on the challenges of combating cybercrime, Taylor said he “feels for them”.
“Some police areas now see over 50% of reported crime as cybercrime; and forces are equipped for anything but, almost. Cyber and technology move so fast, and keeping up is all-but-impossible and the skills necessary are rare, expensive and in-demand everywhere,” he said.
“I would urge the new government to think anew in terms of public-private partnership – this has been lauded in the past but never, to my mind, delivered or close. That way you might begin to start shifting the balance more in favour of the enforcers.”
The manifesto has been published just days after the Labour Party was hit by a string of cyberattacks, which have not been attributed to a specific threat actor, but which may be the work of a nation-state actor.
“If this is a sign of things to come in this election, I feel very nervous about it all because a cyberattack against a political party in an election is suspicious,” said Labour Leader Jeremy Corbyn, during an event in Blackpool.