British government departments have operated hundreds of outdated computer systems and failed to meet their own cybersecurity targets, increasing the risk of a disruptive hack, a watchdog has found.
The National Audit Office, an independent parliamentary body, flagged the concerns in a report released Wednesday after reviewing cybersecurity practices across the UK’s central government.
As of March 2024, the government was operating at least 228 “legacy” computer systems, meaning they were outdated and potentially posed a risk to digital defenses, according to the report. In addition, more than 50 other critical computer systems were deemed vulnerable to an attack.
“Departments have significant gaps in their system controls that are fundamental to their cyber resilience,” the report stated.
Compounding the problems, according to the report, was a lack of personnel specializing in protecting computer networks. Within several central government departments, more than 50% of all vacancies in cybersecurity teams were left unfilled.
Geoffrey Clifton-Brown, chair of the parliament’s Public Accounts Committee, said the report should serve as a “stark wake-up call to government” to strengthen computer defenses.
“Despite the rapidly evolving cyber threat, government’s response has not kept pace,” Clifton-Brown said in a statement. “Poor coordination across government, a persistent shortage of cyber skills and a dependence on outdated legacy IT systems are continuing to leave our public services exposed.”
The government is working to upgrade technology and bolster cyber defenses, a spokesperson said.
“Since July, we have taken action to repair cyber defenses neglected by successive governments,” the spokesperson said. Those include introducing new legislation to give the government powers to protect critical national infrastructure from cyberattacks, delivering 30 new regional cyber skills projects to strengthen the digital workforce and merging digital teams into one central Government Digital Service, the spokesperson said.
The UK has faced several major computer breaches in recent years, from both criminal and state-sponsored attackers. The targets have included the Ministry of Defense, the National Health Service, the Royal Mail and the British Library, in addition to government contractors such as Capita.
The country’s National Cyber Security Centre said in its annual review in December that the number of attacks were increasing, while many organizations were still underestimating the severity of the risk. “We face a spectrum of threats where persistent activity by capable hostile states compounds the acute challenges posed by organized crime,” it said.
Photograph: Computer code displayed on screens arranged in Danbury, UK, on Monday, Jan. 4, 2021. Photo credit: Chris Ratcliffe/Bloomberg
Topics Agencies
Was this article valuable?
Here are more articles you may enjoy.