The Bench Report

SPECIAL REPORT: UK Cyber Security Under Scrutiny - Ransomware, Russia, and Local Authority Defence

The Bench Report Season 1 Episode 5

Share episode

A subject very relevant after the recent cyber security leak in the US government!


BBC News - Trump's national security team's chat app leak stuns Washington 


This episode examines the government's ongoing efforts to bolster the nation's digital defences against a growing array of threats. We analyse the latest progress in strengthening cyber security, including proposed measures to protect UK businesses from the damaging impact of ransomware, which can incur significant financial and operational costs. The introduction of the Cyber Security and Resilience Bill is also highlighted as a key step towards a safer digital landscape.

We explore the critical need to address the cyber skills gap across government and defence. We examine the support being offered to local councils, including the cyber assessment framework and monthly cyber clinics, to enhance their resilience.

The strategic importance of cyber security clusters, such as the one in Cheltenham with GCHQ and the National Cyber Security Centre, is considered, alongside the potential benefits of closer public and private sector co-location. The persistent threat of foreign interference, particularly from Russia, in democratic processes is addressed, alongside the ongoing cyber conflict in Ukraine and the UK's support for its cyber defenders. Finally, concerns are raised about potential cyber-risks associated with platforms like TikTok.

Key Takeaways:

  • Ransomware remains a major concern, with new proposals aimed at protecting businesses.
  • Addressing the cyber skills gap is crucial for safeguarding against emerging threats.
  • Local authorities are facing a significant cyber threat, with substantial recovery costs.
  • Government support, including a cyber assessment framework, is being provided to local councils.
  • Collaboration between public and private cyber security sectors is seen as beneficial.
  • The UK is taking the threat of Russian cyber interference seriously and supporting Ukraine's cyber defence.
  • Concerns exist regarding cyber risks associated with certain foreign-owned platforms.
  • Outdated digital infrastructure in local government incre

Support the show

Follow and subscribe to 'The Bench Report' on Apple Podcasts, Spotify, and YouTube for new episodes on weekdays: thebenchreport.co.uk

Extended shownotes for selected episodes can be found at: thebenchreport.substack.com

Shape our next episode! Get in touch with an issue important to you - Producer Tom will grab another coffee and start the research!

Email us: thebenchreportuk@gmail.com

Follow us on YouTube, X, Bluesky, Facebook and Instagram @BenchReportUK

Support us for bonus episodes and more.

No outside chatter: source material only taken from Hansard and the Parliament UK website.

Contains Parliamentary information repurposed under the Open Parliament Licence v3.0.

SPEAKER_01:

Thank you.

SPEAKER_00:

Welcome to The Bench Report, you know, the show where we delve into those all important topics being debated in UK Parliament.

SPEAKER_01:

Past and present.

SPEAKER_00:

You got it. Making sure the government stays on their toes and trying to make politics, well, just a little bit easier for everyone to get their head around.

SPEAKER_01:

Absolutely.

SPEAKER_00:

And the topic we're tackling today, well, this one might be particularly relevant as you're listening along on whatever device you fancy.

SPEAKER_01:

I'd say so, considering everything's digital these days.

SPEAKER_00:

We're going deep, really deep into the world of cybersecurity in the UK. What's being done to make things more secure? What are the hurdles? And where does Britain fit into the whole global cyber land shape?

SPEAKER_01:

We've got some juicy parliamentary discussions to draw from. So we're going right to the source, you know, hearing directly from the people making the decisions.

SPEAKER_00:

Exactly. You'll get a front row seat to what those in power and those trying to get into power actually care about.

SPEAKER_01:

A real peen behind the curtain.

SPEAKER_00:

So for everyone tuning in, we're cutting through the tech jargon, simplifying the complex and laying it all out. The aim of this deep dive is to break down the key issues being debated.

SPEAKER_01:

And figure out why any of this matters to you.

SPEAKER_00:

Because Believe me, it does, whether it's your own online safety or the stability of, well, pretty much everything we rely on.

SPEAKER_01:

So much depends on cybersecurity these

SPEAKER_00:

days. No kidding. So let's start with the government. How do they think they're doing and what's the plan?

SPEAKER_01:

The Chancellor of the Duchy of Lancaster, Pat McFadden, he's been a pretty vocal figure in all of this.

SPEAKER_00:

Oh yeah, he's definitely leading the charge. I remember he spoke at that NATO cyber defense conference recently.

SPEAKER_01:

Emphasizing just how committed the government is to boosting cybersecurity.

SPEAKER_00:

They see it as crucial for the UK economy, like a base for everything else.

SPEAKER_01:

Couldn't agree more. But he didn't just talk the talk. He actually laid out concrete steps they're taking.

SPEAKER_00:

Like what?

SPEAKER_01:

Shielding UK businesses from ransomware attacks.

SPEAKER_00:

Ah, ransomware. Nasty business.

SPEAKER_01:

Absolutely. The chancellor went as far as to call it the most damaging cybercrime out there.

SPEAKER_00:

And they're not just worried about systems being breached. They're worried about the chaos it causes for businesses.

SPEAKER_01:

The financial strain, the disruption. And it can all happen so fast.

SPEAKER_00:

Yeah. I mean, one minute you're up and running, the next everything's locked down and someone demanding a fortune to unlock it.

SPEAKER_01:

Precisely. But the government isn't just talking. They're actually doing something about it. They're introducing a new bill in this parliament session, the Cybersecurity and Resilience Bill. Sounds

SPEAKER_00:

pretty important.

SPEAKER_01:

It is. This bill will likely bring in new rules and structures to make every organization in the UK better equipped to handle cyber threats.

SPEAKER_00:

Sensible. But even with the best plans and laws, you need the right people to make them work, right?

SPEAKER_01:

Now you're hitting on a key point that kept cropping up in these discussions, the skills gap.

SPEAKER_00:

Not enough cybersecurity experts to go around.

SPEAKER_01:

Exactly. Dr. Alison Gardner raised this, particularly the lack of skilled professionals in government and defense.

SPEAKER_00:

It's like having the most sophisticated alarm system but not knowing how to turn it on.

SPEAKER_01:

A perfect analogy. So Dr. Gardner asked about working with organizations like Code First Girls, which helps more women get into tech fields.

SPEAKER_00:

Wasn't that mentioned in their AI opportunities plan?

SPEAKER_01:

It was, and the government was very receptive to this idea.

SPEAKER_00:

They're keen on those free coding courses, right?

SPEAKER_01:

The chancellor specifically praised groups like Code First Girls for those courses. It's all about broadening the pool of talent. He even mentioned that there are already women in leadership roles in government cybersecurity.

SPEAKER_00:

Showing they recognize the value of diversity.

SPEAKER_01:

Absolutely.

SPEAKER_00:

Now let's shift gears a bit. Kevin Bonavia brought up a point about cyber threats hitting local authorities.

SPEAKER_01:

And it was a bit of a wake up call. The sheer number of incidents he mentioned was alarming. Over 150 attack on local governments just between July 2023 and 2024. That many in such a

SPEAKER_00:

short time. Wow.

SPEAKER_01:

And the financial blow? Staggering. The average ransom demand was over 2.2 million pounds.

SPEAKER_00:

But don't councils usually have rules against paying ransoms?

SPEAKER_01:

They often do. But that means the recovery costs skyrocket, hitting around 12 million pounds on average. That's money that could be used for essential services.

SPEAKER_00:

Schools, roads, social care. It all takes a hit.

SPEAKER_01:

You're absolutely right. The Navy was pretty clear. Local authorities need more support to beef up their cyber defenses.

SPEAKER_00:

So how did the government respond to that?

SPEAKER_01:

The chancellor admitted that cyber threats are a system wide problem,

SPEAKER_00:

meaning everyone's vulnerable

SPEAKER_01:

from central government to businesses to, yes, local councils. He did mention a cyber assessment framework work launched by the Ministry of Housing back in October.

SPEAKER_00:

To help councils figure out where they stand and how to improve.

SPEAKER_01:

Exactly. It's like a guidebook. But it's not just words on paper. The government also talked about regular cyber clinics where councils can get expert advice along with initiatives to encourage them to share information and collaborate.

SPEAKER_00:

Strength in numbers.

SPEAKER_01:

Exactly. The chancellor emphasized that this is a constant battle, a never-ending fight.

SPEAKER_00:

You snooze, you lose.

SPEAKER_01:

Pretty much. But it's not all doom and gloom. There are some really exciting initiatives happening particularly in how different sectors can work together.

SPEAKER_00:

Like what?

SPEAKER_01:

Max Wilkinson made a really interesting point about the need for closer collaboration between the public and private sectors on cybersecurity.

SPEAKER_00:

Specifically in Cheltenham.

SPEAKER_01:

Yes, he mentioned Cheltenham specifically.

SPEAKER_00:

Home to GCHQ and the National Cybersecurity Center, the big players.

SPEAKER_01:

It's a hub for cyber expertise. And Wilkinson pointed to projects like the Golden Valley development and the Places for Growth scheme.

SPEAKER_00:

That's the one where they're moving government jobs out of London. right?

SPEAKER_01:

That's the one. The idea is to get public sector cyber experts physically closer to the thriving private sector cyber industry already booming in Cheltenham.

SPEAKER_00:

So they're not just emailing back and forth, but bumping into each other at the coffee shop and sharing ideas.

SPEAKER_01:

Exactly. It's about that informal exchange of knowledge.

SPEAKER_00:

Makes sense.

SPEAKER_01:

And the government seems on board with this co-location strategy. The chancellor specifically talked about the advantages of these clusters. He believes that when people are physically near each other, working relationships become stronger, knowledge sharing becomes more organic and ultimately everyone benefits.

SPEAKER_00:

It's like a cybersecurity think tank.

SPEAKER_01:

In a way, yes. Now, we also need to talk about a more sensitive topic that came up, foreign interference in democratic processes.

SPEAKER_00:

That's a bit worrying.

SPEAKER_01:

It is. Sarah Oney raised concerns based on what the National Cybersecurity Center had found about attempts by Russia to meddle in the 2019 general election.

SPEAKER_00:

That's tampering with the very foundation of our society.

SPEAKER_01:

You're right. Oney talked about this in the wider context of eroding public public trust in politics, the rise of disinformation, and well-documented cases of foreign interference in elections all over the world.

SPEAKER_00:

So it's not just a UK problem.

SPEAKER_01:

Not at all. And she made a strong call for a solid plan from the government to specifically counter this threat.

SPEAKER_00:

To protect our elections.

SPEAKER_01:

Exactly. To ensure that our democratic processes remain, well, democratic.

SPEAKER_00:

Big ask. How did the government react to that?

SPEAKER_01:

The chancellor was pretty firm, saying the government takes protecting our democracy and elections extremely seriously. He brought up his speech at the NATO cyber conference where he publicly called out Russia's concerning actions.

SPEAKER_00:

Naming and shaming.

SPEAKER_01:

You could say that. He said their approach to tackling Russian cyber interference is consistent with how they deal with similar interference in other areas like our territorial waters.

SPEAKER_00:

A joined up approach.

SPEAKER_01:

Absolutely. So they are acknowledging the threat and trying to reassure everyone that they are actively defending our democratic processes.

SPEAKER_00:

Makes

SPEAKER_01:

sense.

SPEAKER_00:

Now, this next topic might hit a little closer to home. Johanna Baxter talked about her conversations with people working on Ukraine's critical national infrastructure.

SPEAKER_01:

Ukraine's been on the front line of cyber warfare.

SPEAKER_00:

And they've been hit hard. Baxter emphasized the sheer volume and intensity of attacks they've faced since the Russian invasion.

SPEAKER_01:

It's a spark example of what a relentless state-backed cyber campaign can look like. She said practically every part of Ukrainian society has been targeted, causing huge disruption and damage to both civilian and military operations.

SPEAKER_00:

Everything from power grids to hospitals.

SPEAKER_01:

Exactly. It's a stark warning. And she asked a very important question. What lessons is the UK learning from this to protect our own national infrastructure from similar Russian cyber attacks?

SPEAKER_00:

It's one thing to talk about hypothetical threats, but seeing it play out in real time, that's got to be a game changer in terms of planning.

SPEAKER_01:

You'd think so. So how has the UK been responding to this? Well, the government stressed their support for Ukraine's cyber defenders.

SPEAKER_00:

Sending them money and experts.

SPEAKER_01:

You got it. They mentioned the 16 million towns and UK funding to equip them with expertise from both the private and public sectors. The chancellor was clear they understand that protecting cyber assets is absolutely essential in modern warfare.

SPEAKER_00:

So cybersecurity isn't just about protecting data anymore. It's national security.

SPEAKER_01:

Exactly. It's a new era of conflict. Now let's move on to another potential vulnerability, the transparency and risks associated with platforms owned by foreign companies.

SPEAKER_00:

This is where things get a bit tricky.

SPEAKER_01:

It is. Richard Holden raised concerns about ByteDance, you know, the Chinese company that owns TikTok. That

SPEAKER_00:

super popular social media app.

SPEAKER_01:

The one and only. This touches on a really complex issue. Data security, user privacy, and the potential for foreign governments to access information or exert influence through these massive platforms.

SPEAKER_00:

It's a big deal.

SPEAKER_01:

Absolutely. Holden pointed out that companies operating in China, like ByteDance, are legally required to have an internal Chinese Communist Party committee.

SPEAKER_00:

So there's a direct link to the government.

SPEAKER_01:

There is. And he also mentioned the rise in cyber attacks coming from China targeting critical infrastructure And his

SPEAKER_00:

main worry, transparency. He said meetings between government ministers and TikTok reps should be subject to the same rules as meetings with senior figures from traditional media.

SPEAKER_01:

Exactly. Given how big TikTok is, especially with younger people and the known cyber risks linked to Chinese tech, he wants more openness about any official contact between the government and TikTok.

SPEAKER_00:

What did the government say to that?

SPEAKER_01:

They said they follow the standard procedures for disclosing meetings with external organizations, suggesting that TikTok is treated the same as any other non-governmental group.

SPEAKER_00:

So they're not treating it any differently?

SPEAKER_01:

Not based on what they've said, but that doesn't fully address the security and influence worries some have raised about these foreign-owned platforms.

SPEAKER_00:

Right. Now, on to something a bit closer to home. Ian Lavery brought up the problem of outdated IT systems in government.

SPEAKER_01:

Especially in local councils.

SPEAKER_00:

He blames years of underfunding.

SPEAKER_01:

He does, and he's right. Local councils handle a lot of sensitive data, people's personal information, and they're responsible for delivering essential services. If their systems are old and vulnerable, it's a huge risk.

SPEAKER_00:

A hacker's paradise.

SPEAKER_01:

Pretty much. Lavery was very clear. Improving cyber resilience in local authorities is vital to protect people's data and keep essential services running.

SPEAKER_00:

So did the government acknowledge this?

SPEAKER_01:

The chancellor did admit that not all digital systems in central and local government are as modern as they should be. A

SPEAKER_00:

bit of an understatement.

SPEAKER_01:

Perhaps. He called it a constant struggle to keep these systems updated and secure.

SPEAKER_00:

Sounds like they know there's a problem.

SPEAKER_01:

They do. But whether they're doing enough to fix it is another question. Now, the last thing we need to touch on is the international side of cyber threats and cooperation.

SPEAKER_00:

The global picture.

SPEAKER_01:

Exactly. Sarah Oney brought up a statement from the U.S. Defense Secretary hinting at a possible change in their approach to cyber countermeasures against Russia.

SPEAKER_00:

And how that could affect the U.K.

SPEAKER_01:

That's the big question. When a key ally like the U.S., a its strategy, it has ripple effects.

SPEAKER_00:

Like a domino effect.

SPEAKER_01:

Exactly. Olney also reminded everyone about a 2020 assessment by the UK Parliament's Intelligence and Security Committee.

SPEAKER_00:

The one that said the threat from Russia was underestimated?

SPEAKER_01:

That's the one. A

SPEAKER_00:

bit worrying.

SPEAKER_01:

To say the least. So she wanted to know what steps the government was taking to protect British democracy given these developments.

SPEAKER_00:

And she pushed for the full unredacted version of that Russia report to be released?

SPEAKER_01:

She did. Now what did the government say?

SPEAKER_00:

Give us the highlights.

SPEAKER_01:

They assured everyone that they're fully aware of the ongoing threat from Russia, both state-sponsored and state-backed cyber attacks.

SPEAKER_00:

So they're not burying their heads in the sand.

SPEAKER_01:

They're not. And they emphasized the continued importance of intelligence sharing with the US.

SPEAKER_00:

Working together to tackle this.

SPEAKER_01:

Exactly. But as for that full Russia report, that's a debate for another day.

SPEAKER_00:

It seems like boosting the UK's cybersecurity is a complex and constantly evolving challenge.

SPEAKER_01:

You could say that again. The

SPEAKER_00:

government's pushing for new laws and providing support to businesses and local authorities. But there's a lot to tackle.

SPEAKER_01:

Absolutely. Like we've discussed, there's a shortage of experts, outdated infrastructure, persistent foreign interference, and the need for solid international cooperation.

SPEAKER_00:

It's a tough job.

SPEAKER_01:

It is. And all of these discussions in Parliament really highlight just how dynamic and unpredictable the world of cyber threats is. And

SPEAKER_00:

that brings us to our final thought for you, dear listener. As technology becomes more enswined with every part of our lives and crucial services depend on digital security, These are big questions. They are, but they're worth thinking about. That's all for today, but as always, stay informed, stay vigilant, and stay safe online.

SPEAKER_01:

And join us next time for another deep dive into the world of UK politics.

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Parliament Matters Artwork

Parliament Matters

Hansard Society
Pod Save the UK Artwork

Pod Save the UK

Crooked Media