November 22, 2019

As we approach the UK General Election on December 12, party manifestos are beginning to emerge. The Labour Party has just released its precursory list of promises. If elected to power, the Labour Party has big plans for cybersecurity.

As per New Statesman Tech and the Labour Party’s “It’s time for real change,” 2019 manifesto, the party plans to give additional powers to security officials to ensure cybersecurity is maximised. If elected, it plans to review the powers of the National Cyber Security Centre (NCSC). From the party manifesto:

“Cybercrime and cyberwarfare are growing, all around the world. Every aspect of our lives, from the NHS to our nuclear facilities, from transport systems to communications networks is vulnerable.”

The NCSC is part of the Government Communications Headquarters (GCHQ), the UK’s intelligence and security organization. The role of the NCSC is to secure the UK’s communications infrastructure and it has a more consumer-facing role. It’s in place to help both the public and private sector avoid cybersecurity threats and it was formed in 2016.

The Labour Party plans to allow NCSC officials to audit the cybersecurity of both public and private sector organisations. The NCSC would have the power to “issue warnings,” to organisations. The party also plans to create a ministerial role with sole responsibility for cybersecurity.

“A Labour government, ever more dependent on digital technology, will overhaul our cybersecurity by creating a co-ordinating minister and regular reviews of cyber-readiness.”

And, Labour wants to improve the National Crime Agency to make it more able to deal with cybercrime:

“We will also review the structures and roles of the National Crime Agency, to strengthen the response to all types of economic crime, including cybercrime and fraud, and ensure a modern, technologically advanced police service that has the capacity and skills to combat online crime, supported by a new national strategy on cybercrime and fraud.”

In the manifesto, there is also a promise to add more funds to the NHS’s cyber defences. A potentially sensible move considering the ever-increasing cybercriminal targeting of healthcare providers and organisations around the globe.

Matt Lock, technical director at data security company Varonis, says:

“All political parties should have a cybersecurity platform – it’s a matter of national defence in our connected age. Just as political parties present their plans for jobs, education, and healthcare, they would be smart to add cybersecurity to that list.”

Malcolm Taylor, a former GCHQ British intelligence officer and now director of cyber security at ITC Secure told the Verdict:

“It is impossible to argue that a greater focus on cyber security is a bad thing; quite simply the issue is not going away and standing still is tantamount to going backwards.”

Taylor adds that “cabinet scrutiny of cybersecurity” is a good idea and that it needs to come from a ministerial position. He adds:

“I espouse – maybe even proselytise – to my senior clients that security is not a technical issue but a strategic issue, and so must the response be. This is a good idea, in principle, though of course the details will matter a lot.”

Labour has also said it will take steps to better protect patient records adding:

“We will ensure data protection for NHS and patient information, a highly valuable publicly funded resource that can be used for better diagnosis of conditions and for ground-breaking research.”

And, it says, it’s not going to let NHS patient data be “exploited” by international technology and pharmaceutical corporations.

– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series

The Labour Party has been the target of cyber-attacks in recent weeks

On November 12, the Labour Party says it was subject to a second cyberattack to its website after successfully rebounding one days earlier. Distributed Denial of Service (DDoS) attacks, where many compromised systems are used to drive traffic, were focused on the Labour Party website.

Both attacks were reportedly successfully deflected, and no data was stolen, a Labour Party spokesperson said after the second attack:

“We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences. We are dealing with this quickly and efficiently.”

Niall Sookoo, the party’s executive director of elections and campaigns said:

“Every single one of these attempts failed due to our robust security systems and the integrity of all our platforms and data was maintained.”

The attacks were reported to the NCSC and a spokesperson from the organisation said, as per the BBC:

“The attack was not successful and the incident is now closed.”

Labour leader Jeremy Corbyn also responded:

“If this is a sign of things to come, I feel very nervous about it.”

Emily Ortin, of cybersecurity company Darktrace, told BBC Radio 4:

“Really this is the tip of the iceberg in terms of the types of threats that, not just the Labour Party, but all political parties are going to be without a doubt experiencing on a daily basis.”

She believes anyone “involved in politics and in government” should be preparing themselves for the prospect of much more serious attacks.

In fact, anyone in business, politics, and in government, should be preparing for more sophisticated and serious cyberattacks. The latest incident of “CEO fraud” confirms this too. Cybercrime is a threat that’s not going to go away.  Want to help secure your organisation, no matter who wins the election? Sign up for a free demo and find out how we’re already helping organisations just like yours.

Share this: