New laws designed to protect the NHS and other public services from a devastating cyber attack will be unveiled in the King’s Speech on Wednesday, i has learned.
Ministers are prioritising the cyber security of civilian infrastructure after learning of the “terrifying” threat posed, according to Whitehall insiders.
A cyber security bill is expected to close loopholes in existing legislation.
The bill will require private companies involved in supply chains for the NHS, government departments and other public bodies to have protections in place against a possible hack by hostile actors or states.
The public bodies themselves will also be required to have protections in place.
The threat from cyber attacks on public bodies is seen as so grave and “time critical” it is being put at a greater priority than artificial intelligence, i has been told.
The plans, under new Science, Innovation and Technology Secretary Peter Kyle, follow two major incidents this year involving firms with public-sector contracts.
In May it emerged that SSCL, which handles payroll for the Ministry of Defence, had been targeted in a major cyber attack in which the private details of hundreds of thousands of serving and former members of the Armed Forces were accessed.
The hack has been blamed on China, although this has not been officially confirmed by the government.
Then in June, Synnovis, which carries out blood tests for NHS England, was targeted in a ransomware attack, suspected to be by Russian hackers. This affected two of London’s biggest hospitals, Guy’s and St Thomas’ and King’s College Hospital.
i previously revealed the hackers behind the NHS attack are part of a wider cyber army working under the Kremlin’s protection to try to destabilise the UK.
The consequences of that hack are still being felt, with the postponement so far of nearly 1,500 operations and more than 6,000 outpatient appointments. Blood testing under the two hospital trusts is running at 54 per cent of normal capacity, according to latest figures from NHS England.
Cyber security legislation has not been updated since 2018 and has failed to keep pace with the rapidly changing technological abilities of hostile states and actors, as well as dating from before the UK left the European Union, sources said.
Artificial intelligence is not being downgraded as a priority, but cyber security is being seen as a more time-critical challenge facing the Labour government, according to people familiar with the plans.
The King’s Speech is expected to mention legislation on AI, although it is yet to be confirmed whether there will be a new law in the first round of the legislative agenda of Sir Keir Starmer’s government.
Former prime minister Rishi Sunak said last year that there should be regulatory “guard rails” on AI, but stopped short of formal legislation, instead favouring voluntary agreements between the government and companies.
Ministers were said to be shocked at the loopholes in regulations governing cyber security when they arrived in office after Labour’s election victory.
Jimmy Carter was right about Israel