In July 2020, the Foreign Secretary and the National Cyber Security Centre publicly condemned the Russian Intelligence Services for attempting to steal COVID-19 vaccine research and development from organisations in the UK and elsewhere. This announcement highlighted two intertwined challenges: firstly, the continued threat of espionage through the modern domain of cyber. Secondly is the increasing risk to world-leading British organisations involved in the COVID-19 response and beyond if they do not adequately invest in cyber security measures to deter such activity. There is therefore an opportunity to do more to help UK organisations secure their intellectual property and critical systems from hostile cyber actors during the pandemic, with a view to improving the UK‚’s security posture far beyond it.
A significant piece of legislation already exists which provides a level of cyber security regulation in the UK: the Network and Information Security (NIS) Regulations 2018. However, a key finding from the Department of Culture, Media and Sport‚’s (DCMS) 2020 review of NIS found that ‚’whilst improvements to security‚’ were happening, there was ‚’further room for improvement‚’ and a need to ‚’accelerate‚’ its implementation. Additionally, NIS only covers select UK industries.
Another example of malign, COVID-focussed cyber activity occurred in late 2020, when media outlets reported that cyber actors had leaked troves of sensitive COVID-19 vaccine data online after a breach at the European Medicines Agency (EMA). Some of the documents related to submissions by Pfizer and BioNTech, resulting in negative stock market impact.
This illustrates the widespread consequences that lacklustre Cyber Hygiene has beyond the technical domain and the current pandemic. It can have a negative effect on the economy and threaten the status of the UK as a global science and cyber power. Thus, there is scope for introducing further initiatives to complement existing legislation.