Cyber attacks pose just as great a threat to Britain and its citizens as acts of terrorism and flu pandemics, the government has decided.
The country’s new National Security Strategy, published in October 2010, escalated cyber attacks to a ‘tier one’ security threat. The strategy not only promised to place cyber security “at the heart of defence”, but also vowed to put the government’s money where its mouth is, pledging £650 million to this cause.
“The risks include hostile attacks upon the UK from other states, potential shortcomings in the UK’s cyber infrastructure, and the actions of cyber terrorists and criminals,” the NSS report reads. “These threats and opportunities are likely to increase significantly over the next five to ten years, as our dependence on cyber space deepens.”
The new £650 million of investment will be partly spent on a UK Defence Cyber Operations Group integrated within the Ministry of Defence. Other measures laid out in the strategy include a joint US-UK information- sharing ‘cyber alliance’, a single point of contact for reporting cybercrime, and an extensive cyber security education programme.
The investment is remarkable given the brutal cuts currently under way across most areas of government spending, which include an 8% reduction in the MoD’s £37 billion overall budget. That shows that the government takes the threat of cyber attack very seriously.
To date, only a handful of successful cyber attacks against governments have come to public light. These include the penetration of the House of Commons’ IT systems by what appeared to be Chinese hackers in 2007, denial-of-service attacks on Estonian government websites the same year and an intrusion into the Pentagon’s networks in 2008.
Of course, there may be many more incidents that have been kept under wraps. Plus, cyber war is an arms race like any other: new threats are constantly being developed. In September 2010, a possible future template for cyber warfare emerged when the Stuxnet virus appeared to launch an attack on nuclear facilities in Iran.
According to government security adviser Sir Malcolm Rifkind, it is this level of threat that the new government seeks to protect against. “I was in the United States a few months ago and a very senior intelligence figure said to me that cyber attacks, he feared, were going to be the United States’ next Pearl Harbor,” he told BBC Radio 4.
Sir David Omand, former head of security and intelligence at the Cabinet Office, believes that raising the priority of digital threats is wholly justified
Government and commercial networks are being subjected to an unprecedented wave of attacks for intelligence purposes, which we must assume are state sponsored.
I take the cyber threat seriously, and regard the decision by the coalition government to put cyber attacks in the top tier of risks as entirely justified and prudent. The additional resource is very necessary, and we may find find in future years that an even greater investment is needed to contain the problem.
Steve Cummings, special adviser to Deloitte’s security division, believes that the new security strategy addresses weakness in the UK’s cyber defences
In terms of the risk element, I don’t think this is so much about a change in the threat. It’s more to do with the government deciding that the current arrangements in place aren’t adequately tackling the UK’s vulnerability to that threat.
It certainly hasn’t had this strategic drive from the centre ofgovernment previously. Making cyber attacks a ‘tier one’ threat is recognition that this government believes cyber security needs to be addressed differently and more publicly.