UK cyber security plans 'essential for strong defence'

  • Published
Woman typing on laptop
Image caption,

Cyber attacks can come from anywhere

Cyber crime is now considered to be one of the biggest security threats facing the UK.

On Monday, Home Secretary Theresa May called it a "new and growing" danger and committed £500m to tackling it. Meanwhile the government's newly-published National Security Strategy, external categorised it as a Tier 1 threat, putting it on a par with international terrorism and major accidents.

So what does cyber crime mean and how widespread is it?

Cyber crime involves attacks on computer networks, impacting on anything from the national grid to hospital computers and online bank accounts. They can come from anywhere and be carried out by anyone with the know-how.

And with technological advances, cyber crime could escalate into cyber terrorism.

The National Security Council is warning that the UK's enemies are looking for new methods of attack that are cheaper, more easily accessible and less attributable than conventional warfare.

Sir Malcolm Rifkind, the recently-appointed chairman of the Intelligence and Security Committee, said cyber-terrorism was a very real concern.

"What we're talking about is terrorists being able to actually use cyber-methods, for example to interrupt the national grid, to prevent proper instructions going to power stations.

Media caption,

Home Secretary Theresa May has said international terrorism and cyber attacks are "key threats'' faced by the UK

"I was in the United States a few months ago and a very senior intelligence figure said to me that cyber attacks, he feared, were going to be the United States' next Pearl Harbour."

And Tony Dyhouse, a cyber security expert at defence company QinetiQ, said: "Those who wish to carry out large-scale cyber attacks will measure their success about how they can go about demoralising our citizens."

It is difficult to pinpoint just exactly who is behind such attacks, but rumours abound.

Cyber security expert Dr Ian Ferguson from Dundee's Abertay University said: "There are rumours about various companies hosting state-sponsored cyber warfare units - it's not just teenage hackers operating out of their bedroom."

And Mikko Hypponen, a Finland-based chief research officer for F-Secure corporation, said it was often very difficult to find out who was behind cyber espionage and cyber sabotage.

"It is impossible - especially in denial of service attacks [where users are prevented from accessing online networks] to find out who is really behind them. And when you do find people, they are just involved in a fragment of the attack."

He added that these type of attacks just created "virtual traffic jams" but cyber espionage or targeted attacks could have much worse effects that were not always discovered immediately.

Last week, the UK's communications intelligence agency GCHQ gave some indication of the scale of the problem when it revealed that each month more than 20,000 "malicious" e-mails were sent to government networks, of which 1,000 were deliberately targeted at them.

GCHQ's figures also suggested that intellectual property theft was taking place on a "massive scale", according to the intelligence agency's director, Iain Lobban.

He said the country's future economic prosperity relied on ensuring a defence against cyber assaults.

Mr Ferguson pointed out that attacks were becoming more sophisticated and highlighted the case of the Stuxnet malware, thought to be targeting Iran's nuclear programme.

The highly complex piece of malware, detected earlier this year, is believed to be the first-known worm designed to target real-world infrastructure such as power stations, water plants and industrial units.

"It was one of the most significant discoveries to be made in this area and I'm glad the UK government has recognised that," Mr Ferguson said.

Image caption,

GCHQ routinely deals with malicious e-mails sent to government networks

This is not the first time the UK has made a commitment to tackle the problem.

The previous Labour government published the UK's first cyber strategy, external in June last year as a response to what it also perceived to be a growing threat to the country's security.

At the time, Admiral Lord West, who was the country's first cyber security minister, said the UK faced co-ordinated cyber attacks "on a regular basis" from other countries including Russia and China.

Mr Dyhouse said if the government wanted to be able to defend against attacks, it had to be able to understand how to carry out attacks.

Mr Hypponen said: "The public statements by Nato countries always talk about cyber defence but very little about cyber offence."

But the government admits it wants a strategy that "seizes the opportunities which cyber space provides for our future prosperity and for advancing our security interests".

The founder of the computer software giant, Microsoft, Bill Gates, said the threat to computers was something that could be controlled.

Before the security report was published, he told the BBC: "People depend on the reliability of the internet and there are safeguards that can be put into place.

"You won't have to spend like you spend on an army - it's just a group of experts, spreading best practices. So, with the right approach, it shouldn't be something that people will have to worry about."

Related internet links

The BBC is not responsible for the content of external sites.