Viewpoint: Preparing for the digital defence of the realm

The notion of a co-ordinated cyberthreat has moved from the abstract to being all too real for many of us in the last few years.

From a theoretical risk to a tangible reality, the attacks by Anonymous on a variety of UK internet sites including the UK government, breaches of global giants like Sony and the debate that surrounded the digital discussion during the London riots truly transformed cybersecurity from a topic that was the province of technologists to a down-the-pub discussion that affects the everyday citizen.

The UK government is pledging hundreds of millions of pounds to defend the realm from cyber-attacks, but they are just one player in an inter-connected web of stakeholders looking to keep the internet in the UK safe, secure, trusted and contributing to Britain's economic growth and recovery.

It's not all about the spooks, digital or otherwise, and we need to be ready.

On a soggy spring morning, experts from Nominet's research and tech team worked with professors at the University of Southampton to conduct a war games exercise with postgraduates at the university's Web Sciences department.

The 90 or so post-grads who attended represent the next generation of Britain's digital defenders.

Not all the students are studying for technical qualifications. Many will go on to jobs in industry, government, policy, regulation and law-enforcement that draw on their understanding of the social as well as technological characteristics of the internet and support their employers in securing the digital realm from multiple categories of threat.

The purpose of the digital defence day was to expand the students' perspective on the complexity of the threat to the public from this new breed of digital attack, inspire new ways of looking at the problems and inspire research ideas to tackle the cybersecurity challenge.

The scenario that played out saw a hacktivist group, called "Incognito", threaten and apparently take down high-profile British e-commerce sites as part of a protest against a proposed set of government policies on online privacy. Students played the role of the police, of hackers, of the media and of the general public in assessing and responding to the threat at hand.

They briefed the Cobra committee (made up on this occasion by on-the-ball, internet-savvy actors playing the prime minister, culture secretary and home secretary) on response strategies to the threat, analysed a simulated Twitter feed to gauge the social media response to the issue, and discussed and debated strategies for managing the attack on a chat site called the Und3rgr0und - the gathering place of choice for Incognito hacktivists.

The story played to a realistic conclusion. Law enforcement officials instructed Nominet to disable the domain used for the Und3rgr0und chat site in an attempt to disrupt the hacktivists, having tracked down the source of the site as beyond their jurisdiction.

Undeterred, the hacktivists then reconvened on an unsuspecting YouTube video user's comment feed and in another chat room.

Some of the "attacks" attributed to the hacktivists turned out to be non-hacker related outages.

The panic and media hyperbole subsided, the hacktivist mutterings continued, and another day passed in the lives of the largely unaffected British public.

The event triggered many different threads of discussion, mirroring the real-world debates happening in government, industry, international bodies like the Internet Governance Forum and with our own stakeholders as to what best-practice should look like and how we should face these challenges.

After all, the scale of issue under discussion here varies.

Social media can create or exacerbate a problem. During the London riots, false rumours on Twitter claimed that tigers were on the loose, and that people had broken into McDonald's to cook their own food, while other tweeters have been charged with incitement to cause violence.

And there are more fundamental challenges such as hacktivism and financially or politically-motivated attacks like the one seen against the Dutch certificate authority DigiNotar last year.

The balance between consumer rights, citizen and business safety, the role of the government and law enforcement, the role of the judiciary, the role of third parties like Nominet, academia and beyond were all brought up in a final mocked-up edition of Prime Minister's Question Time that rounded off the exercise.

Indeed, if this sounds complex - the real world edition of this would see additional interplay from the Serious Organised Crime Agency, the Police Central e-Crime Unit, Government Communications Headquarters and potentially the Centre for Protection of National Infrastructure - and many more organisations and experts with a stake in "digital defence".

It was clear that there's a lot that still needs to be defined about process and the interaction between the different internet stakeholders in the UK.

On-going dialogue will be key in ensuring that the UK internet economy continues to grow unencumbered by the challenges and attacks posed by hacktivists and beyond.

As an exercise, the day was a resounding success. The students had an enjoyable and stimulating day and came up with dozens of possible research ideas, some of which may win funding from Nominet as it continues in its work to keep Britain's digital realms safe and secure.

These research ideas varied from the technical (an algorithm to determine if a cyberthreat is genuine or not) to the intensely social and political (the process for taking down sites associated with criminal activity), and all have positive implications for the future development of the internet in the UK and beyond.

And of course, we learned how to make the scenarios a little more challenging for the next generation of digital defenders.

<italic>Simon McCalla is director of IT at Nominet, the non-profit organisation which manages .uk domains.</italic>