'Cyber attack war games' to be staged by UK and US

The UK and US are to carry out "war game" cyber attacks on each other as part of a new joint defence against online criminals.

The first exercise, a staged attack on the financial sector, will take place later this year, Downing Street said.

The "unprecedented" arrangement between the two countries was announced by Prime Minister David Cameron ahead of talks with US President Barack Obama.

The two men discussed a range of other issues, including counter-terrorism.

They are holding a press conference in the Oval Office of The White House after talks lasting about an hour.

Image source, AP
Image caption,

The two leaders are discussing Anglo-American co-operation across a wide range of issues

Mr Cameron has previously said in relation to cyber attacks that there should be no "means of communication" which "we cannot read".

He is expected to talk to the US president about getting companies such as Google and Facebook to allow governments to view encrypted messages.

'Modern threat'

In terms of the planned cyber war games Downing Street said they will aim to improve the flow of information between the US and UK about threats.

No 10 said agents will co-operate in "cyber cells", involving MI5 and the FBI, and they will be the first the UK has established with another country.

Speaking to BBC political editor Nick Robinson after arriving in Washington on Thursday night for a two-day visit, Mr Cameron said cyber attacks were "one of the big modern threats that we face".

The first war game will involve the Bank of England and commercial banks, targeting the City of London and Wall Street, and will be followed by "further exercises to test critical national infrastructure", Downing Street said.

Money will also be made available to train "the next generation" of cyber agents.

Image source, Thinkstock

Analysis by Gordon Corera, BBC security correspondent

The tensions and confusions over what cyber security means are all too apparent this week.

Is it about defending corporate networks against hostile attackers of the type who targeted Sony? That's the focus of today's announcements about war-gaming and threat cells.

Or is it about getting hold of data and communications about terrorists? That seemed to be the focus earlier in the week, with briefings that the visit would focus on getting US companies to be more helpful in providing data to British authorities.

The two are different in focus and it is not yet clear how much progress on the latter the prime minister will make with a president whose relations with the tech sector are already difficult post-Snowden.

There is also some tricky overlap between the two fields, for instance on how far information should be encrypted so it cannot be read or stolen.

Encryption may foil foreign cyber spies but also stymie law enforcement.

The measures come in the wake of the recent hacking of Sony Pictures' computers and the US military's Central Command's Twitter feed, where comments were posted promoting Islamic State (IS) militants.

The cyber attack on Sony Pictures led to data being leaked from its computers exposing emails and personal details about staff and stars.

The hackers, who called themselves #GOP or Guardians of Peace, also threatened cinema chains planning to screen Sony's satirical North Korea comedy, The Interview, the plot of which involves a bid to assassinate the country's leader Kim Jong-un.

Sony initially cancelled the film's release after leading US cinema groups said they would not screen it, a move which Mr Obama later described as "a mistake".

Media caption,

PM: "Cyber attacks are one of the biggest modern threats we face"

Mr Obama has said cyber threats were an "urgent and growing danger" and unveiled domestic proposals to strengthen the law.

The UK's National Audit Office warned, external in 2013 that a lack of skilled workers was hampering the fight against cyber crime.

Mr Cameron said the UK was already prepared for a cyber attack, saying GCHQ had "massive expertise", but added more needed to be done.

He said: "We need to be able in extremis to interrupt the contact between terrorists.

"It's also about protecting people's data, people's finances - these attacks can have real consequences to people's prosperity."

'Beef up filters'

The BBC's technology correspondent Rory Cellan-Jones said there had been a lot of concern over Mr Cameron's inference that governments should be able to view encrypted data.

Image source, AP
Image caption,

Cyber security has been the focus so far of the prime minister's visit to Washington

He said not only were civil rights groups worried, but major players in the technology industry said banning encrypted messages could harm British trade if UK companies were seen to be not private.

Our correspondent also told BBC Radio 4's Today programme that smaller social networking sites were just as well used by potential hackers as the well-known ones.

He said he had found an example of an exchange on the site Ask.fm which appeared to be from an IS fighter asking another user which country he should go to for weapons training.

In relation to the site being used for this type of communication Doug Leeds, the chief executive of Ask.com, which owns Ask.fm, said: "We have taken some action, and we're looking to take more, what we have done so far is beef up our filters to try and look for patterns that would suggest that this is going on."

Howard Schmidt, a former eBay and Microsoft executive, told the BBC attitudes around privacy and the right to encrypt personal data were still hotly debated in the US in light of the revelations disclosed by fugitive US intelligence leaker Edward Snowden.

Among other things, Snowden's leaks detailed the National Security Agency's practice of harvesting data on millions of telephone calls made in the US and around the world, and revealed the CIA intelligence agency had snooped on foreign leaders.

A recent report by GCHQ, the UK government's communications security agency, on the issue of cyber attacks said that more than 80% of large UK companies experienced some form of security breach in 2014, and attacks were on the rise.