Feeds

Defence talks to forge EU cyberwar strategy

What are we defending against exactly?

5 things you didn’t know about cloud backup

European defence ministers met last week to develop NATO's future cyber defence strategy, defence minister Nick Harvey told Parliament on Monday.

Defence Secretary Liam Fox met his counterparts across Europe to help formulate future cyber defence policy, Harvey said in response to questions in the House from former defence secretary Bob Ainsworth. The diplomatic reply (extract below) suggests discussions are still at a fairly preliminary stage involving establishing bilateral links and sharing best practice on combating hacking attacks or malware outbreaks that threaten key national infrastructure components. Nothing was said about the possibility of developing offensive capabilities, a topic that must surely be on the agenda.

Over 10 and 11 of March 2011, the Secretary of State for Defence discussed the NATO Cyber Defence Concept with his ministerial counterparts in Brussels. This will set the parameters for NATO's future cyber defence policy.

We have already signed a Cyber Defence Memorandum of Understanding with NATO that allows us to share information and hope to sign further bilateral agreements with countries whose capabilities are complementary to our own. The FCO and Home Office will lead on engagements with the EU and UN, with the Cabinet Office co-ordinating our overall international engagement strategy.

Discussion on cyber-sabotage and other potential acts of war carried out in cyberspace has shifted higher on the agenda after the infamous Stuxnet worm infiltrated industrial control systems in Iran, sabotaging high-speed centrifuges at controversial Iranian nuclear facilities in the process. The sophisticated malware has been described in some circles as the world's first cyber-weapon.

Politicians are also fearful that denial of service attacks that blasted denial Estonia off the web might be turned on their countries as well as state sponsored cyber-espionage style attacks against key private-sector firms along the lines of the Operation Aurora assaults against Google or more recently publicised spear-phishing and custom malware-based attacks against oil exploration conglomerates.

The UK government has allocated £650m over the next four years to tackle cyber threats, newly defined as Tier One threats against the UK – equalled only by international terrorism, as part of its Strategic Defence and Security Review. A total of £63m from this fund was recently earmarked for fighting cyber-crime. Harvey said the government was looking to work with the information security industry as well as international partners in tackling cyber threats. "The government cannot and should not attempt to tackle this issue by itself," Harvey said.

Ghost in the Wire

Last week, during an earlier question and answer session in the House of Commons, Harvey told MPs that the UK's new "global operations and security control centre" is up and running. "We have commissioned a new monitoring system to detect cyber-attacks against our defence systems," he said.

Subsequent questions by MPs showed that specific concerns about cyberthreats are miles apart from the hack disabling national grids or banking systems scenarios often conjured up by talk of cyber-war.

Robert Halfon pointedly asked whether the use by BT of equipment supplied by Chinese telecoms equipment manufacturer Huawei, which was founded by a Red Army officer, might pose a security risk. Hack attacks against government or private sector firms are routinely blamed on China. Whether or not China is actually behind such attacks is difficult to say because it's equally possible that compromised systems in China might be used by elite hackers working for somebody entirely different to hide their track.

Attribution for cyber attacks is a matter of informed guesswork and circumstantial evidence (at best) without examining the compromised systems and figuring out what happened. Harvey said the government was in discussion with BT and others about the "benefits and risks" of using Huawei as a supplier. Aside from Huawei, only Juniper and Cisco can supply the high-end kit BT needs to run its network, so the former public sector telco is not exactly spoiled for choice.

Separately, Chris Bryant asked about a threat rather closer to home, tabloid hacks from the News of the World. A recent Panaroma documentary suggested that hacks hacked into "mobile phones and computers used by the Army in Northern Ireland". Harvey acknowledged that Bryant had raised the valid concern that security threats might come from newspapers as well as agents of a hostile power. "We will do everything we can to ensure the maximum security of all our communication methods," the minister said. ®

The essential guide to IT transformation

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
HP: NORKS' cyber spying efforts actually a credible cyberthreat
'Sophisticated' spies, DIY tech and a TROLL ARMY – report
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?