Feeds

Defence talks to forge EU cyberwar strategy

What are we defending against exactly?

SANS - Survey on application security programs

European defence ministers met last week to develop NATO's future cyber defence strategy, defence minister Nick Harvey told Parliament on Monday.

Defence Secretary Liam Fox met his counterparts across Europe to help formulate future cyber defence policy, Harvey said in response to questions in the House from former defence secretary Bob Ainsworth. The diplomatic reply (extract below) suggests discussions are still at a fairly preliminary stage involving establishing bilateral links and sharing best practice on combating hacking attacks or malware outbreaks that threaten key national infrastructure components. Nothing was said about the possibility of developing offensive capabilities, a topic that must surely be on the agenda.

Over 10 and 11 of March 2011, the Secretary of State for Defence discussed the NATO Cyber Defence Concept with his ministerial counterparts in Brussels. This will set the parameters for NATO's future cyber defence policy.

We have already signed a Cyber Defence Memorandum of Understanding with NATO that allows us to share information and hope to sign further bilateral agreements with countries whose capabilities are complementary to our own. The FCO and Home Office will lead on engagements with the EU and UN, with the Cabinet Office co-ordinating our overall international engagement strategy.

Discussion on cyber-sabotage and other potential acts of war carried out in cyberspace has shifted higher on the agenda after the infamous Stuxnet worm infiltrated industrial control systems in Iran, sabotaging high-speed centrifuges at controversial Iranian nuclear facilities in the process. The sophisticated malware has been described in some circles as the world's first cyber-weapon.

Politicians are also fearful that denial of service attacks that blasted denial Estonia off the web might be turned on their countries as well as state sponsored cyber-espionage style attacks against key private-sector firms along the lines of the Operation Aurora assaults against Google or more recently publicised spear-phishing and custom malware-based attacks against oil exploration conglomerates.

The UK government has allocated £650m over the next four years to tackle cyber threats, newly defined as Tier One threats against the UK – equalled only by international terrorism, as part of its Strategic Defence and Security Review. A total of £63m from this fund was recently earmarked for fighting cyber-crime. Harvey said the government was looking to work with the information security industry as well as international partners in tackling cyber threats. "The government cannot and should not attempt to tackle this issue by itself," Harvey said.

Ghost in the Wire

Last week, during an earlier question and answer session in the House of Commons, Harvey told MPs that the UK's new "global operations and security control centre" is up and running. "We have commissioned a new monitoring system to detect cyber-attacks against our defence systems," he said.

Subsequent questions by MPs showed that specific concerns about cyberthreats are miles apart from the hack disabling national grids or banking systems scenarios often conjured up by talk of cyber-war.

Robert Halfon pointedly asked whether the use by BT of equipment supplied by Chinese telecoms equipment manufacturer Huawei, which was founded by a Red Army officer, might pose a security risk. Hack attacks against government or private sector firms are routinely blamed on China. Whether or not China is actually behind such attacks is difficult to say because it's equally possible that compromised systems in China might be used by elite hackers working for somebody entirely different to hide their track.

Attribution for cyber attacks is a matter of informed guesswork and circumstantial evidence (at best) without examining the compromised systems and figuring out what happened. Harvey said the government was in discussion with BT and others about the "benefits and risks" of using Huawei as a supplier. Aside from Huawei, only Juniper and Cisco can supply the high-end kit BT needs to run its network, so the former public sector telco is not exactly spoiled for choice.

Separately, Chris Bryant asked about a threat rather closer to home, tabloid hacks from the News of the World. A recent Panaroma documentary suggested that hacks hacked into "mobile phones and computers used by the Army in Northern Ireland". Harvey acknowledged that Bryant had raised the valid concern that security threats might come from newspapers as well as agents of a hostile power. "We will do everything we can to ensure the maximum security of all our communication methods," the minister said. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.