Feeds

Defence talks to forge EU cyberwar strategy

What are we defending against exactly?

Choosing a cloud hosting partner with confidence

European defence ministers met last week to develop NATO's future cyber defence strategy, defence minister Nick Harvey told Parliament on Monday.

Defence Secretary Liam Fox met his counterparts across Europe to help formulate future cyber defence policy, Harvey said in response to questions in the House from former defence secretary Bob Ainsworth. The diplomatic reply (extract below) suggests discussions are still at a fairly preliminary stage involving establishing bilateral links and sharing best practice on combating hacking attacks or malware outbreaks that threaten key national infrastructure components. Nothing was said about the possibility of developing offensive capabilities, a topic that must surely be on the agenda.

Over 10 and 11 of March 2011, the Secretary of State for Defence discussed the NATO Cyber Defence Concept with his ministerial counterparts in Brussels. This will set the parameters for NATO's future cyber defence policy.

We have already signed a Cyber Defence Memorandum of Understanding with NATO that allows us to share information and hope to sign further bilateral agreements with countries whose capabilities are complementary to our own. The FCO and Home Office will lead on engagements with the EU and UN, with the Cabinet Office co-ordinating our overall international engagement strategy.

Discussion on cyber-sabotage and other potential acts of war carried out in cyberspace has shifted higher on the agenda after the infamous Stuxnet worm infiltrated industrial control systems in Iran, sabotaging high-speed centrifuges at controversial Iranian nuclear facilities in the process. The sophisticated malware has been described in some circles as the world's first cyber-weapon.

Politicians are also fearful that denial of service attacks that blasted denial Estonia off the web might be turned on their countries as well as state sponsored cyber-espionage style attacks against key private-sector firms along the lines of the Operation Aurora assaults against Google or more recently publicised spear-phishing and custom malware-based attacks against oil exploration conglomerates.

The UK government has allocated £650m over the next four years to tackle cyber threats, newly defined as Tier One threats against the UK – equalled only by international terrorism, as part of its Strategic Defence and Security Review. A total of £63m from this fund was recently earmarked for fighting cyber-crime. Harvey said the government was looking to work with the information security industry as well as international partners in tackling cyber threats. "The government cannot and should not attempt to tackle this issue by itself," Harvey said.

Ghost in the Wire

Last week, during an earlier question and answer session in the House of Commons, Harvey told MPs that the UK's new "global operations and security control centre" is up and running. "We have commissioned a new monitoring system to detect cyber-attacks against our defence systems," he said.

Subsequent questions by MPs showed that specific concerns about cyberthreats are miles apart from the hack disabling national grids or banking systems scenarios often conjured up by talk of cyber-war.

Robert Halfon pointedly asked whether the use by BT of equipment supplied by Chinese telecoms equipment manufacturer Huawei, which was founded by a Red Army officer, might pose a security risk. Hack attacks against government or private sector firms are routinely blamed on China. Whether or not China is actually behind such attacks is difficult to say because it's equally possible that compromised systems in China might be used by elite hackers working for somebody entirely different to hide their track.

Attribution for cyber attacks is a matter of informed guesswork and circumstantial evidence (at best) without examining the compromised systems and figuring out what happened. Harvey said the government was in discussion with BT and others about the "benefits and risks" of using Huawei as a supplier. Aside from Huawei, only Juniper and Cisco can supply the high-end kit BT needs to run its network, so the former public sector telco is not exactly spoiled for choice.

Separately, Chris Bryant asked about a threat rather closer to home, tabloid hacks from the News of the World. A recent Panaroma documentary suggested that hacks hacked into "mobile phones and computers used by the Army in Northern Ireland". Harvey acknowledged that Bryant had raised the valid concern that security threats might come from newspapers as well as agents of a hostile power. "We will do everything we can to ensure the maximum security of all our communication methods," the minister said. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.