Feeds

Defence talks to forge EU cyberwar strategy

What are we defending against exactly?

Providing a secure and efficient Helpdesk

European defence ministers met last week to develop NATO's future cyber defence strategy, defence minister Nick Harvey told Parliament on Monday.

Defence Secretary Liam Fox met his counterparts across Europe to help formulate future cyber defence policy, Harvey said in response to questions in the House from former defence secretary Bob Ainsworth. The diplomatic reply (extract below) suggests discussions are still at a fairly preliminary stage involving establishing bilateral links and sharing best practice on combating hacking attacks or malware outbreaks that threaten key national infrastructure components. Nothing was said about the possibility of developing offensive capabilities, a topic that must surely be on the agenda.

Over 10 and 11 of March 2011, the Secretary of State for Defence discussed the NATO Cyber Defence Concept with his ministerial counterparts in Brussels. This will set the parameters for NATO's future cyber defence policy.

We have already signed a Cyber Defence Memorandum of Understanding with NATO that allows us to share information and hope to sign further bilateral agreements with countries whose capabilities are complementary to our own. The FCO and Home Office will lead on engagements with the EU and UN, with the Cabinet Office co-ordinating our overall international engagement strategy.

Discussion on cyber-sabotage and other potential acts of war carried out in cyberspace has shifted higher on the agenda after the infamous Stuxnet worm infiltrated industrial control systems in Iran, sabotaging high-speed centrifuges at controversial Iranian nuclear facilities in the process. The sophisticated malware has been described in some circles as the world's first cyber-weapon.

Politicians are also fearful that denial of service attacks that blasted denial Estonia off the web might be turned on their countries as well as state sponsored cyber-espionage style attacks against key private-sector firms along the lines of the Operation Aurora assaults against Google or more recently publicised spear-phishing and custom malware-based attacks against oil exploration conglomerates.

The UK government has allocated £650m over the next four years to tackle cyber threats, newly defined as Tier One threats against the UK – equalled only by international terrorism, as part of its Strategic Defence and Security Review. A total of £63m from this fund was recently earmarked for fighting cyber-crime. Harvey said the government was looking to work with the information security industry as well as international partners in tackling cyber threats. "The government cannot and should not attempt to tackle this issue by itself," Harvey said.

Ghost in the Wire

Last week, during an earlier question and answer session in the House of Commons, Harvey told MPs that the UK's new "global operations and security control centre" is up and running. "We have commissioned a new monitoring system to detect cyber-attacks against our defence systems," he said.

Subsequent questions by MPs showed that specific concerns about cyberthreats are miles apart from the hack disabling national grids or banking systems scenarios often conjured up by talk of cyber-war.

Robert Halfon pointedly asked whether the use by BT of equipment supplied by Chinese telecoms equipment manufacturer Huawei, which was founded by a Red Army officer, might pose a security risk. Hack attacks against government or private sector firms are routinely blamed on China. Whether or not China is actually behind such attacks is difficult to say because it's equally possible that compromised systems in China might be used by elite hackers working for somebody entirely different to hide their track.

Attribution for cyber attacks is a matter of informed guesswork and circumstantial evidence (at best) without examining the compromised systems and figuring out what happened. Harvey said the government was in discussion with BT and others about the "benefits and risks" of using Huawei as a supplier. Aside from Huawei, only Juniper and Cisco can supply the high-end kit BT needs to run its network, so the former public sector telco is not exactly spoiled for choice.

Separately, Chris Bryant asked about a threat rather closer to home, tabloid hacks from the News of the World. A recent Panaroma documentary suggested that hacks hacked into "mobile phones and computers used by the Army in Northern Ireland". Harvey acknowledged that Bryant had raised the valid concern that security threats might come from newspapers as well as agents of a hostile power. "We will do everything we can to ensure the maximum security of all our communication methods," the minister said. ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.