Feeds

UK.gov: 'Foreign cyber reconnaissance' underway in UK

Eyes on tentacles peer from network pipes around YOU

Website security in corporate America

Foreign states may already have used malware to map the networks that support the UK's critical infrastructure systems, the government admitted.

The admission by government officials came in the run-up to a parliamentary statement by Cabinet Office minister, Francis Maude, marking the first anniversary of the UK's government's National Cyber Security Strategy.

Maude highlighted future work on a new UK National Computer Emergency Response team, further work on education and skills, Cyber Reservists for the MoD and a partnership with the private sector to boost the cyber security sector in the UK. He pointed out that the private sector is the largest economic victim of crime-crime, such as IP theft, and from economic espionage perpetrated through cyberspace, as well as highlighting efforts to improvement the protection of the UK's critical infrastructure in a written statement to parliament on Monday (3 December).

"We have invested in new and unique capabilities for GCHQ to identify and analyse hostile cyber attacks in order to protect our core networks and services and support the UK’s wider cyber security mission," Maude said. "I cannot reveal details of this work, but it has broadened and deepened our understanding of the threat, helping us prioritise and direct defensive efforts."

"The Security Service has developed and enhanced its cyber structures, focusing on investigating cyber threats from hostile foreign intelligence agencies and terrorists, and working with UK victims. This informs the work of the Centre for the Protection of National Infrastructure (CPNI) which is helping organisations to improve their cyber security measures."

"CPNI is actively influencing standards, researching vulnerabilities and focusing on the key technologies and systems of cyber infrastructure. As part of this work it has commissioned a major research programme from the University of Oxford with the aim of delivering advice, guidance and products to help reduce the risk of cyber attacks mounted or facilitated with the help of company insiders."

Maude praised efforts to secure systems during the Olympics as well as looking ahead to a new Cyber Incident Response scheme, recently launched by CESG and CPNI in pilot form, will move to become fully operational in 2013. Next year will also see the merger of cyber-policing units at Scotland Yard and SOCA to form the new National Cyber Crime Unit of the new National Crime Agency.

The cyber security strategy was launched on 25 November 2011 as a means to co-ordinate government and private sector efforts in the fight against cyber-espionage, malware and other internet security threats.

The government budgeted £650m to bolster the nation's cyber-defences as part of the 2010 strategic defence review. GCHQ was given the lead role and the lion's share of the budget. Only £30m was earmarked for law enforcement.

Government ministers and officials argue that the threats is growing and facilities that power utilities, banking and other vital services are at the front line of attack. The threats come in the form of attacks designed to steal intellectual property and trade secrets as well as more general cybercrime and probes against the networks of utilities and others.

Officials will not be drawn on who is responsible for reconnaissance-style attacks on UK infrastructure systems, beyond saying that the threat came from abroad.

"We understand that there is a threat from hostile foreign states and others to attack it," a senior official said, The Guardian reports.

"It would be absolutely in keeping with that – we have seen attempts by hostile foreign states through cyberspace as well."

"There are attacks against critical national infrastructure and I am not going to say whether they were or weren't successful," the official added.

US officials have warned about attacks on that country's national infrastructure but unlike their UK counterparts they have been far less reticent about apportioning blame, singling out China and Russia for criticism.

Chris McIntosh, chief exec at encryption firm ViaSat, commented that news that cyber-attacks are increasingly targeting critical infrastructure ought to come as little surprise.

"While previously national energy or resource infrastructure was relatively safe from these attacks, the modernisation of these networks has meant they are closely connected to the internet and so more vulnerable than ever. While at one level the threat to infrastructure could involve the targeting of individual sections of the network and deny certain services at specific areas, at the extreme level these attacks could potentially be used to overload systems or override safety mechanisms, causing catastrophic damage to the surrounding area and the infrastructure as a whole." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.