Feeds

UK armed forces could be 'fatally compromised’ by cyber attack

Say MPs, after gang-briefing from cyber-military complex

Protecting against web application threats using SSL

UK armed forces’ dependence on information and communication technology could leave the nation vulnerable in the event of a cyber attack, according to a study by a committee of MPs.

A report by the Commons' Defence Committee suggests that the UK Government still has some ground to cover in its approach to the nation’s cyber security even two years after placing cybersecurity as a tier one threat against the UK, on a par with global terrorism. The National Cyber Security Programme allocated £650m over five years to boost the UK's cyber-security defences. The MoD received a £90m slice of this pie.

Then in 2012-13 alone, the MoD is reaching into its own coffers to supplement these funds by £30m. But it seems even this is not enough.

The MPs heard concerns that the “trend” of using off-the-shelf commercial products is increasing military vulnerability to cyber-assault. There were also suggestions that people with the necessary skills for cyber warfare might be recruited and brought into the military, perhaps as reservists.

Chair of the Committee, Rt Hon James Arbuthnot MP, said extra ministerial attention ought to be applied to develop improved cyber security.

"The Government needs to put in place – as it has not yet done – mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyberspace presents,” argued Arbuthnot.

Evidence received by the Committee suggested a sustained cyber assault could impede the ability of the armed forces to "operate effectively" due to their dependence on information and communication technology. The Committee quizzed MoD witnesses about its backup systems in these circumstances.

“We have asked the Government to set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so – and urgently create some,” Arbuthnot added.

Details of what types of cyberattack might be possible were left out of the committee's report.

The MPs heard testimony from academics (including John Bassett, associate fellow of Cyber-security at the Royal United Services Institute, Professor Brian Collins, chair of engineering policy at University College London, and others; military personnel including Air Vice-Marshal Jonathan Rigby, Major-General Jonathan Shaw, assistant chief of defence staff and Air Commodore Tim Bishop, head of global operations security control centre; as well as Cabinet ministers Nick Harvey MP, minister for the armed forces, and Rt Hon Francis Maude MP, the Cabinet Office minister.

Written submissions were provided by McAfee, Symantec and Trend Micro as well as BAE Systems, EADS and Raytheon. That group of six from the military industrial anti-malware complex accounted for more than half the written submissions.

Unsurprisingly after this, the MPs came away with the idea that improved MoD and industry collaboration, tied together with increased spending on cyber-security technology, was a good idea.

In a statement, the Committee said it was "impressed by aspects of the co-operation and joint working between the MoD and private sector contractors". The MPs also supported attempts to boost the cyber security sector in the UK, which would help the MoD "deliver military capabilities both to confront high-end threats and to provide a potential offensive capability".

Arbuthnot added:

“The opportunity created by cyber tools and techniques to enhance the military capabilities of our Armed Forces is clear. We want to see the MoD explore this thoroughly. For this reason, we support the use of National Cyber Security Programme funding to develop these capabilities, but also wish to be assured that the MoD will maintain its investment in existing defence intelligence services which provide a vital UK cross-government capability.”

Vendors broadly welcomed the committee's report. Martin Sutherland, Managing Director of BAE Systems Detica commented:

“The UK’s ability to defend itself against cyber attacks does not rest in the hands of any single entity. Ensuring our national and economic security in an increasingly interconnected world requires all organisations – government, public and private sector – to put in place robust cyber security defences as well as appropriate response procedures in the event of a successful attack.

“To improve the effectiveness of these measures we need to encourage more organisations to share best-practice approaches to cyber security and provide more information about the nature of the attacks they’re seeing, particularly given that many private sector firms act as suppliers to Government or are delivering essential services that our nation relies upon every day," he added.

Sutherland said that the UK is perhaps more prepared for cyber-attack than the defence committee gave it credit for.

“The UK's strategy is still going through a process of implementation; however it is progressing well and has a mature approach in comparison to many other nations. Interestingly, the UK was placed first of the G20 in its ability to withstand cyber attacks and deploy the appropriate infrastructure for a productive economy, according to Booz Allen Hamilton’s recent Cyber Power Index. However, there is still a long way to go before we can say that we are successfully countering cyber threats."

Rob Cotton, chief executive of global information assurance firm, NCC Group, stressed the need for the UK military to develop comprehensive information security policy.

“£650m has allegedly been invested in this country's cyber defences, yet instead of being drilled into real expertise it's been juggled between departmental budgets. It's particularly worrying that the best advice offered is repeatedly to simply update antivirus protection – far more sophisticated and sustained responses are needed.

"The targets of a sustained cyber threat would almost certainly include private sector businesses - from energy companies to manufacturing firms and public transport operators – as well as the military itself," he added. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.