Feeds

UK armed forces could be 'fatally compromised’ by cyber attack

Say MPs, after gang-briefing from cyber-military complex

The essential guide to IT transformation

UK armed forces’ dependence on information and communication technology could leave the nation vulnerable in the event of a cyber attack, according to a study by a committee of MPs.

A report by the Commons' Defence Committee suggests that the UK Government still has some ground to cover in its approach to the nation’s cyber security even two years after placing cybersecurity as a tier one threat against the UK, on a par with global terrorism. The National Cyber Security Programme allocated £650m over five years to boost the UK's cyber-security defences. The MoD received a £90m slice of this pie.

Then in 2012-13 alone, the MoD is reaching into its own coffers to supplement these funds by £30m. But it seems even this is not enough.

The MPs heard concerns that the “trend” of using off-the-shelf commercial products is increasing military vulnerability to cyber-assault. There were also suggestions that people with the necessary skills for cyber warfare might be recruited and brought into the military, perhaps as reservists.

Chair of the Committee, Rt Hon James Arbuthnot MP, said extra ministerial attention ought to be applied to develop improved cyber security.

"The Government needs to put in place – as it has not yet done – mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyberspace presents,” argued Arbuthnot.

Evidence received by the Committee suggested a sustained cyber assault could impede the ability of the armed forces to "operate effectively" due to their dependence on information and communication technology. The Committee quizzed MoD witnesses about its backup systems in these circumstances.

“We have asked the Government to set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so – and urgently create some,” Arbuthnot added.

Details of what types of cyberattack might be possible were left out of the committee's report.

The MPs heard testimony from academics (including John Bassett, associate fellow of Cyber-security at the Royal United Services Institute, Professor Brian Collins, chair of engineering policy at University College London, and others; military personnel including Air Vice-Marshal Jonathan Rigby, Major-General Jonathan Shaw, assistant chief of defence staff and Air Commodore Tim Bishop, head of global operations security control centre; as well as Cabinet ministers Nick Harvey MP, minister for the armed forces, and Rt Hon Francis Maude MP, the Cabinet Office minister.

Written submissions were provided by McAfee, Symantec and Trend Micro as well as BAE Systems, EADS and Raytheon. That group of six from the military industrial anti-malware complex accounted for more than half the written submissions.

Unsurprisingly after this, the MPs came away with the idea that improved MoD and industry collaboration, tied together with increased spending on cyber-security technology, was a good idea.

In a statement, the Committee said it was "impressed by aspects of the co-operation and joint working between the MoD and private sector contractors". The MPs also supported attempts to boost the cyber security sector in the UK, which would help the MoD "deliver military capabilities both to confront high-end threats and to provide a potential offensive capability".

Arbuthnot added:

“The opportunity created by cyber tools and techniques to enhance the military capabilities of our Armed Forces is clear. We want to see the MoD explore this thoroughly. For this reason, we support the use of National Cyber Security Programme funding to develop these capabilities, but also wish to be assured that the MoD will maintain its investment in existing defence intelligence services which provide a vital UK cross-government capability.”

Vendors broadly welcomed the committee's report. Martin Sutherland, Managing Director of BAE Systems Detica commented:

“The UK’s ability to defend itself against cyber attacks does not rest in the hands of any single entity. Ensuring our national and economic security in an increasingly interconnected world requires all organisations – government, public and private sector – to put in place robust cyber security defences as well as appropriate response procedures in the event of a successful attack.

“To improve the effectiveness of these measures we need to encourage more organisations to share best-practice approaches to cyber security and provide more information about the nature of the attacks they’re seeing, particularly given that many private sector firms act as suppliers to Government or are delivering essential services that our nation relies upon every day," he added.

Sutherland said that the UK is perhaps more prepared for cyber-attack than the defence committee gave it credit for.

“The UK's strategy is still going through a process of implementation; however it is progressing well and has a mature approach in comparison to many other nations. Interestingly, the UK was placed first of the G20 in its ability to withstand cyber attacks and deploy the appropriate infrastructure for a productive economy, according to Booz Allen Hamilton’s recent Cyber Power Index. However, there is still a long way to go before we can say that we are successfully countering cyber threats."

Rob Cotton, chief executive of global information assurance firm, NCC Group, stressed the need for the UK military to develop comprehensive information security policy.

“£650m has allegedly been invested in this country's cyber defences, yet instead of being drilled into real expertise it's been juggled between departmental budgets. It's particularly worrying that the best advice offered is repeatedly to simply update antivirus protection – far more sophisticated and sustained responses are needed.

"The targets of a sustained cyber threat would almost certainly include private sector businesses - from energy companies to manufacturing firms and public transport operators – as well as the military itself," he added. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?