Terrorists seek to commit deadly 'cyber attacks' in UK, says Chancellor Osborne
‘We know they want it’ chimes George during GCHQ speech
Following Prime Minister David Cameron's re-announcement of funding increases for UK security personnel, Chancellor George Osborne delivered a speech today to GCHQ workers explaining that the increase is necessary as ISIL is seeking to "develop the capability" to launch deadly cyber attacks against British infrastructure.
How such a capability could be developed is unclear, but Osborne will declare to GCHQ that although "ISIL [Islamic State of Iraq and the Levant, and often known as IS] has not been able to use [the internet] to kill people yet by attacking our infrastructure through cyber attack ... we know they want it".
While The Register understands George Osborne is a confessed fan of gangster rap group NWA, the Chancellor has not hitherto suggested an interest in the works of Robin Thicke.
Let’s be clear. ISIL is already using the internet for hideous propaganda purposes; for radicalisation, for operational planning too.
They have not been able to use it to kill people yet by attacking our infrastructure through cyber attack.
They do not yet have that capability. But we know they want it, and are doing their best to build it.
So when we talk about tackling ISIL, that means tackling their cyber threat as well as the threat of their guns, bombs and knives.
David Cameron had announced funding increases for the intelligence agencies following the terrorist attacks in Paris. However, these increases had already been announced.
Osborne confirmed that a funding increase of £1.9bn will be delivered by 2020, taking total "cyber spending" to £3.2bn by the Chancellor's maths. The increase, he stated, had been decided before the terrorist attacks in Paris, despite previous announcements citing those attacks, and the Sinai aircraft disaster. Interestingly, GCHQ had requested planning permission to provide room for more personnel, and their cars, back in October.
GCHQ's Cheltenham complex will soon house a new "National Cyber Centre" which is described as "the country's first dedicated ‘cyber force’ to handle cyber incidents in Britain, and ensure faster and more effective responses to major attacks. The centre will draw on GCHQ’s world-class expertise and work with international partners to help keep the UK protected against cyber attacks".
There will also be a "stronger Active Defence Programme" which will include "exploring whether internet service providers can work together, with Government help, to divert more malware attacks and block bad addresses used against British internet users", as well as "a renewed crackdown on cybercriminals, with increased capabilities for the National Cyber Crime Unit".
"The stakes could hardly be higher," Osborne said. "If our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost."
Talking to The Register, Ross Anderson, Professor of Security Engineering at Cambridge University, acknowledged that "you can now kill people by hacking, though I don't know of any cases."
However, if you want to inflict terror, then you'd get a lot more impact by just walking through the West End of London and shooting a few people.
Terrorism works via mortality salience, by reminding us that we are mortal (which causes people to cling to their deepest beliefs, be they patriotic or religious) and the key to that is video footage of planes flying into buildings or bloodstained people staggering out of London tube trains or Paris restaurants.
Simply turning up some poor sod's morphine pump by a factor of 10 in some provincial hospital is a pretty easy way to commit murder, but it's not telegenic enough, and as most patients on such equipment are pretty sick, it's quite possible that the death would be considered natural and nobody would notice that it was even a murder.
That's ideal for an assassin, but disastrous for a terrorist.
"The real issue about hacking is its use on an industrial scale by the NSA, GCHQ and others," said Anderson. The proper regulation of Computer and Network Exploitation (CNE) is the topic of expert witness testimony Anderson will deliver to the Investigatory Powers Tribunal next month, at a hearing on CNE, following a complaint brought by Privacy International.
Talking to the Sunday Times before the launch of the Investigatory Powers Bill, Ciaran Martin, the Director General for Cybersecurity at GCHQ stated: "We have not seen state cyber attacks used for destructive purposes yet."
Martin seems to have conveniently forgotten the Stuxnet worm, developed by states allied to the UK, which destroyed 20 per cent of Iranian nuclear centrifuges.
Osborne additionally announced the launch of an "Institute for Coding: Centre for Digital Skills and Computer Science", involving a "competition to attract joint collaborations between universities and business for a capital prize of £20m focused on digital skills and computer science." ®
Sponsored: Becoming a Pragmatic Security Leader