UK under attack
In an interview on the 7th March in the Observer, the UK parliamentary under-secretary for security and counter-terrorism, stated that the UK government’s core networks had been the subject of 300 cyber attacks in the last year. He asserted that many of these were the work of foreign states, but admitted there was little in the way of concrete evidence. He went on to say, not surprisingly, that the number and scope of the attacks would only increase in the future.
Examples were given of intellectual property theft, such as the designs for aero engines. He said “The moment you mention a particular state, they will deny it. The problem with cyberspace is that attribution is extremely difficult. It’s almost impossible to do it in terms of evidence that would be necessary in a court of law.” Whilst no specific country was mentioned, there was a veiled threat of retaliation “If some state sponsor keeps trying to get into your systems, probably for industrial espionage, are you going to go back into their system and bugger it up? We’re all capable of doing these things. At the moment we wouldn’t do that, but maybe this is where we need to have discussions.”
This comes at a time when recently NATO and EU member states have been told they need to strengthen their defences against military cyber attacks. In this example, China was specifically mentioned. Last October, the Rand think tank in the USA urged the US government to develop a policy for dealing with such attacks, in the same way as it has a clear policy of deterrence with regard to nuclear attack. Last year the US Department of Defense began setting up a unified cyber command. The US government is worried that knocking out electricity supplies for a period of time would do the same economic damage as a nuclear war. Experts in energy are concerned that the US is unable to supply key components for generators. Ironically, these are manufactured in China.
However, it’s remains to be seen what the unified cyber command’s cyber warfare policies will look like. It is initially struggling with definitions, ie what constitutes a cyber attack and what constitutes cyber war. It appears that the UK government is starting to think along similar lines, although it has already published its “UK Cyber-security Strategy”, in July last year.