Defence Minister Calls For British Cyber Attack Option

The Armed Forces Minister Nick Harvey has called for the UK to have the ability to strike back at those conducting cyberwarfare campaigns

Armed Forces Minister Nick Harvey has said that the UK must have the ability to launch its own attack against those carrying out cyberwarfare against this country and its infrastructure.

He made the call in a speech earlier this week to international affairs think-tank, Chatham House.

“As Minister for the Armed Forces, I am concerned with how we should defend ourselves against those who would use cyber space to do harm, and how we best use the new technologies to further our national security,” he told the audience in his speech.

Technology Reliance

He warned that most modern societies, including Britain, have come to rely on digital networks for many of the things which allow normal life to function smoothly. “It is at the heart of our transport system, our power and telecommunications, our health service and our economy as a whole,” he said. “We take these technologies for granted, and we have come to depend on the services they provide every second of every day.”

“The consequences of a well planned, well executed attack against our critical networks could be catastrophic,” he warned.

And he said that there are no geographical barriers in cyber space, and that an attack could be launched from any corner of the world with little warning.

Harvey cited the recent mass denial of service attack that hit Burma as the type of attacks the UK could experience going forward. He also pointed to the recent comments from Iain Lobban, the Director of GCHQ, who said that we are now seeing the use of cyber techniques by one nation on another to bring diplomatic or economic pressure to bear.

“It can only be a matter of time before terrorists begin to use cyber space more systematically, not just as a tool for their own organisation, but as a method of attack,” he said.

The dangers posed to the UK by cyber attacks were starkly illustrated last weekend, when the Royal Navy was forced to suspend its website after it was compromised by a lone Romanian hacker.

The website was down for many days, but is now up and functioning normally, as of Thursday afternoon.

Attack Capabilities

“As Clausewitz (a military thinker) believed, war is an expression of politics by other means,” Harvey said. “This means we should also be able to prevent, deter, coerce or even intervene in cyber space.”

“Together with our NATO allies, we will need to establish a common understanding on how best to defend ourselves against cyber attack, and the role of NATO in our collective defence,” he added.

Harvey admitted that there needs to be legal framework in place if the UK does decide to retaliate against an attack, but said that Nato article V provides guidance for retaliating to a cyber attack.

And Harvey also talked about the UK’s Defence Cyber Operations Group, which was announced in the Strategic Defence Security Review (SDSR) in October, in which £650 million was earmarked for a national cyber security programme over a four year period.

“As part of the SDSR, we are creating a new UK Defence Cyber Operations Group which will integrate our activities in both cyber and physical space,” he said. “The Group will provide a cadre of experts from across Defence to support our own and allied cyber operations, to secure our vital networks and guide the development of our cyber capabilities.”

“It will also be responsible for developing, testing and validating cyber techniques as a complement to traditional military capabilities,” he added. “There is much to learn and develop in this area. It will take time to understand fully the threats and opportunities.

Harvey said that the Group will work closely with other government departments, industry and other experts.

Useful Cyber Stress Test

Meanwhile the recent ‘Cyber Europe 2010’ test, which simulated an attack to cut off European nations from one another, with critical systems targeted, has reportedly gone well.

Interim findings and recommendations of the 30 countries taking part indicated that the event was a useful ’cyber stress test’ for Europe’s public bodies, according to the European Network and Information Security Agency (ENISA).

“The Cyber Europe 2010 exercise was the first successful ‘cyber stress test’ for Europe. It fully met its objectives to test Europe’s readiness to face online threats to essential critical infrastructure used by citizens, governments and businesses,” said executive director of ENISA, Dr Udo Helmbrecht.

“We will work closely with Member States to identify and implement the lessons learnt from this exercise. We also encourage Member States to continue their efforts in the area of exercises, both at national and pan-European levels. ENISA will strongly support their efforts, he added.”

However, the ENISA experts stressed the importance of involving the private sector in any plans to strengthen a nation’s critical infrastructure against cyber attack. “The private sector should be part of the next pan-European exercise,” it said in one of its recommendations.