A committee of MPs has recommended that the UK takes a more aggressive stance in cyberspace.
In its annual report, the Intelligence and Security Committee said that "while attacks in cyberspace represent a significant threat to the UK… there are also significant opportunities for our intelligence and security agencies and military which should be exploited in the interests of national security".
These are as follows:
• Active defence: Interfering with the systems of those trying to hack into UK networks.
• Exploitation: Accessing the data or networks of targets to obtain intelligence or to cause an effect without being detected.
• Disruption: Accessing the networks or systems of others to hamper their activities or capabilities without detection (or at least without attribution).
• Information operations: Using cyber techniques and capabilities in order to deliver information operations.
• Military effects: The destruction of data, networks or systems in support of armed conflict.
Recent reports in the US press have corroborated what many in the IT security industry already suspected – that US and Israeli intelligence forces lie behind such cyber ‘attacks’ as the Stuxnet and Flame worms. The UK would not be alone in taking a more aggressive stance in cyberspace, therefore, although it is unknown how many such inititatives the UK is already involved in.
Despite encouraging the UK to be more aggressive in cyberspace, the committee also admitted that there is still a degree of uncertainty as to who the country’s enemies are and how they operate.
"We mentioned in our last annual report that Russia and China are suspected of carrying out the majority of electronic attack," it said. "Such attacks are focused on espionage and acquisition of information. The Committee has been told that more work is required to understand the nature and extent of the threat from these and other countries."
Progress report
The report commented on the progress of the government’s cyber security strategy so far. It commended the decision to put the Cabinet Office in charge of cross-government cyber initiatives, saying the department was better placed to do so than the Home Office.
Last year, the committee remarked that the Communications-Electronics Security Group – a division of GCHQ that offers security services to government departments – was underused and underfunded. This year, it said the funding shortfall for CESG has reduced somewhat, but that long term plans are still required to ensure continued funding.
"Twenty months into the National Cyber Security Programme, there appears to have been some progress on developing cyber capabilities. however, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage. We are therefore concerned that much of the work to protect UK interests in cyberspace is still at an early stage."