In a world more dependent on information and communication technology than ever, the increase in cyber capabilities have implications on defence and security. The UK’s new Cyber Security Strategy outlines governmental response to these new threats. The policing of cyber systems will prove to be an integral part of the strategy, as the UK will work closely with international networks to identify and prosecute a new brand of ‘e-criminal’.
By Elizabeth Quintana, Head, Technology & Acquisition, RUSI
The UK’s Cyber Security Strategy published 25 June outlines the government’s response to the growing number of cyber attacks on both government and private sector networks. Modern society is increasingly dependent on information and communication technology (ICT) and cyber technologies meaning that the strategy will influence every sphere of life., This includes everything from the military to the government’s interactions with the public through the Transformational Government programme to our ability to do business with the rest of the world, as the recent Digital Britain report has highlighted. While many commentators have alluded that the UK’s national strategy is an attempt to jump on the US bandwagon, there is a growing sense amongst security experts that cyber space needs better regulation to mitigate the rapid growth in threat from a variety of sources.
Central to the government’s strategy is the formation of the Cyber Security Office, which will be based within the Cabinet Office and headed up by a Cyber Czar, much along the same lines as its US counterpart. Its job will be to analyse trends, provide contingency planning and to co-ordinate national situational awareness and a response to emerging threats.
The Curse of the Zombie Computer
In May this year, a report by McAfee stated that cyber-criminals had taken control of some twelve million internet IP addresses since January and are building an army of infected zombie computers or botnets (collections of software robots that run automatically) in order to find new ways of sending bulk spam email. In another report, a McAfee representative suggested that more malicious software (malware) was registered in 2008 than in the last five years combined, representing an increase of 500 per cent.
A number of countries, including North Korea, have admitted having dedicated teams, which actively target Western states. Others, like Russia and China continue to deny operating in this domain but are thought to be responsible for attacks on state networks and efforts to steal intellectual property rights (IPR). Ever since the attacks on Estonian national networks in 2007, government officials have hinted at similar attempts on UK networks, although nothing as serious as the Estonian Denial-of-Service attack has been experienced to date.
In the military sphere, electronic communications and networked systems have been embraced for their ability to connect disparate forces on the battlefield, reduce fratricide and speed up the prosecution of targets. However, many suspect that the Western military’s growing reliance on ICT may prove to be its Achilles’ heel. Experiences from Georgia, Iraq and Afghanistan, for instance, prove the major role played by cyber warfare in many conflicts as adversaries seek to disrupt vital links.
Malware does not need to be targeted to cause the security services headaches. The worm, Confiker,, which affected over nine million computers in April this year, allegedly affected a variety French, British and German military systems and has led to the removal of USB keys from UK military sites.
To mitigate such threats, UK forces already train to operate with downgraded capabilities and, as General Jim Matthis, Supreme Allied Commander Transformation, NATO explained at the RUSI Land Warfare Conference, US forces are also recognising the need for resilience.
Freedom of Speech and Sensitive Information
Controlling the amount of sensitive information available on the web is a big concern to security forces. Although freedom of speech is a value enshrined in Western democracies, the ability of analysts and journalists to gather unclassified information in an easily digested format can provide adversaries with valuable clues about limits in capabilities and vulnerabilities. Equally, young military personnel are used to using mobile phones, cameras, email, social networking sites and media sharing sites, which can all lead to the (inadvertent) dissemination of classified information.
The sensitivity of this topic will mean that many of the implementation details of the UK’s Cyber Security Strategy will remain classified to avoid exposing existing vulnerabilities. The government’s biggest challenge will be to decide how it will police this domain and to identify and punish e-criminals. The availability of botnets for sale in online forums means that this is not just a state-led activity; it is often difficult to identify where attacks have originated and many states or criminal organisations are thought to use second or third parties to provide plausible deniability. The global nature of the internet means that the UK will continue to work closely with international parties (primarily the US and EU) through organisations such as the European Network and Information Security Agency, to share intelligence information and bring perpetrators to justice. There will certainly need to be an amount of sharing best practice - the French, for example, have proposed legislation to legalise computer hacking to gain information on criminals.
The government is unlikely to address the UK’s response to state-on-state attacks in public, but it is probable that it will adopt more than merely a defensive stance.
If information is the currency of the twenty-first century, there are likely to be more than a few skirmishes in the fringes of cyber space.
The views expressed above are the author's own, and do not necessarily reflect those of RUSI.