Last Friday the government published the UK Cyber Security Strategy setting out the threats we face and how the government plans to combat them. We should welcome this new publication as an indication that the government is taking this new threat seriously, but also point out areas where this strategy could be improved. Cyber attacks are a threat many people will not have heard of, so everybody, both within and outside government, is still getting to grips with the issue.
A third of the world’s population now use the internet, presenting fantastic opportunities for commerce, research and keeping in touch with friends and family. However there are no borders in this online world, while our dependence on cyber space grows so too does the opportunity for others to take advantage in weaknesses in security.
Threats to our cyber security come in a variety of forms including criminals trying to steal financial data online, groups of hackers trying to cause disruption to companies or governments, and even foreign intelligence services trying to destabilise national infrastructure. To date, perhaps the most worrying examples have been the Stuxnet computer virus that attacked Iran’s nuclear programme and ‘significant’ attacks on a large America defence manufacturer.
In this new world, where security is less about the number of ballistic missiles a country holds, cyber attacks lend themselves to the covert threats we must learn to defend ourselves against. When computer viruses spread across the world at the push of a button it can be near impossible to determine where they started.
Iain Lobban, the Head of GCHQ claims the threat is reaching ‘disturbing’ levels. The MoD have foiled over 1,000 online attacks in the last year from criminals and foreign intelligence services. Chatham House has criticised the government for not sharing enough information with private firms, who are also at risk from cyber attack, particularly those that manage national infrastructure such as water and energy.
The 2010 National Security Risk Assessment has deemed Cyber Attack to be a Tier 1 Threat in terms of likelihood and potential impact. This puts Cyber Attack in a category with international terrorism, major natural or environmental hazards (such as extreme flooding or pandemics) and an international military crisis. This shows the seriousness with which the government is taking the matter.
Cyber security is a threat considered more likely and harmful than a biological, chemical or nuclear attack on the UK by another state or proxy. The Strategic Defence and Security Review noted that the government has created a National Cyber Security Programme with £650 million of funding, and as part of this £90 million will go to the newly established UK Defence Cyber Operations Group.
This is an issue affecting almost every area of government from Defence and the Home Office to the Business Department and the Treasury. The government needs to form a cross departmental group to draw on as much experience as possible, this can work with the private sector and other stakeholders to hammer out a watertight solution to this threat. There must also be one key minister in charge with a ‘security hat’ on, it is critical that we have clear lines of accountability in government as disparate cyber issues can potentially fall through the cracks.
Cyber attacks represent a large, and growing, threat to our national security. We need confidence in the security of our institutions and national infrastructure so that we can feel safe going about our business and daily lives online