Britain is prepared to use the internet to strike computer attackers and enemy nations who launch cyberwarfare attacks on the UK’s infrastructure and businesses.
That’s the message from Foreign Secretary William Hague, who – perched precariously on his cabinet office desk, iPad in hand – has been interviewed by a tabloid newspaper about the growing threat of cyber attack.
Speaking to The Sun newspaper, Mr Hague said:
"We will defend ourselves in every way we can, not only to deflect but to prevent attacks that we know are taking place."
Mr Hague described how the United Kingdom is pouring an additional £650 million into its cyber defences. The extra cash will be split between GCHQ and the Ministry of Defence, which has created its own cyberwarfare unit under the title of the UK Defence Cyber Operations Group.
Last year the UK Government published its National Security Strategy, which ranked cyberspace as “tier one”, a “highest priority for UK national security”, placing internet attacks above – for instance – the risk posed by another state using chemical, biological, radiological or nuclear weapons against Britain.
Mr Hague explained the thinking behind the investment:
"We are trying to prevent an arms race in cyber space. Given that the internet changes every day and billions more people will have access to it over the coming years, the potential for that arms race to grow and go out of control is enormous.
"There is no 100 per cent defence against this, just as there isn't against any other form of attack. We have to defend critical national infrastructure. We have to defend national security. We have to defend our entire commercial and economic system."
It’s clear that Britain is not just keen to be seen to be defending its government computer systems, but also infrastructure targets such as power plants and air traffic control systems.
Considering the most recent reports that the USA contemplated cyber attacks against Colonel Gaddafi’s regime in Libya, and a growing climate of claims of state-sponsored cybercrime, that is perhaps a wise precaution.
And it’s certainly interesting to hear such fighting talk from Foreign Secretary Hague. Long term readers of Naked Security will remember that a couple of years ago I reported on how the BBC’s Eddie Mair mischievously tied the then UK Security Minister into knots over the tricky question of whether UK would ever attack other countries via the internet.
For all the bravado, Mr Hague and the British defence chiefs need to be very careful when planning attacks on overseas computer systems. A key challenge is attribution when it comes to internet attacks – *proving* that someone (or some nation) is behind a cyber attack is very very difficult.
The last thing you would want is to attack an innocent party.
Wait – is that the same MoD who can't work out how to redact a PDF file? Twice in one year?!
And how exactly is saying "we'll strike first" going to prevent an arms race?
Exactly.
Who has confidence in the Ministry of Defence?
After so many cases of apparent incompetence and bureaucratic squabbling.
How many millions, precisely, are going to them?
We should know, and followthe money.
Judging on how much the MoD spent on light bulbs, that budget looks tiny 😉
It would have been interesting to see the moments leading up to that photo. Did Mr. Hague boot up the iPad, load the Twitter app, and check the tweets himself, or did someone do it on his behalf? 🙂
Given how little people in central government often seem to know about IT and IT projects, GCHQ could probably spend the money on virtually anything as the bureaucrats in Whitehall probably wouldn’t understand most of the terminology in the reports produced by the listening post…
So let’s start from the beginning: What in God’s name is a ‘cyber weapon’? Is this something a sociology grad politician dreamed up after watching a movie, or are they referring to a bit of malware?
Next is the idea of preventing an ‘arms race in cyber space’, when the idea wasn’t even around before the politicians came up with it.
Second question is how are those ‘cyber weapons’ supposed to protect our (or the Government’s) networks, as opposed to taking the far more effective measure of just deploying and implementing better security?
The bottom line is it’s idiots like Hague and other script kiddies who WILL end up degrading the reliability and integrity, and therefore the overall security of the Internet if this is allowed to go ahead. Perhaps they don’t realise this yet, but the professionals need to point this out to them. Any infosec person who goes along with this is acting unlawfully, unprofessionally and unethically.
Cyber Weapons are used by the Cyber Men in that ongoing Cyber documentary, Dr Who. The Cyber Tories have managed to get hold of a couple of them. By the uncomfortable Cyber look on his face, I think Cyber Hague must be sitting on one of them.
Funny you should say that. The first thing popping into my head when I hear the word 'cyberwar' is an 80's movie about robots. It sounds so corny and the word 'cyber' should have died out decades ago.
After thinking long and hard about this over the last 30 seconds, I've come to the conclusion the cyber people in the big Cyber Doughnut (possibly a secret Transformer) in Cheltenham really wouldn't bother pressing ahead with the daft idea of 'cyberweapons'.
Ah yes, the Doughnut Transformer. Not a lot of people know this but his actual autobot name is "Ring Piece".
"We have to defend our entire commercial and economic system"
Yeah, against you and your Tory pals.
The UK Government will never be able to be in the slightest bit secure. Expensive contracts with crap vendors for poorly developed applications (with no product roadmaps) prevent core OS apps from being updated (IE, for example AND critical MS patches). It's a joke.
Lets hope the UK Government get their act together with regard to IT security then! They still use IE6 (which also gives away the OS too!) . Combine that with de-facto standard antivirus, no apparent client side firewall, no sandbox, no application whitelists or any other impressive security system and you have a recipe for disaster.
In contrast I read the Chinese have developed their own in house hardened operating system for government computers. Those guys are sure on the right path! In a cyber war against those guys I know who would win hands down. It would be like an archer from the 12th century against a modern day armored tank. No chance. Number 10 take note!