The elaboration of a proper cyber strategy is one the main target of intelligence services all around the world. We often discuss of US and Israel, but also European governments are pushing to reinforce their presence in the cyber space. The fear of cyber attacks against critical infrastructures is high, it is a common strategy to identify all the possible cyber threats reducing the exposure to them.
Many governments are also following an aggressive and dangerous approach, it's for example the case of UK that is evaluating the possibility to create a cyber weapon such as Stuxnet, to attack enemy states or to conduct sophisticated cyber espionage campaigns. My opinion is that every governments in the world is trying to develop similar weapons due their efficiency and also relative contained costs, we must consider also that a malware usage gives a great advantage to the attacker that could remain hidden for long time.
The opportunity to develop a cyber weapon ad to proceed with an aggressive strategy is contemplated in the "Intelligence and Security Committee Annual Report 2011–2012" report published last week, an important document that announces that Government had listed cyber security as a Tier One risk in the National Security Strategy.
The document confirms that cyber attacks are one of the main concerns of UK institutions, despite GCHQ and the other Agencies have made some progress in developing cyber capabilities, the nation still suffers cybercrime and continuous attacks from foreign governments.
The GCHQ estimates that approximately 80% of successful cyber attacks could be thwarted adopting opportune defense measures, following best practices and increasing collaboration between institutions and private businesses.
The report also provide data on suspected state sponsored attacks, GCHQ technical experts are convinced that around the 20% of cyber attacks have this origin and are characteriized by an high level of sophistication. The department in charge for Cyber Defence analysis if the Network Defence Intelligence and Security Team (NDIST) that detects and analyses each cyber offensive against the country to discover the vulnerabilities which are being exploited and apply the necessary counter measures.
The report alerts on a worrying phenomenon, the lack of progress since the publication of the National Cyber Security Programme (NCSP), a government program that announced the improvement of cyber capabilities by 2015 through special funding to the Agencies and other government departments.
The intelligence services will receive in fact over half of the £650m funding for the programme, in particular the main projects financed will be:
In GCHQ: to expand work on protective cyber security advice and information assurance; to improve the detection and analysis of cyber attacks including cyber crime; to consider intelligence operations in cyberspace; to improve cooperation with international allies and partners; and to work with the Ministry of Defence to set up a Joint Cyber Unit hosted at GCHQ to develop new tactics, techniques and plans to deliver military effects, including enhanced security, through cyberspace.
In SIS: to develop its role as an ‘enabler’ for GCHQ’s cyber work.
In the Security Service: to develop and enhance its cyber section, in particular bringing together its cyber investigations and protective security work into a single team. Its work focuses on investigating cyber threats from hostile foreign intelligence services and working with UK victims. In addition, its protective security work has been broadened beyond the Critical National Infrastructure to include other priority areas of the UK private sector.
On the programme the ISC added:
"While attacks in cyberspace represent a significant threat to the UK, and defending against them must be a priority, we believe that there are also significant opportunities for our intelligence and security agencies and military which should be exploited in the interests of UK national security,"
In November 2011, the UK Government presented its Cyber Security Strategy to be implemented within 2015 declaring the principal objectives to achive:
- The UK to tackle cyber crime and be one of the most secure places in the world to do business in cyberspace.
- The UK to be more resilient to cyber attacks and better able to protect our interests in cyberspace.
- The UK to have helped shape an open, stable and vibrant cyberspace which the UK public can use safely and that supports open societies.
- The UK to have the cross-cutting knowledge, skills and capability it needs to underpin all our cyber security objectives.
The Stuxnet case is a lesson for cyber security community, in particular are specimens the risks related to its escape in the wild. The spread of a so dangerous agent could further motivate hostile countries and independent hackers to attack the UK IT infrastructures. The uncontrolled spread of malware could also give the opportunity to cyber criminals to reverse engineer the source code of the virus to create new dangerous weapons.
Richard Clayton, Cambridge University security expert, said
"A useful parallel is chemical and biological weapons," "Once you release it into the environment, it tends to hang around for a long time, and may blow back over your own troops."
"It makes the world a bit more dangerous," Clayton said. "A lot of people spent a lot of time pulling [Stuxnet] apart, and they may engineer what they find for less noble objectives."
British intelligence is very interested on the usage of cyber-techniques to attack enemy governments in case of conflict, they are confident on the great destructive effects of cyber attacks.
The real issue is whether the UK are now able to cope with the consequences of a cyber aggressive policy, an active participation in the debate over the use of cyber weapon surely exhibits significantly the British government to a growing number of attacks.