The UK is facing a "growing threat" from cyber warfare, home secretary Theresa May has warned.
Speaking ahead of the publication of a new National Security Strategy May said that cyber attacks are a "real and pressing threat" that the country needs to address, she told the BBC. The report also speculated that the UK’s cyber defences could be boosted by a £500m fund.
"It’s a threat to government, it’s a threat to businesses and indeed to personal security," May told Radio 4. "We have identified this as a new and growing threat in the UK and you just have to look at the figures – in fact, 51% of the malicious software threats that have ever been identified were in 2009," May told Radio 4.
Cyber crime is now considered a Tier 1 threat, putting it alongside international terrorism, a major accident or natural hazard such as a flu pandemic, or an international military crisis between states that draws in the UK and its allies, the BBC said, although May was keen to point out that the Tier 1 threats are listed in no particular order.
The boss of the UK Government Communications Headquarters (GCHQ) – the agency responsible for gathering intelligence and monitoring communications – recently said that the UK faces a "real and credible" threat to its critical national infrastructure from cyber attacks. "It is true that we have seen worms cause significant disruption to Government systems – both those targeted deliberately against us, and those picked up from the Internet accidentally. There are over 20,000 malicious emails on Government networks each month, 1,000 of which are deliberately targeting them," he said during a speech at IISS.
Christopher Boyd, senior threat researcher at GFI Software said the government has a lot of work to do in order to safeguard the country from cyber attacks: "Increased warnings in relation to "cyber terror" ahead of a spending review sounds like a move to secure funding and avoid cuts – the UK Government warns this is a grave threat, yet continues to use Internet Explorer 6, a browser that has been largely discredited due to its numerous security flaws!"
"Until recently, you couldn’t even report computer crime to the National Hi-Tech Crime Unit (NHCTU) – you had to go to a local police station and hope the officer at the desk knew what you were talking about and escalated your report to the right department," he added. "As a country, we have struggled to deal with modest, home-grown threats effectively – such as those posed by script kiddies – so what chance do we have against professional computer criminals with our current grass roots law enforcement, intelligence and counter terrorism capabilities and initiatives?"
One firm applauding the move is security firm Sophos. "Sophos wholeheartedly supports the Coalition Government’s decision to invest in an enhanced national cyber security strategy, and UK citizens should feel reassured that the government is clearly taking the cyber threat seriously" head of public sector Ollie Hart said. "The threat is a real one, not only for the UK but for governments around the world. In addition, cyber security must support the general economic development of the UK moving forward, making it more than just a question of defending against cyber terrorism but of also providing economic confidence and stability to the nation."
A less confident viewpoint was expressed by Lumension: "With cybercrime now ranking as Britain’s second biggest threat, it is no surprise that investment has been bolstered," said SVP International Alan Bentley. "But, how much of a difference will the money really make, if Government departments are going to have to cut back on people and IT spend?"
"Cyber techniques morph, adapt and regularly sneak past traditional computer defences, making it difficult for security defences to keep the bad guys out. It is important that every penny invested in new techniques to fight cyber warfare is made to count. To do this, Government departments will need to be provided with the right guidance over their risk priorities," Bentley added. "To protect critical infrastructure, organisations needs to switch from allowing everything in until it is proved to be bad to preventing anything from coming in unless it is proved to be good. With cyber criminals becoming ever more sophisticated, it’s now up to those at the very top of the coalition government to ensure that the UK doesn’t fall victim to a cyber attack."