View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

UK should strike first in cyber war, MPs say

Cyber battles can be an opportunity as well as a threat, MPs report says

By Steve Evans

The UK needs to make a much more proactive approach to cyber security as current measures give attackers the advantage, according to a report by a committee of MPs.

The Intelligence and Security Committee’s report says that while progress has been made to improve the UK’s ability to fight cyber crime since the introduction of the £650m National Cyber Security Programme, there is still room for improvement.

"Twenty months into the National Cyber Security Programme, there appears to have been some progress on developing cyber capabilities," it added. "However, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage. We are therefore concerned that much of the work to protect UK interests in cyberspace is still at an early stage."

One suggestion from the report is for the UK to take a more proactive approach by attacking potential cyber criminals before they can launch an attack against the UK. The report described this as an "opportunity" that can be exploited by the UK’s intelligence and security agencies.

The report recommends the UK employs what it calls "active defence: Interfering with the systems of those trying to hack into UK networks." The UK should also look to infiltrate other networks in order to gather intelligence and "cause an effect without being detected."

The Intelligence and Security Committee goes on to highlight the Stuxnet worm as the sort of cyber attack the UK should aspire to launching. While pointing out that the UK had no involvement in Stuxnet the report said a similar cyber weapon would help in, "accessing the networks or systems of others to hamper their activities or capabilities without detection."

However this more proactive approach has not met with the approval of members of the security industry.

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

"While it’s clear that cyber war seems likely, pushing for the active disruption of ‘enemy’ networks may be a step too far," said Ross Brewer, managing director and vice president, international markets, LogRhythm.

"Rather than engaging in such antagonistic pre-emptive cyber attacks – which would no doubt only incite more damaging and sophisticated attacks on the UK’s cyber infrastructure – the move to an ‘active defence’ system simply requires truly proactive protection of Britain’s own networks," he added.

Paul Davis, director of Europe at FireEye, also voiced his concerns. He said pre-emptive strikes risk "an unnecessary cyber war from escalating as a result of knee-jerk actions against supposed hackers."

"This is an incredibly sensitive time for security professionals – whether we are talking about government, private businesses or any other organisation handling confidential data or intelligence. As such, it is important that a well-thought out strategy is put in place to ensure that those networks are constantly protected, rather than impulsively picking fights with an invisible enemy without concern for the long-term ramifications," he added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU