Earlier this week, Labour admitted that there had been ’300 significant attacks’ on the government’s core computer networks. Lord West, the Parliamentary Under Secretary for Security and Counter Terrorism, also warned of chaos if one attack successfully targeted the UK’s critical infrastructure.
But the UK is in fact far more vulnerable than this implies. It is not clear how Labour defines ‘significant attack’. We also know that the country lacks the expertise to tell when most systems have been attacked, to determine what an attack was for, or to detect so-called ‘zero-day malware’ which lies dormant until activated. The true scale of the threat is therefore much larger.
Every day there are probably hundreds of thousands of actions against the UK’s networks: not only government, but our critical infrastructure and defence and security industries. These attacks have a range of purposes, from destruction, to data manipulation, to crime and espionage, to creating chaos and confusion.
Today I set out how the UK should respond to these constant attacks. People often speak of things like firewalls. But I do not believe that passive defences are sufficient. In a constantly evolving environment they do not guarantee total security, nor do they dissuade people. There are four steps that a future Conservative Government will need to take:
First, we need a national capability to assess vulnerabilities, receive reports, and co-ordinate responses. At the moment these functions are dispersed across government.
Secondly, no system can be looked at in isolation. So we must work in partnership with the private sector to develop and implement minimum security standards and shared detection and response capabilities.
Thirdly, just as events in cyber space are either rapid or ongoing, so our response also needs to have these characteristics. There are two parts to an effect response:
We need to accept that many security challenges are already present or designed into our networks. Therefore we need real-time knowledge of how our systems are operating compared with how they are meant to operate, so that malicious activities can be identified immediately.
And, perhaps most importantly, we need an active defence. By this I mean using technologies that are able to identify unexpected events, trace them to source and immediately disrupt them. In other words, for our cyber defence to be effective we must allow the use of offensive tactics.
( 0 comments ) Tags: counter terrorism, cyber defence, security
