Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cyberattack could leave UK 'fatally compromised', MPs warn

Defence Select Committee uncovers complacency

Article comments

A major cyber-attack on the UK could leave the UK’s armed forces “fatally compromised” without a viable ‘plan b’ a committee of MPs has warned the Government.

Despite acknowledging the UK’s world-leading expertise in the cyber-defence, the influential Defence Select Committee uncovered a complex web of weaknesses and uncertainties that it said urgently needed to be addressed.

The first was simply a general complacency about the amount of progress that had been made to date, and a lack of clarity about how military and government might respond in certain scenarios.

“The evidence we received leaves us concerned that with the Armed Forces now so dependent on information and communications technology, should such systems suffer a sustained cyber-attack, their ability to operate could be fatally compromised,” the Committee’s report concluded.

Despite this, it was unacceptable that the Government had yet to set out its cyber-attack contingency plans, nor even whether it had one in place.

“Events in cyberspace happen at great speed. There will not be time, in the midst of a major international incident, to develop doctrine, rules of engagement or internationally-accepted norms of behaviour,” said the MPs.

The committee was also unconvinced that the Ministry of Defence had done enough to secure its supply chain and industrial base.

“It is imperative that we see evidence of more urgent and concrete action by suppliers to address this serious vulnerability, and of energy and determination on the part of the MoD to enforce this action."

There was a risk that different Parts of the armed forces competed with one another for resources, leading to fragmentation into ‘silos’.

The UK had recently become involved in the NATO Cyber-Defence Centre of Excellence but needed to accelerate its efforts on this initiative.

In short, the stresses of cyber-defence have challenged the whole defence system to change its models from one based on physical assets to the acknowledgement that any future conflicts will have a frightening electronic and digital dimension.

The MPS seem to be saying that the military and perhaps government have yet to fully digest the implications of this change.

“Interestingly, the UK was placed first of the G20 in its ability to withstand cyber-attacks and deploy the appropriate infrastructure for a productive economy, according to Booz Allen Hamilton’s recent Cyber Power Index,” pointed out Martin Sutherland of BAE Systems Detica.  

“We need to encourage more organisations to share best-practice approaches to cyber security and provide more information about the nature of the attacks they’re seeing, particularly given that many private sector firms act as suppliers to Government or are delivering essential services that our nation relies upon every day,” he said.

An anxiety running through the report is the ambiguity of cyber-attacks and in quickly identifying who is responsible, and in which circumstances retaliation might be justified.

“The other serious issue when it comes to cyber-attacks on the military is that even once a cyber-breach has been remediated and any potential damage minimised, there often remains an enormous amount of uncertainty surrounding the origins of the attack,” agreed LogRythm’s Ross Brewer.

In fact, this might just be a consequence of the lack of ready precedents for the military to study; others have argued that in a real-world scenario the chances of a country not having a good deal of knowledge about who was attacking it are over-stated. The real issue is how to respond.

Another approach would be for the UK Government to press for international co-operation; today's Internet is still to open to exploitation by small groups, including criminals, and that's before fully-resourced militaries are added to the calculation.

“There is no current legislation to facilitate the prosecution of [international] cybercrime," pointed out Andrew Beckett, head of Cassidian Cyber Security Consulting Services.

"If an attacker sits in the Ukraine and attacks a server in Texas to gain control and mount another attack on a UK organisation then whose jurisdiction does the crime fall under? Who can prosecute it and under which law?," he said.

“There is currently no extradition treaty and no agreements in place for the exchange of evidence which means that criminals are able to operate with impunity."


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *