Out-Law News 2 min. read

Cyber attacks of 'tier one' importance in UK's security strategy


Computer and information network attacks are amongst the most serious threats to the UK's stability, according to the first National Security Strategy produced in the UK.

The Government has identified cyber attacks as one of the four biggest threats to UK security, along with war, terrorism and natural disaster.

The creation of a top tier of those four risks puts information and system security at the heart of Government efforts to protect the UK's interests.

"The networked world creates great opportunities, but also new vulnerabilities," said the National Security Strategy (39-page / 374KB PDF).

The conclusions are the result of a National Security Risk Assessment (NSRA), which the Government said would be reviewed every two years.

"The National Security Council judges that currently – and for the next five years – the four highest priority risks are those arising from international terrorism, including through the use of chemical, biological, radiological or nuclear materials; and of terrorism related to Northern Ireland; cyber attack, including by others states and by organised crime and terrorists; international military crises; and major accidents or natural hazards," said the Strategy.

In a foreword to the Strategy Prime Minister David Cameron and Deputy Prime Minister Nick Clegg called for "a radical transformation in the way we think about our national security and organise ourselves to protect it".

"Geographically Britain is an island, but economically and politically it is a vital link in the global network," they said. "That openness brings great opportunities, but also vulnerabilities."

The NSRA was given to the National Security Council, which divided the risks faced by the UK into 15 categories, and prioritised those into three tiers of importance. The risk of cyber attack was in the first tier.

The Security Strategy said that cyber attacks affected private and public bodies, and were going on now.

"This is not simply a risk for the future," it said. "Government, the private sector and citizens are under sustained cyber attack today, from both hostile states and criminals."

"They are stealing our intellectual property, sensitive commercial and government information, and even our identities in order to defraud individuals, organisations and the Government," it said. "Activity in cyberspace will continue to evolve as a direct national security and economic threat, as it is refined as a means of espionage and crime, and continues to grow as a terrorist enabler, as well as a military weapon for use by states and possibly others."

The Strategy said that London's hosting of the Olympic Games in 2012 will trigger extra attacks, claiming that Beijing suffered 12 million cyber attacks per day when hosting the 2008 games.

The BBC reported that the Government was pledging £500 million to improve cyber security in the UK.

"Cyber attacks is an issue that many people may not have considered before but it is a very real and pressing threat that we need to address," Home Secretary Theresa May told BBC Television.

Michael Chertoff, the former secretary of the Department of Homeland Security in the US, told a security conference last week that cyber attacks should be met with "overwhelming force".

According to ZDNet.co.uk, Chertoff told the RSA Conference that countries should emulate the nuclear deterrent policies practised in the Cold War, despite the fact that the source of cyber attacks is often not known.

"If you have a persistent series of attacks on critical national infrastructure, then you could make the argument that incapacitating the platform used to attack is something that you have to do," Chertoff told ZDNet.co.uk. "If you take the rule that attacks against critical infrastructure enable you to take action against that proximate platform, that would give countries an incentive to take action to secure their platforms."

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.