UK to create new cyber defence force

Defence secretary Philip Hammond has announced that the UK is to create a new cyber unit and speak full cyber warfare competency including both offensive and defensive capabilities.

The Joint Reserve Unit will be made up of technical experts and Britain’s top IT “geniuses’. The disclosure was made ahead of the Conservative Party Conference in Manchester and is the first time any country has openly admitted having the capabilities to attack other nation states’ internet infrastructure.

Below are some comments received by Help Net Security.

Dr. Jarno Limnell, Director of Cyber Security for Stonesoft

Cyber deterrence depends upon effective communication between a state and the entity it wishes to deter. Hammond needs to convince the UK’s enemies that if its interests are threatened or the country is attacked in the cyber domain that it has the capability and capacity to do something about it. Offensive capabilities form a key part of this objective and are essential for nation-states and armed forces that want to be treated as credible world players. So whilst it’s unlikely future battles will be completely online, it is difficult to imagine future wars or conflicts without cyber activities.

Hammond’s revelation should not come as a surprise, nation-states world-wide are pouring huge resources into developing a range of defensive, offense and intelligence capabilities. Within the next couple of years the world will experience an increasing number of intentionally executed and demonstrated cyber-attacks resulting in militaristic and economic damage but also loss of civilian life.

With ever-heightened awareness amongst the general public of the threats the UK is beginning to face, not just from other states but also rogue-factions, the development of offensive cyber-weapons will become fiercer and publicly more acceptable.

Neil Thacker, Information Security & Strategy Officer EMEA at Websense

Defence Secretary Philip Hammond yesterday announced the launch of a Joint Cyber Reserve Unit which will be comprised of Britain’s top IT experts working as military reservists. In light of the commons defence select committee in January highlighting weaknesses in the MOD’s cyber-incident response strategy as well as the news in July that the UK is losing the fight against cybercrime, this is welcome and timely news to offer additional resources to aid cyber defence.

Highly sophisticated, targeted attacks are occurring every day and are focused on targeting small and large organisations with UK businesses being named by cyber-crime organisations as their no. 1 target. Like the government, UK businesses cannot take their eyes off the ball and need to put in place the right defences to protect their employees and the organisations critical data.

It is more crucial than ever that UK businesses place data security higher up the agenda and spend IT security budgets on the right and relevant technology. Proactive defences against targeted attacks and new variants of malware are key; adding the ability to detect, contain and mitigate against the attacks is a responsibility of the IT and security teams by applying real-time malware analysis while simultaneously protecting against internal and external breaches and data theft. Detection only is not sufficient to counter this threat.

Peter Armstrong, Director of Cyber Security at Thales UK

By re-skilling its existing force in cyber security, the Ministry of Defence has addressed the blurring of the lines between physical and virtual defence which has become prevalent over the past decade. With the advent of cyber espionage and attacks which threaten national critical infrastructure, the need for a holistic approach to national security is long overdue. It’s great to see the Ministry of Defence taking its share of responsibility for this alongside its traditional physical defence remit.

In addition, and just as importantly, this move will help enormously in positioning public sector cyber security as an attractive career prospect for the next generation.

Ross Brewer, Vice President and Managing Director for International Markets at LogRhythm

The fact that the government will now be able to carry out pre-emptive strikes on other countries doesn’t really come as much of a surprise. However, it is curious that Hammond has decided to be so brazen with this announcement. The government has been heavily lambasted in recent years for failing to do enough to protect its citizens from internet crime, whether state sponsored or otherwise, and I can only presume that this is an attempt to dispel this criticism and finally show some teeth.

In fact, last year, LogRhythm’s own research found that 65 percent of UK consumers felt pre-emptive strikes on enemy states that pose a credible threat to national security are justified, while 45 percent believed that the UK government needed to improve its protection of national assets and information against cyber security threats.

It’s therefore likely that many Brits will welcome Hammonds’ statement and see this as a step in the right direction. However, while it’s commendable that the government seems to be standing up and taking notice of cyber threats, blindly attacking the networks of assumed perpetrators and “enemy’ states could have disastrous consequences in terms of international relations and unwanted retaliation.

Before launching any pre-emptive strike, government organisations must make sure that they have all of the facts in hand – something that can only be achieved by truly understanding every single piece of activity across their networks. To gain this level of visibility, proactive, continuous monitoring of all IT networks must be in place to ensure that any intrusion or anomaly can be detected before the problem snowballs.

Such deep and granular insight will equip the government with the ability to instantly determine the scale of an attack, and most importantly, increase the accuracy of attribution. So, while this is certainly a good move – it pays to remember that with great power comes great responsibility, and in this case, the responsibility lies with those securing and monitoring the network in the first place.