The UK government needs to step up with more aggressive cyber-attack retaliation, a committee established to develop guidelines for how responses to hack attempts should be handled has insisted. The joint Intelligence and Security Committee argues the UK government’s security agencies should push ahead with “interfering with the systems of those trying to hack into UK networks,” with protecting the “interests of UK national security” taking priority over any potential backlash.
Meanwhile, the government’s security services should consider actively disrupting online foes by targeting “accessing the networks or systems of others to hamper their activities or capabilities without detection (or at least without attribution).” The committee cites Stuxnet and its impact on the Iranian nuclear enrichment program as a perfect example of how that could be facilitated.
“While attacks in cyberspace represent a significant threat to the UK, and defending against them must be a priority, we believe that there are also significant opportunities for our intelligence and security Agencies and military which should be exploited in the interests of UK national security” Intelligence and Security Committee
The UK is already undertaking the National Cyber Security Programme, a £650m ($1bn) scheme to explore potential online threats and to beef up Britain’s “weaponry” for such warfare. UK security services estimated in late 2010 that at least 20 foreign intelligence services were “operating to some degree against UK interests” with the internet as the battleground.
“Twenty months into the National Cyber Security Programme, there appears to have been some progress on developing cyber capabilities” the committee concludes. “However, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage. We are therefore concerned that much of the work to protect UK interests in cyberspace is still at an early stage.”
[via eGov monitor]