Despite the increased profile of cyber security threats, counter-terrorism remains the primary focus of the UK’s intelligence and security agencies.
Malcolm Rifkind, MP, chairman of the cross-party intelligence and security committee (ISC), said in the annual ISC report published today that the threat the UK is facing from cyber attacks is at its “highest level ever” and is “disturbing” in its scale and complexity.
But the intelligence services' priority remains in countering terrorism, he said: “Their work analysing intelligence to understand the threat and seeking to help prevent attacks remains crucial to our national security."
According to the report, state actors continue to pose the greatest cyber threat, but a number of countries are also using private groups to carry out state-sponsored attacks.
“These state-affiliated groups consist of skilled cyber professionals, undertaking attacks on diverse targets such as financial institutions and energy companies,” the report said.
While these groups pose a threat in their own right, the report notes that it is the combination of their capability and the objectives of their state backers that makes them of particular concern.
Rifkind said the theft of intellectual property, personal details, and classified information causes significant harm, both financial and non-financial.
“It is incumbent on everyone – individuals, companies and the government – to take responsibility for their own cyber security,” he said.
Rifkind said that while the UK intelligence and security agencies continue to focus on countering hostile foreign activity and covert intelligence gathering, they acknowledge that much of their work remains preparatory.
“The scale of the UK’s effort will need to be constantly reviewed against that not just of our adversaries but also our allies,” he said.
The ISC report said that there does not, as yet, appear to be a credible threat in cyberspace from terrorist groups.
“Nevertheless, terrorist groups may well pose a greater threat in cyberspace in future and this provides an additional impetus to ensure that the UK’s cyber capabilities are of the highest standards in what is a fast-moving field,” the report said.
Read more about cyber security
The ISC found that government systems’ defences are reasonably well developed, but evidence suggests it is a constant challenge to ensure that cyber "hygiene" is maintained, and to ensure that cyber defences develop quickly in response to the changing nature of the attacks.
The section on cyber security in the report concludes by saying, “The government must ensure that real progress is made as part of the wider National Cyber Security Strategy: the UK cannot afford not to keep pace with the cyber threat.”
Although not covered in the report, Rifkind said the ISC had taken evidence from intelligence agency GCHQ about the US Prism internet surveillance programme and on the allegations that they have circumvented UK law.
He said the ISC would investigate the actions of the agencies involved and publish its findings as soon and as fully as possible, subject only to restrictions on grounds of national security or sub judice rules.