UK cyber protection should be more aggressive, say MPs

The UK should declare cyber war on states and cyber criminals who target the country, say MPs

The UK should declare cyber war on states and criminals who target the country by using aggressive retaliatory strikes, says Parliament's Intelligence Security Committee (ISC).

The call comes in the ISC's annual report, which says too little is being done to protect UK cyberspace. The ISC report said security agencies should engage in covert cyber attacks on enemy states.

Last month, MI5 chief Jonathan Evans said the intelligence agency was fighting astonishing levels of cyber-attacks on UK government and industry, claiming that one London company lost £800m in revenue as a result of such an attack. 

The committee said it was concerned that much of the work to protect UK interests in cyberspace is still at an early stage.

The report said: “Twenty months into the National Cyber Security Programme, there appears to have been some progress on developing cyber capabilities.  

"However, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage.”

However, representatives of the IT security industry said the ISC's calls for active disruption of enemy networks may be a step too far.

While the ISC's comments highlight the extent of the current cyber threat, caution must be taken to prevent an unnecessary cyber war, said Paul Davis, director of Europe at security firm FireEye.

He cautioned against knee-jerk actions against supposed hackers and warned against long-term ramifications of picking fights with an invisible enemy.

“This is an incredibly sensitive time for security professionals – whether we are talking about government, private businesses or any other organisation handling confidential data or intelligence," said Davis.

Davis said a well thought-out strategy to ensure networks are constantly protected should be the top priority.

"In the first instance, organisations should investigate how their networks would withstand potential attacks and if it turns out that they are not up to scratch, the focus – both in terms of effort and funding – should be placed on plugging those gaps," said Davis.

A proactive analysis of existing security measures and an understanding of where vulnerabilities lie could stand organisations in better stead in the long run, Davis said.

Engaging in antagonistic pre-emptive cyber attacks are likely to incite more damaging and sophisticated attacks on the UK's cyber infrastructure, said Ross Brewer, managing director and vice-president of international markets at security and compliance firm LogRhythm.

He believes the move to an active defence system simply requires truly proactive protection of the UK's own networks, which means continuous, protective monitoring of every single event that occurs across networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all.

The UK's cyber security depends on the ability to identify, isolate and remediate any potential cyber threats as they occur, said Brewer.

Having such an in-depth insight into IT networks also gives organisations the actionable intelligence to conduct effective forensic investigations into cyber attacks.

"Unfortunately, even once a cyber breach has been remediated and any potential damage minimised, there often remains an enormous amount of uncertainty and speculation surrounding the origins of the attack and attackers, which plays a large role in inciting further cyber aggression," said Brewer.

Further forensic analysis of the breach is often required to attribute cyber attacks accurately and avoid serious mistakes, he said.

Read more on Hackers and cybercrime prevention