Romolo Tavani - Fotolia
“In an environment in which cyber attacks are a weapon against corporations for people who regard themselves as disenfranchised, we expect further such attacks,” he told Infosecurity Europe 2016 in London.
Attacks that are designed to ruin financial institutions, he said, could cause severe loss of confidence in the global financial system.
“One bank anywhere losing all its data, including its backup data, could create a reaction that would trigger worldwide economic consequences, so while we shouldn’t be alarmist about this, a bit more alarm in some boardrooms would probably be appropriate,” said Hague.
“There is a need for security training and appropriate culture in companies and government departments. It is important that people appreciate how it is possible to infiltrate their IT systems, and how important it is that they observe the procedures that have been recommended to them,” he said.
Hague recalled how, four years ago, he was involved in an event with UK business leaders that was aimed at waking them up – at the most senior level – to the threat of serious cyber breaches and loss of data and intellectual property, and persuading them that they needed to take action.
“We gave them anonymised examples of serious cyber breaches at three leading UK companies, and explained that defence against cyber attack is of critical economic importance. I remember saying to them you wouldn’t leave the doors of your company open all night, but some of you are doing the equivalent of that, and that has to change,” he said.
Partnerships key to managing threats
According to Hague, it is even clearer now that partnerships between companies and governments are critical. “The answers almost always lie in a network of partnerships to deal with the threats. Any company needs Britain to be the safest possible place to do business, and sometimes the government needs help in return, and that has to be recognised across industry as well,” he said.
Hague observed that the digital use of information had generally grown much faster than the ability to protect it, and that businesses had been tapping into innovation while neglecting security.
William Hague MP
“People are also getting used to the idea of being connected in many ways, but being connected has a real price in terms of security, and we are already dependent on massively complex systems that make our society more efficient, but more vulnerable at the same time,” he said.
Hague said the disruption to society caused by technology should not be underestimated, but we have to adapt to that and to defending the systems enabled by new technology.
“Those countries that can’t defend their citizens, their armed forces and their companies against intrusion or manipulation will be overtaken by other countries – this will become a critical national advantage or disadvantage,” he said.
According to Hague, if countries fail to defend themselves, identities will be stolen, intellectual property will be taken by others, airspace will be invaded, financial institutions will be embarrassed, private information will be published, security agencies will be infiltrated, and infrastructure will be made vulnerable.
“And so for the individual, the company and the government, there is a need for both privacy and security, and only a network of partnerships is going to succeed in protecting that security and that privacy,” he said.
Dangers of digital communications
Hague said that as UK foreign secretary he become intensely aware of the dangers and the rapid change in the field of electronic communications.
“In fact, many communications in government are too sensitive to send by any electronic means, so some of the work still has to catch up with you on paper in a lead-lined box because its security cannot be guaranteed in any other way,” he said.
Hague said that as foreign secretary he was conscious all the time of the dangers of communications being intercepted, but that many people in business were not aware of the risk to the same extent. “Even though the risk may not be quite as great, it still can be considerable,” he said.
As foreign secretary, Hague said he saw the need for security and privacy in many ways, such as the concerted cyber attacks on Estonia in 2007, and the rapid growth of intense cyber attacks around the world since then.
“In 2014, as I was dealing with Russia as they annexed part of a neighbouring country – I watched them invade in a new way with undeclared and denied armed forces, with no announcement of a war, with a terrestrial and social media barrage, and although I don’t know to what extent they used cyber attacks, it is a fair bet that they did,” he said.
UK invests millions in cyber defence
In 2010, Hague said he was one of the UK ministers to push for investment in the country’s cyber defence capabilities. “At a time of defence cuts and austerity, we decided on a £659m programme in addition to our normal spending on GCHQ – which was further increased in 2015 – to keep the UK in the vanguard of capabilities in this area,” he said.
All five member of the UN Security Council were also taking this issue very seriously, he said, as well as countries such as Israel and Iran, which are leading nations in this field.
“We also started discussions in government at the time about cyber offence, as well as cyber defence, and those discussions are going on in many countries around the world, with most concluding that, as in conventional warfare, defensive capabilities are very limited without some offensive capabilities to detect and deter or pre-empt an attack.”
William Hague MP
Hague said he also saw, on a daily basis, the need for intelligence to frustrate organised crime, terrorism and foreign espionage. There is a need for effective defence in the public and private sector, he said, that makes attack more expensive and difficult.
“In the meantime, the governments of free societies have a duty to invest significant sums, and encourage businesses to do so. Some of them have to invest a good deal more,” said Hague.
The potential gains from acquiring information through breaching information security are greater than for most forms of physical attack, he said, and that is only likely to increase in 10 to 20 years.
“If widespread and successful breaches of information security are added to all the volatility we look like we are heading for in the world, the result would be chaotic. It could tip the balance between managing rapid change and instability and being unable to do so.
“Therefore, millions of people need to be engaged in tipping the balance the right way to protect their security and privacy at the same time.”
Read more about cyber security
- UK government announces £250,000 programme to increase the rate of cyber security startup development in the UK.
- An essential part of information security is identifying and managing the risks, experts tell the European Information Security Summit 2016.
- Chancellor George Osborne promises a £1.9bn investment in cyber security over the next five years and to “aggressively defend” public services from cyber attacks.