From the International Institute for Strategic Studies: On 12 October 2010 Iain Lobban, Director of the UK Government Communications Headquarters (GCHQ) urged greater awareness of the threats posed by cyber attacks in a speech at the IISS in London.
Making the first major public adddress by a GCHQ Director, the head of the Government’s listening post said there was "a real and credible" threat to critical national infrastructure. However there was also "an opportunity which we can seize if Government and the telecommunications sector, hardware and software vendors, and managed service providers can come together."
Iain Lobban: My perspective on Cyber comes from bringing together both sides of GCHQ’s mission:
-
the intelligence mission illuminates some of the capabilities – and sometimes the intentions of adversaries to use Cyber techniques. It allows us to detect some of their activities.
-
And the information assurance mission gives us knowledge of where our own government and critical national infrastructure systems, and those of our Allies, may be vulnerable to Cyber exploitation.
It’s worth noting at this point that a strength of the UK system is that one organisation – GCHQ – brings together both disciplines. That arrangement is shared by only a few other countries, most notably the US . It gives us a richer view of vulnerabilities and threats than those who consider them purely from the point of view of defence.
So what do we know about the threat? This audience will be familiar with some of the Cyber incidents and concerns that have come up in the media. Without wishing to comment in detail on what we know about any specific stories, I will give you some general comment and context.
-
It is true that we have seen worms cause significant disruption to Government systems – both those targeted deliberately against us, and those picked up from the Internet accidentally. There are over 20,000 malicious emails on Government networks each month, 1,000 of which are deliberately targeting them.
-
It is true that we have seen the use of Cyber techniques by one nation on another to bring diplomatic or economic pressure to bear.
-
It is true that we have seen theft of intellectual property on a massive scale, some of it not just sensitive to the commercial enterprises in question but of national security concern too. As Jonathan Evans said in September, Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors.
-
And of course it is true that the risks in all these areas are growing along with the enormous growth of the Internet. At the moment it’s expanding by about 60% a year. There are around ¼ of a trillion emails sent every day – even if 80% of these are spam. Cyberspace is contested every day, every hour, every minute, very second. I can vouch for that from the displays in our own operations centre of minute by minute cyber attempts to penetrate systems around the world.
-
So Ministers are looking, in the context of the Strategic Defence and Security Review and the Spending Review, at what capabilities the UK needs to develop further. Clearly they will also be deciding how they trade off against other spending priorities. (photo: Barry Batchelor/PA)