Speaking at an international conference in Budapest, Hague said that cyber attacks were "criss-crossing the globe from north to south and east to west – in all directions, recognizing no borders, with all countries in the firing line.”
To help combat the issue, Hague announced that the UK Centre for Global Cyber-Security Capacity Building will be supported by a network of eight universities, with the aim of acting as an international organization offering aid to countries across the globe. The Foreign Secretary also suggested that the center could facilitate an international hotline for nations to communicate in the event of a cyber-emergency.
The center will receive £2 million in backing from the government every year, bringing together ideas from governments, researchers, think tanks and the private sector, as the UK seeks to be the central hub for international coordination on cyber threats.
“Many nations simply do not have the defenses or the resources to counter state-sponsored cyber-attack,” said Hague. “If we do not find ways of agreeing on principles to moderate such behavior and deal with its consequences, then some countries could find themselves vulnerable to a wholly new strategic threat [and will be] effectively held to ransom by hostile states.”
Hague also pointed out that it has “never been easier to become a cybercriminal” – a meme often echoed throughout the security vendor community, and a reality that the rise of Anonymous and growing threat vectors like mobile malware underpin.
“While this was once the preserve of low-level hackers working alone, the emergence of determined ‘hacktivist’ groups, off-the-shelf malware packages and readily available hacking tutorials has upped the threat level simply by making cybercrime an organized, mainstream and persistent activity,” said Paul Davis, director of Europe at FireEye, commenting on Hague’s speech via e-mail to Infosecurity.
Corero CEO Marty Meyer pointed out that attackers are also becoming more savvy. “Attacks may utilize either unknowing participants (botnets) or in some of these cases what appears to be volunteers who may make it more difficult to identify what is attack traffic and what is good traffic,” he told Infosecurity. “This is not an isolated hacktivist event or some one-time protest statement… it is a prolonged cyber-war which will continue to be escalated.”
The establishment of the center also echoes recent plans by another UK governmental organization to establish the first academic institute dedicated to defending against the growing cyber threat to Britain. As Infosecurity reported, the UK Government Communications Headquarters (GCHQ – one of the UK’s three intelligence agencies) announced that it has set up “a new academic research institute to improve understanding of the science behind the growing cyber security threat.”
That research institute, funded by a £3.8 million grant, is a virtual organization involving seven universities that will bring together academics in the field of cybersecurity, including social scientists, mathematicians and computer scientists from across the UK.
“Clearly, attitudes towards cybersecurity are beginning to shift in Britain – and not before time,” said FireEye’s Davis. “Recent government warnings and an increased defensive stance around the London Olympics demonstrate a step-change in the approach taken by UK leaders – which could make the country well-placed to offer itself up as a center for cybercrime intelligence and coordination.”
Still, there is much work to be done, and plans and funds must be converted to action. “While it is good to talk about bolstering defenses and fighting back in the war on cybercrime, the nature of the threat calls for a ‘less talk, more action’ attitude, and announcements such as this are only the beginning,” Davis noted.
In the meantime, Meyer warned that the threat level will only increase. “The world is connected in a way that is exponentially greater than it was five years ago and the trend is increasing in rate of adoption,” he said. “The combination of the increase in the world population that has access to the internet and the number of corporations that rely on the internet for revenue-generating services is fueling the rapid escalation of cyber attacks used to disrupt these businesses.”