Related Links

Related Stories

  • Report: China Uses Taiwan as Test-Bed for US Cyber-Espionage Attacks
    Disputed ex-Chinese province Taiwan is reportedly playing a big role in the global cyberwar. Security experts say the island is a proving ground for Chinese hacker-spies, who attack its IT infrastructure on a regular basis with hundreds of attempts per month, before deploying those tactics to other countries like the US.
  • Gartner analysts drop the bomb on cyberwar hysteria
    In a talk this week’s Gartner Security and Risk Management Summit near Washington DC, two industry analysts from Gartner examined the hype and reality behind the idea of ‘cyberwar’ – defining what it is, what it is not, and what organizations should do to prepare.
  • 2013: Mobile exploit kits, Apple App Store malware, cyberwar top the threatscape
    With many of the same cyberthreats expected to play out in 2013 as during 2012 (think government-sponsored attacks, hacktivism and open-source hacks against Wordpress, Joomla and Drupal), Websense Security Labs expects some new wrinkles in the threatscape, including mobile exploit kits and sandbox/virtual environment avoidance.
  • Pre-emptive cyberwar, breach notification and trusted organizations: the people speak
    Pre-emptive cyber strikes can be justified, breach notification should be mandatory with more severe penalties across the board, and we don’t trust social networks to keep our data safe: some of the views of the UK consumer.
  • The cyberwar of words and malware between US/Israel and Iran
    The cyberwar between the US/Israel and Iran is one of words as well as computer code. It is widely thought that Iranian hackers are behind the recent spate of attacks against US banks, and that the DDoS attack against HSBC was a specific Iranian hacker response to the anti-Islam film, the 'Innocence of Muslims'.

Top 5 Stories


Britain's Defense Policy Adds Cyber Deterrence to Nuclear Deterrence

30 September 2013

"You deter people by having an offensive capability. We will build in Britain a cyber strike capability so we can strike back in cyber space against enemies who attack us," said UK Defence Secretary Philip Hammond.

He was speaking to the Mail on Sunday (reported in the Mail Online) ahead of an announcement at the annual Tory party conference in Manchester; but what makes this statement different to earlier cyber announcements is the claim of an offensive cyber capability.

It is generally believed that most advanced nations have or are developing such a cyber strike force; but Hammond's statement is the first public affirmation by a national government. For example, while the Olympic Games project – including Stuxnet – is widely believed to be a US offensive cyber operation, the US government has never officially admitted it.

But now Hammond has declared that the UK will recruit a cyber army of hundreds of computer geeks as military cyber reservists, at an expected cost of up to £500 million over the next few years. "People think of military as land, sea and air," he told the Mail. "We long ago recognized a fourth domain – space. Now there’s a fifth – cyber. This is the new frontier of defense. For years, we have been building a defensive capability to protect ourselves against these cyber attacks. That is no longer enough."

A Ministry of Defence statement, also published yesterday, explains, "In response to the growing cyber threat, we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK’s range of military capabilities. Increasingly, our defence budget is being invested in high-end capabilities such as cyber and intelligence and surveillance assets to ensure we can keep the country safe."

This new policy is not without its critics. Ross Brewer, vice president and managing director for international markets at LogRhythm, thinks that an offensive capability, which he describes as 'pre-emptive strikes on other countries' is no surprise. "However, it is curious that Hammond has decided to be so brazen with this announcement."

According to the Financial Times, Shashank Joshi of the Royal United Services Institute think tank called the announcement a “highly unusual step” and that “the UK may risk losing the moral high ground."

An unnamed analyst added that it gives "China a chance to defend itself against arguments that Beijing is conducting massive cyber espionage against the west. It doesn't really make sense for the British [Ministry of Defence] to come out and make a statement like this and give the Chinese yet more ammunition."

The problem with such a policy lies in the difficulty of definitively knowing the source of an attack. On Saturday the Wall Street Journal reported that "U.S. officials said Iran hacked unclassified Navy computers in recent weeks in an escalation of Iranian cyberintrusions targeting the U.S. military." It added, "The U.S. officials said the attacks were carried out by hackers working for Iran's government or by a group acting with the approval of Iranian leaders." It is clear from this that the officials cannot prove that it was specifically government-sponsored – or they would have said so. The question then is whether a cyber offensive response can be launched on the basis of a suspicion.

The reality is, however, that deterrence only works on the back of a credible threat of retaliation, equal or stronger than the original aggression. What the UK government is saying very clearly is that if any foreign nation launches an attack against British interests – whether physical or cyber – Britain will have the capability to strike back in cyber space. "Hammond needs to convince the UK’s enemies that if its interests are threatened or the country is attacked in the cyber domain that it has the capability and capacity to do something about it," explains Dr. Jarno Limnell, director of cyber security for Stonesoft. "Offensive capabilities form a key part of this objective."

Meanwhile, and perhaps not entirely co-incidentally, James Stavridis, a retired Navy admiral and former Supreme Allied Commander at NATO, has voiced a very similar opinion in the Boston Globe: "It is time we considered the creation of a US Cyber Force for many of the same reasons we needed a US Air Force," he wrote yesterday. "A focused and dedicated service, reporting to civilian leadership, would create true singularity of strategic purpose in respect to military operations — defense, intelligence, surveillance, and potentially offense — in the cyber world."

This article is featured in:
Industry News  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×