Ministry of Defence bolsters IP defences in face of growing cyberthreat volume

The action was revealed by armed forces minister Nick Harvey in response to questions from MPs who expressed concern that the MoD's IP-based network was vulnerable to LOIC-style attacks.

As reported previously, LOIC (and LOIC-2), is the name of a distributed denial of service (DDoS) attack utility that has been used by WikiLeaks hactivists in recent weeks to stage attacks against websites operated by Mastercard, PayPal, Visa and other organisations.

Harvey told MPs that the government attaches a high priority to the cyberdefence of its systems, adding that his department rates attacks in cyberspace as a tier-one risk and had allocated £650 million to enhancing its protection.

The armed forces minister said he did not want to go into detail but added that MPs would understand if he did not comment further on the detail of the countermeasures the MoD has undertaken.

Commenting on the MoD's moves to bolster its IP defences, Ross Brewer, vice president of audit and SIEM (security information and event management) specialist LogRhythm, said that the threat of cyberattacks seems to be at an all time high in the UK, and now even the MoD is looking at ways to improve its defences.

"If an organisation with such a strong security mandate still has room for improvement, you can pretty much conclude that other public sector organisations need to make some changes too", he said.

According to Brewer, all UK government ICT systems must adhere to GPG 13 – the good practice guide 13 – which provides a framework for ensuring best practice IT security.

GPG 13, he says, prescribes 'protective monitoring', which involves the real-time collection of all computer-related activity and the creation of audit trails of any suspicious events.

The challenge for public organisations, he explained, is how to manage these cumbersome processes at a time when headcounts and budgets are under serious threat.

"Every IT related activity – whether legitimate or the result of a malicious attack – creates a log, so organisations have millions and millions of logs to monitor and process each and every day if they are going to comply with GPG 13", he said.

"Organisations need an efficient way to analyse these logs and uncover the breaches and attacks that require immediate attention", he added.

"One solution is the use of an automated centralised logging and SIEM solution (SIEM), which continually monitors for attacks and suspicious activity, while at the same time keep management overheads to a minimum.".

What’s Hot on Infosecurity Magazine?