LONDON: The newspaper with arguably the best connections in the UK security world reports that a Parliamentary committee calls for cyber attacks on those who attack British interests.
Here’s what the Daily Telegraph’s Tuesday morning front page headline says: “Destroy our cyber enemies, say MPs.” Here’s what the story says:
Security and intelligence agencies should be willing to engage in covert cyber attacks on enemy states using programs such as the Stuxnet virus that targeted Iran’s nuclear ambitions, a report concluded.
The paper summarizes the report from the House of Commons’ Intelligence and Security Committee as saying “it was not enough to just defend against cyber attacks and that the military and spy agencies needed to exploit cyber warfare for their own ends.”
The information comes from the Intelligence and Security Committee’s annual report. The panel is roughly equivalent to the House Permanent Select Committee on Intelligence.
Here’s what the report actually says the United Kingdom “could” do to protect itself:
“• Active defence: Interfering with the systems of those trying to hack into UK networks.
“• Exploitation: Accessing the data or networks of targets to obtain intelligence or to cause an effect without being detected.
“• Disruption: Accessing the networks or systems of others to hamper their activities or capabilities without detection (or at least without attribution). The most famous example of this type of cyber activity (although not involving the UK agencies) is the Stuxnet virus which is believed to have caused some disruption of the Iranian nuclear enrichment programme.
“• Information operations: Using cyber techniques and capabilities in order to deliver information operations.
“• Military effects: The destruction of data, networks or systems in support of armed conflict.”
The report includes some interesting details about the increases in British cyber capabilities. Here, as in the U.S., it is the intelligence community which provides most of the heavy lifting when it comes to the cyber world. In the U.S. it is the NSA that provides the most bodies and the most capability. Here it is GCHQ, the British equivalent of NSA.
The report notes that the intelligence community — including GCHQ — received “over half” of the 650 million pounds approved last year to improve British cyber capabilities over five years. Much of that money appears to have been spent on people. It notes that, “GCHQ staff employed in the field of network defence and analysis of cyber attacks have increased by almost one-third in the last two years, significantly bolstering this critical aspect of cyber security work which currently accounts for over half of GCHQ’s total cyber effort.”
So, if you boil the Telegraph story down, after reading the report, one should be left with the conclusion that Britain and the U.S. have accepted they may well have to destroy an enemy’s cyber capabilities. Missing from the British report is the explicit identification of kinetics as a tool to destroy cyber assets, though it is certainly implicit in the brief mention of “military effects.” Also absent from the British report is the careful American delineation between acts of espionage (sabotage) and acts of war. But the difference lies more, poor Yorick, in the laws and constitutions governing the two countries than in themselves. (Apologies to Shakespeare, but I attended the new Globe Theatre the other night — Henry V — and couldn’t resist.)