Liam Fox, the defence secretary, yesterday promised a radical shake-up of Britain’s armed forces, with weapons projects and top brass sacrificed to pay for combating new threats like cyberwarfare.

Promising that the forthcoming strategic defence and security review would not indulge in the easy option of “salami slicing”, he said: “We have to match our resources with our commitments”. There was a limit to what the government could ask its armed forces to do, he added.

However, giving evidence to the Commons defence committee, he made clear an exception would be made for replacing the Trident nuclear missile system. The promised “value for money” scrutiny of Trident would be about “how to deliver the same programme at lesser cost”, Fox said.

Asked if that meant a reduction in the number of senior officers, Fox signalled it could. “We do have to look at the rank structure as part of the overall cost as well as the effectiveness of the armed forces.”

He added that a study was under way into British military bases around the world though officials said it would be decades before British troops left Germany because of the high cost of redeploying them in the UK. They were worth £100m to the German economy, Fox observed.

Pressure on the defence budget required the government “to sacrifice things we can see for things we cannot see”, he told the cross party committee of MPs, referring to the hidden danger of cyberwars.

He also warned against predicting where the next conflicts would occur. “We cannot extrapolate from where we are today. No one predicted Afghanistan so we need to maintain generic and flexible armed forces.”

Asked about Britain’s future role in Afghanistan, Fox did not question David Cameron’s repeated suggestion that UK troops would cease having a combat role there by 2015. However, he said that they may be required “for some time” to continue mentoring and training Afghan security forces.

He singled out mental healthcare for veterans as a priority, describing the level of suicides among them as a “human tragedy … a blight in a civilised society”.

A study by the Royal College of Psychiatrists last year concluded that men aged under 25 years who left the armed forces were at increased risk of suicide. The risks were greatest in the first two years after they were discharged.

British troops wounded in service will have longer to claim for compensation from next month, the Ministry of Defence announced today.

The period in which injured servicemen and women can lodge applications under the armed forces compensation scheme will increase from five to seven years on 3 August.

Other changes being introduced after a review of the scheme by the former chief of the defence staff, Lord Boyce, include an increase in the maximum bereavement grant from £20,000 to £25,000.

http://www.guardian.co.uk/uk/2010/jul/21/armed-forces-reforms-modern-threats

In evidence to a Parliamentary committee, The Centre for the Protection of National Infrastructure, a Government agency, said that Government-backed hackers from China and Russia were behind a large proportion of the operations.

Their aim is to steal government, defence and technology information. Most large firms have been targeted and, in ”many cases”, the attacks have been successful.

Islamist terrorists are also behind attacks via the internet. Although their efforts are more limited, they are on the increase.

The scale of the attacks was disclosed in the annual report of the Intelligence and Security Committee (ISC).

The ISC warned the threat posed was ”a matter for concern” that needed to be given a high priority.

Work by GCHQ to tackle the problem had yielded ”tangible benefits”, it said.

But it was well below the capacity initially planned because of problems with the recruitment and retention of specialist staff.

”The potential threat posed to the UK Government, critical national infrastructure and commercial companies from electronic attack is a matter for concern,” the committee said.
”We have heard from our American and Canadian counterparts that they treat this threat very seriously, and we recommend that the UK accord it a similar priority and resources.”

GCHQ, based in Cheltenham, set up the Network Defence Intelligence and Security Team in 2008 to provide detection, analysis and investigation into electronic attacks.

The ISC said it had been informed of ”a number of tangible benefits, both in terms of practical emergency responses for government networks and developing a better understanding of the future threat”.

But it went on: ”Nevertheless, work to tackle the threat of electronic attack is about a third below the level planned.

”We have been told that the shortfall is because of the difficulties GCHQ has had in recruiting and retaining skilled internet specialists in sufficient numbers – although specialist recruitment campaigns have been set up to try and address this problem.”

The ISC said it had been unable to assess a new cyber security strategy introduced last summer. That includes a UK Office of Cyber Security (OCS) and a UK Cyber Security Operations Centre (CSOC) established in September.

In its response to the report – presented to the Prime Minister in December but published today – the Government said it agreed that the electronic threat was ”a matter for concern”.
It said the OCS and CSOC had been ”tackling early priority areas in support of the cyber security strategy”.

”OCS provides strategic leadership and cross-government coherence in this area, and CSOC co-ordinates significant cyber security incident response, enables a better understanding of attacks and provides improved advice and information about the risks,” the Government said.
”The Centre for the Protection of National Infrastructure (CPNI) also works closely with OCS and CSOC in this field. It provides advice to businesses and organisations across all sectors of the UK’s critical national infrastructure, helping to mitigate risk and reduce vulnerability to threats in the cyber domain.

”It also provides them with warnings, alerts and assistance in resolving serious IT security incidents.

”CPNI has a further ‘response’ function: it is available 24/7 to act as a reporting point for UK companies with concerns about potential national security threats, including cyber attack.”
The ISC also raised concerns about a decline in spending on counter-espionage, or hostile foreign activity (HFA), by MI5. Specific figures were redacted from the report.

The Security Service’s director general, Jonathan Evans, told the committee he would like to spend more on HFA but resisted ring-fencing the budget because of the need to be able to redirect resources quickly in response to specific threats.

He said: “I would like to do more on HFA, because I think there are unanswered questions out there and ones which are slow-burn rather than rapid problems, and if you ignore them for long enough they are likely to cause us problems.”

But he added that MI5′s resources need to “go where the operational demand is that day, and it’s very flexible and we can change it around by lunchtime if we need to”.

The ISC said: “We accept the view of the Security Service that ring-fenced funding would limit its operational flexibility.

“However, as we stated last year, we are still concerned that counter-espionage is not sufficiently resourced in light of the levels of hostile foreign activity in the United Kingdom.
“This is a serious threat that must not be overlooked.”

“The moment you mention a particular state, they will deny it,” West added. “The problem with cyberspace is that attribution is extremely difficult. It’s almost impossible to do it in terms of evidence that would be necessary in a court of law.”

However, he said the UK government had sufficient intelligence to be confident that it knew who the main perpetrators were. Russia has been widely blamed for launching debilitating cyber-attacks on Estonia and Georgia. West said such actions prompted new questions.

“If I went and bombed a power station in France, that would be an act of war,” he said. “If I went on to the net and took out a power station, is that an act of war? One could argue that it was.”

And he warned that there might come a time when the UK would feel compelled to retaliate. “If some state sponsor keeps trying to get into your systems, probably for industrial espionage, are you going to go back into their system and bugger it up? We’re all capable of doing these things. At the moment we wouldn’t do that, but maybe this is where we need to have discussions.”

He suggested that the UK needed to be prepared to tackle a spectrum of threats in cyberspace, including those posed by criminal gangs and terrorists. “I’m very worried they [terrorists] may start becoming cuter and try to use our connectivity to have a go at our critical infrastructure, things [that control] our services, our food [distribution] and water supply,” he said. Terrorists were currently “not brilliant” at attempting this sort of attack on infrastructure, he added, but they would learn fast and “we’ve got to be ahead of them”.

As an example of the potential effects, he talked about what would happen if time signals from global positioning system satellites were disabled. “Not a single cash machine would work, the Docklands Light Railway wouldn’t work, you wouldn’t be able to berth oil tankers, great chunks of our transport infrastructure would stop,” West said.

He drew comparisons with ice storms in the Canadian capital, Ottawa, several years ago. “All the power went down; there were riots with people smashing into stores,” he said.

The government is so concerned at the evolving threats in cyberspace that this month it launched the Office of Cyber Security, which draws on expertise from organisations such as GCHQ, the Ministry of Defence, the Home Office and the Serious and Organised Crime Agency.

The OCS is engaged in planning exercises looking at warfare in 2015 and 2040. Another part of its remit will be tackling online fraud. West described the rise of “malicious” computer code as “exponential” and “mindboggling”. “The more you realise the malicious elements that are out there trying things, the more horrifying it becomes,” he said.

Last week Spanish investigators arrested three alleged ringleaders of the so-called “Mariposa” botnet, which had infected and controlled up to 12.7m PCs. West acknowledged that the 2012 Olympics would be a target for cyber-attacks. “People will be trying to get into the Olympics [ticketing] site to see what they can do,” he said.

His comments come days after the director of the FBI, Robert Mueller, warned that militant groups, foreign states and criminal organisations posed a growing threat to US security as they targeted government and private computer networks. “Apart from the terrorist threat, nation states may use the internet as a means of attack,” Mueller said. “They seek our technology, our intelligence, our intellectual property, even our military weapons and strategies.”

The UK’s new cyberwarfare unit will be ready for action on 10 March, according to the government.

The Cyber Security Operations Centre (CSOC), located at GCHQ in Cheltenham, will have an initial staff of 19, said Baroness Crawley.

CSOC will monitor the internet for threats to UK infrastrucutre and counter-attack when necessary.

The staffing figure, released in response to a Parliamentary question, puts paid to recent hyperbole suggesting the intelligence agencies were recruiting a 50-strong “army” of teenage hackers.

CSOC was announced in June as the operational centrepiece of the UK’s first cybersecurity strategy. Funding for the unit hasn’t been revealed, but it will come from the GCHQ’s budget, which stretches into hundreds of millions.

The Office of Cyber Security, a new unit in the Cabinet Office set up to coordinate policy, is also currently being set up, to be led by senior civil servant Neil Thompson. Crawley said it will have 18 staff and a budget of £130,000 for the remainder of this financial year. ®

Harry was a Russian secret service agent who spoke perfect English and wore cowboy boots with his uniform. I never knew what his face looked like because he wore a mask during the lengthy interrogation sessions he put me through during five days of captivity in Federal Security Service (FSB) hands in Chechnya in 1999. The first item taken from me by Harry and his friends was my laptop. I was as much unnerved as relieved when it was returned on my release. “I can have it back?” “Yeah, have it back,” the FSB agent replied, and laughed.

Within 24 hours of arriving home in London the laptop was deluged with spam, pornography and Russian hate mail, eventually crashing completely. The act was more a digital slap on the wrist than the attacks that the Russians would allegedly inflict on entire countries several years later, but it was my first experience of cyberwar.

The incident came to mind eight years later on a February morning in Helmand, southern Afghanistan, when I heard a Royal Marines colonel briefing his officers. He mentioned, almost as an aside, that one of the men’s e-mail accounts had been closed after being compromised by a “hostile intelligence agency”. In other words, someone hacked into a soldier’s computer to see what might be found there. Last December, in Sri Lanka, a senior UN official confided to me that his e-mails were being intercepted by a “key log” program that allowed everything he wrote and received to be read by an intelligence agency.

Today barely a week passes without the phrase “cyberattack” in the news. It is a loose term, incorporating everything from criminal hacking and commercial espionage to attempts to seize control of weapon systems or sabotage national infrastructures. Britain is treating the surge of hostile computer activity seriously enough to have established two organisations last year to co-ordinate, assess and expand its cyber strategy. The Office for Cyber Security (OCS), established by the Cabinet Office, was created in the autumn after a warning by intelligence chiefs that China may have acquired the ability to cripple key points of infrastructure such as telecommunications.

Whitehall departments were allegedly first targeted by Chinese hackers in 2007. Later that year Jonathan Evans, director-general of MI5, wrote to 300 chief executives warning of potential Chinese hacking attacks and data theft. In the year up to November 2009 Britain suffered 300 cyber intrusions — defined as a sophisticated attempt, successful or not, to steal data or sabotage systems — on government and military networks.

The OCS, at present staffed by 14 people, including personnel from the security services and military, is to be fully operational with a strength of 20 later this year. It works closely with a second organisation, the secretive Cyber Security Operations Centre, located within Government Communications Headquarters in Cheltenham. A key part of the approach is establishing rules of engagement for retaliatory cyberstrikes should critical infrastructure be attacked and crippled.

“If I go and bomb someone’s power station, that is an act of war,” Baron West of Spithead, the Permanent Under Secretary of State for Security and Counterterrorism, told The Times. “But if I use a computer to make that power station effectively not work, is that an act of war? That is a simple stark example. There are much more complex examples. These were issues that hadn’t been addressed before, and we are now at the forefront of doing so.”

The majority of attacks have been to obtain funds from commercial organisations, and a full assault on a country’s banks, stock market, energy grid, telecommunications and health systems is more likely if countries are already in a “hot” war. There are several other potential triggers, however. In 2007 Estonian ministries, banks and newspapers were bombarded with denial-of-service attacks — mass requests for information that cause systems to crash — for several days after the Government moved a Soviet war memorial in the capital, Tallinn.

In 2008 Georgia complained of similar attacks during its brief conflict with Russia over the breakaway province of South Ossetia. The Russians were blamed in both cases, although they denied involvement.

The threats and scenarios of cyberwar require some sideways thinking. British assessments conclude, for example, that the risk of a serious attack in this country is still lower than that of a flu pandemic — but that a flu pandemic would be a lot worse if combined with an attack on NHS computer systems involved in vaccine distribution. American academics have predicted that the physical damage from a country shutting the US power grid for three months would be several times greater than the damage done by Hurricane Katrina in Louisiana.

The strategy being developed by Lord West is not limited to risk assessment; retaliation is part of the package. “We could do what these people do [to us] if we wanted to,” he said. “We’re looking at … the ethics of all of this. If someone dropped a bomb on us, I would have no hesitation in shooting their bloody plane down and giving them a slapping … So we need to think through how we react to these ‘other things’ and the implications.”

The murky world of cyberwar is inhabited by small-time hackers, criminal syndicates and people operating with the support of their government.

“Everything that happens to us is called an ‘attack’,” said a senior official with a lead role in British cyber operations, “[but] most of what we see on a large scale … is about the exfiltration of data — theft, not an attack.” There exists, however, an overlap between the interests of hostile state intelligence agencies and cybercriminal syndicates seeking to steal intellectual data for profit. Russian cybercrime syndicates, better known as partnerka, lead commercial espionage in Europe and are known to have links with Harry and his comrades in the FSB. China has its own dedicated cyber operations headquarters within the People’s Liberation Army but also holds top rank in the league of cyberhostile countries — the list used by Western security companies to warn business clients of cyber-threat.

The West’s nuclear strategy was based on deterrence — the assurance that a guaranteed second strike would prevent a first strike from coming. Yet cyberwar is more complex because the attacks have certain things in common: they are fast, cheap and hard to trace.

“Attribution is unbelievably difficult,” admitted Lord West. “These guys could attack [as if it was from] your site — the attacks would come in from different nodes in a strange way that you can’t even identify. Follow the attack back and it gets to you — but it wasn’t you.”

The sophistication of commercial and state-sponsored activity has developed immensely since the attacks on Estonia and Georgia, with denial-of-service operations now considered relatively low-grade. More worrying is “zero-day malware” — an unidentifiable new generation of Trojan programs that are implanted into a host computer and lie dormant until activated.

“Let’s say that someone has received an e-mail that looks like it’s from someone they know, about a subject they feel comfortable with,” said Ian McGurk, associate director for information security at Control Risks, a security consultancy. “As a consequence they trust the material. If there’s an attachment — a photograph, a Word document, whatever — embedded within that attachment is some sort of malicious code that is going to install itself on the machine. That machine is then compromised, and a Trojan is installed that can search for information.”

As well as transmitting information back to its handler, zero-day malware can also hand a computer to outside control before going on to infect an entire system.

Raimund Genes, the chief technical officer of Trend Micro, said: “We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government.”

Hosts compromised with Aurora botnet agents and rallied to the botnet Command-and-Control (CnC) channels were distributed across multiple countries before the public disclosure of Aurora, with the top five countries being the United States, China, Germany, Taiwan and the United Kingdom.

Damballa identified additional botnet CnC domains used by these criminal operators and established a timeline of malware associations back to May 2nd, 2009 by tracking the evolution of the malware used by Aurora’s operators

This botnet has a simple command topology and makes extensive use of Dynamic DNS (DDNS) CnC techniques. The construction of the botnet would be classed as “old-school”, and is rarely used by professional botnet criminal operators any more. Reliance upon DDNS CnC is typically associated with new and amateur botnet operators

The criminals behind the Google attack appear to have built and managed a number of separate botnets and run a series of targeted attack campaigns in parallel. This conclusion is based upon CnC domain registration and management information. The earliest of the CnC domains associated with these botnets, reliant upon DDNS service provisioning, appear to have been registered on July 13th 2009

The botnet operators behind the Aurora attacks deployed other malware families prior to the key Trojan.Hydraq release. Some of these releases overlapped with each other. Two additional families of malware (and their evolutionary variants) were identified as “Fake AV Alert /Scareware – Login Software 2009” and “Fake Microsoft Antispyware Service,” both of which employed fake antivirus infection messages to socially engineer victims into installing malicious botnet agents.

Earlier this month, the Bipartisan Policy Center held a mock cyber war game in which the US came under cyber attack. By the end of the exercise, the power grid was down in much of the East Coast, telecommunications were severely disrupted and the Internet was virtually useless. The war game demonstrated some of the severe difficulties and challenges that would arise in the event of a cyber attack and helped to underscore that the US is not currently prepared to handle such an attack.

It now appears that the British are in a similar bind. According to an article in The Register, the Cyber Security Operations Centre (CSOC) has predicted that a cyber attack that caused even minor damage would prove “catastrophic” for public confidence in the government.

As use of the Internet becomes even more interconnected with daily operations, “any interruption of broadband access becomes intolerable and will have serious impacts on the the economy and public well being,” according to the CSOC. “A successful cyber attack against public services would have a catastrophic impact on public confidence in the government, even if the actual damage caused by the attack were minimal.”

The report for Whitehall is part of a report produced by the CSOC about future threats.

Surely, this is where we’re at now, right? Is this actually what’s driving the current stampede to enfold ‘cybersecurity’ within government, rather than entrusting it to producers and consumers as the free market would mostly do? Has the beast has been unleashed by communications deregulation and re-regulation over the last twenty years, and governments are now wondering what the hell they’ve done? Branding computer and network security as national security may well be just a discursive ploy, and internationalising action on this problem is looking like some weird universal heuristic for reconfiguring global flows of capital and political power.

I described Castells to someone the other day as ‘an enlightened Marxist’, and I guess he has more of a structural take on global networks than I do. However, the explosive rise of ‘cybersecurity’ in the global political imagination has to be explained somehow, and Castells seems like as good a place as any to start.

The 10th annual Index on Censorship Freedom of Expression Awards ceremony, hosted by Jonathan Dimbleby at Royal Institute of British Architects on 25 March 2010. This year’s event promises to be the most important in the history of the awards, given the greatly increased profile that Index on Censorship is now enjoying in the UK and beyond.

[...]

At past events there have been poignant moments. Last year, the new media award was won by Psiphon, a revolutionary software programme that allows Internet access in countries where censorship is imposed. At the ceremony, Psiphon dedicated their award to imprisoned Iranian blogger Hossein Derakshan, who still languishes in jail.

…

Most cyber attacks are likely to remain difficult to trace to official sources, the report explains, citing the denial of service attacks on Georgia as Russia’s army invaded in 2008. This year GCHQ’s close US counterpart, the National Security Agency (NSA), has been called in to investigate attacks on Google’s GMail service apparently from inside China.

“An internationally agreed definition of cyber warfare will remain elusive, with state actors making increasing use of hired criminals and ‘hacktivists’ to carry out deniable cyber attacks on their behalf,” CSOC predicts.

The offical British view casts ongoing talks (http://www.nytimes.com/2009/12/13/science/13cyber.html) between the US and Russia – aimed at fostering cooperation between states on internet security and agreeing ground rules – in a pessimistic light.

“States are likely to increasingly see the cyber domain as an area in which to wage war… it is difficult to see international agreement on what acts are and are not acceptable in a cyber war being achieved within five years,” CSOC says. “Even if regulation of this kind was to emerge, it is likely that it would make little difference.

“The increasing sophistication of criminal cyber tools and the availability of cheap, fast broadband will mean that states are able to achieve their aims by hiring criminal botnets to carry out DDOS or other attacks on their enemies’ infrastructure.”

Cyber arms race

Government eavesdroppers also face a secret “cyber arms race” to develop quantum cryptography technology, according to GCHQ.

“In the next 5 to 10 years, states are likely to engage in a cyber arms race for quantum cryptanalysis, which would enable the users to crack any encryption within a very short space of time, and for quantum cryptography, which would prevent secure communications from being intercepted,” it said.

Quantum computers would be able to test every possible cipher for a traditionally-encrypted message very quickly. Meanwhile a quantum-encrypted message would be impossible to intercept because just by observing it the eavesdropper would destroy it.

GCHQ – the descendent of the UK’s famous World War Two codebreaking effort at Bletchley Park – is responsible for intercepting foreign communications and for trying to ensure government communications are not intercepted. Without directly referring to its own work on quantum cryptography, it said the revolution the technology would spark in both areas remains out of reach.

“It is unlikely that any state actor will have been able to put quantum systems into operation by 2015, although some state actors may have basic quantum computing capabilities by 2020,” CSOC says.

The NSA is said to be investing heavily in quantum computing.

The predictions in CSOC’s report have served as the basis of a series of classified and unclassified meetings with industry and academics hosted by the Office of Cyber Security in recent weeks. Officials plan to feed the results of the meetings into policy, including whether and how the UK should develop offensive capabilities online. ®