Government Admits Building Cyber-Weapons

The British government has acknowledged it has begun work on a “toolbox” of offensive cyber-weapons to complement its existing defensive capabilities.

In an interview with The Guardian, armed forces minister Nick Harvey said he now regards cyber-weapons as “an integral part of the country’s armoury”.

Battlefield of the future

He said action in cyberspace would form “part of the future battlefield”, comparing ICT weapons to those existing in other forms.

“The circumstances and manner in which we would use (cyber weapons) are broadly analogous to what we would do in any other domain,” Harvey told the paper. “Cyber is a new domain but the rules and norms, the logic and the standards that operate in any other domain… translate across into cyberspace.”

Harvey said the UK’s reliance on IT at the heart of its transport, power and communications systems meant that cyber warfare was now a “catastrophic” possibility.

“The consequences of a well planned, well executed attack against our digital infrastructure could be catastrophic,” Harvey told the Guardian. “With nuclear or biological weapons, the technical threshold is high. With cyber the finger hovering over the button could be anyone from a state to a student.”

Harvey did not specify the source of possible attacks, but said that “it would be foolish to assume the West can always dictate the pace and direction of cyber-technology”, noting in particular China’s development on the military and technological front.

In February foreign secretary William Hague noted that the Foreign Office had repelled a cyber-attack in January from a hostile government agency, which the Guardian, citing unnamed sources, suggested may have originated in China.

Government attacks

Chancellor George Osborne also recently highlighted cyber-attacks on the government, saying that the Treasury had sustained at least one attack per day last year.

US defence giant Lockheed Martin last week also acknowledged an attempted intrusion into its systems.

Security experts said that the government’s move was probably necessary, given the rising atmosphere of threat around high-profile cyber-attacks and cyber-espionage, but some warned that the government might end up making half-baked security manoeuvres.

“Sooner or later, political expediency will mean that mistakes will be made,” said David Harley, senior research fellow at security provider ESET UK, in a statement. “The whole ‘security theatre’ problem is based on the political assumption that it’s better to do something visible but half-baked than to do something effective but invisible.”

Harley said the shape of future warfare remains to be defined, and said it would be a mistake to think that Stuxnet is the direction in which online warfare is heading.

Stuxnet “points to a need to think – or rethink – our assumptions about what these cyberterms mean, because those assumptions and definitions will shape whether we respond appropriately to any and all of these classes of threat,” Harley stated.

Security strategy

Last year’s national security overhaul made cyber-security a “Tier 1” priority.

Home Secretary Theresa May said at the time that cyber warfare is a “new and growing threat” and that more than half of the cyber attacks ever identified had occurred the previous year.

“It’s a threat to government, it’s a threat to businesses and indeed to personal security,” May told Radio 4. “We have identified this as a new and growing threat in the UK.”