The Conservative party has published a green paper outlining its strategy to tackle cyber attacks, as part of a wider move to improve national security
The Tories have outlined plans to defend the UK against cyber attacks, and promised to improve national security, if the party is elected to government at the next election. These plans include setting up a Cyber Threat and Assessment Centre (CTAC), which would act as the single reporting point for all cyber-related incidents.
The CTAC would build on the existing Cyber Security Operations Centre, set up by the Labour government in June 2009. Based in Cheltenham, the centre would provide intelligence about the online threats facing the country, as well as threat assessment and situational awareness facilities. In a Tory green paper entitiled “A Resilient Nation”, the party claims that this will enable a coordinated response to online attacks against the UK.
“Currently there are many different agencies working in this area – GCHQ, the Ministry of Defence, Security Service, Metropolitan Police, SOCA and others,” the paper states. “They share neither a common operating picture nor threat assessment. As a result, too little is known about the extent of vulnerability or scale of the challenge of providing enhanced security.”
Conservative leader David Cameron outlined the need for a centre such as the CTAC in a speech given at Chatham House to launch the paper. “As technology and computers and the Internet become bigger and bigger parts of our lives, the effect of cyber-warfare will become more pronounced,” he said. “You only have to look at the so-called ‘Clickskrieg’ against Estonia in 2007 – which crippled the government and the banking sector and almost brought the entire country to a halt – for a sign of how serious a major attack could be.”
The green paper also said that a Tory government would establish a National Security Council, to ensure a coherent approach to foreign and domestic policy, and a Cyber Security and Information Assurance Unit, to provide advice to government departments and businesses on computer security, network security, information security and information assurance.
The news follows a recent spate of high-profile security issues, ranging from attempts to hack into the Gmail accounts of Chinese human rights activists – which some security experts have blamed on a zero-day flaw in Internet Explorer – to attacks by the Iranian Cyber Army on Twitter, and the placing of anti-Semitic messages on The Jewish Chronicle’s website.
“There are concerns about cyber attacks originating from foreign shores, but keeping these nations at arm’s length will make this worse,” said Tony Dyhouse, director of the UK’s Cyber Security Knowledge Transfer Network (CSKTN), in response to Cameron’s speech at Chatham House. “Unfortunately businesses and organisations, particularly in cyber-security, have vested interests and aren’t always keen to share for fear of losing the competitive advantage. Addressing this silo mentality will be one of the key challenges of any cyber-security policy over the next few years.”