UK Government Fears Destructive Cyber Sabotage

The UK is faced with the threat of imminent cyber sabotage, endangering not just online systems, but real-world operations, the government’s director of the Office of Cyber Security warned today.

James Quinault, speaking during a Westminster eForum event, said sabotage is “coming on the scene”, warning of “deliberate attacks to degrade or destroy critical infrastructure and people’s assets”, alongside all the other kinds of cyber attack.

Quinault urged anyone who did not think destructive attacks were coming to study the attacks on oil behemoth Saudi Aramco, which took out 30,000 computers with a wiper virus.

“If you make oil, you can probably come back from something like that, but if you’re a service provider or online retailer, unless you’re very lucky, that’s curtains,” he said.

UK cyber sabotage worries

Quinault said “much progress has been made” in improving the UK’s cyber security defences, “but there is much, much more to do”.

The government has pumped £650 million into cyber security, setting up various initiatives, such as a national CERT (Computer Emergency Response Team), which is due to go live before the end of the year, and numerous data sharing bodies, including the CISP (Cyber-security Information Sharing Partnership).

“This year we need to take it up a gear, because the threat is not standing still. It is increasing and it will do for some time to come.”

Espionage remains a key problem facing British businesses too. “Too much valuable UK IP is getting stolen now and the government sees this as a national security issue in its own right,” he said, claiming IP theft could cause serious damage to economic growth in the UK.

Quinault declined to take questions from TechWeekEurope after his talk.

Both the US and the UK have been busy talking up the threat facing critical infrastructure, even though the only attacks to have had a destructive result, involving the Stuxnet malware, are believed to have been the work of the Americans and the Israelis.

Others have called on the industry and governments to not overhype the threat. Art Coviello, chairman of RSA, the security arm of storage giant EMC, said recently the use of the terms “cyber Pearl Harbour” and “cyber 9/11” were not appropriate or helpful.

Whilst the threat is real, there has been little evidence to show destructive attacks are going to cause carnage any time soon.

Are you a security expert? Try our quiz!