Defence Committee blasts Government cyber security strategy

News 9 Jan, 2013

New report claims Armed Forces ill-prepared for cyber attacks.

The Government’s approach to cyber security has been slammed in a new Defence Committee report, which suggests the UK Armed Forces could be “fatally compromised” by a sustained attack.

The reliance of the Armed Forces on IT could seriously jeopardise their functions should a cyber attack take place, the report warned.

“Given the inevitable inadequacy of the measures available to protect against a constantly changing and evolving [cyber security] threat...it is not enough for the Armed Forces to do their best to prevent an effective attack,” it stated.

It is time the Government approached this subject with vigour.

“In its response to this report, the Government should set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so - and urgently create some.”

It wasn’t all bad news for the military, as the Global Operations and Security Control Centre (GOSCC), the organisation responsible for safeguarding the Ministry of Defence’s (MoD) networks against attacks, was commended by the report.

GOSCC is staffed by a mix of military personnel, as well as contractors from several IT firms, including Fujitsu and BT.

“The Committee was impressed with GOSCC as a model of how industry contractors with particular expertise can be integrated with MoD personnel, and reassured by the clarity with which its mission was communitcated,” said the report.

“The GOSCC constitutes a pool of expertise which can be drawn on to spread good ‘cyber hygeiene’ and awareness of everyday threats throughout the Defence workforce.

“We consider that GOSCC should be held up as a Centre of Excellence to promote good practice within the MoD and other Government departments,” the report also advised.

As a whole, the Government was called on to overhaul its approach to cyber security by introducing a host of new measures to help cope with the evolving nature of threats.

“The cyber threat is one which has the capacity to evolve with almost unimaginable speed and with serious consequences for the nation's security,” said the report’s closing remarks.

“The Government needs to put in place - as it has not yet done - mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities [this] presents.

“It is time the Government approached this subject with vigour,” the report concluded.

Ross Brewer, managing director and vice president of international markets at security vendor LogRhythm, said he was unsurprised by the report’s findings.

“[It is] true [the] UK’s Armed Forces [are] becoming an increasingly popular target for both independent cyber criminals and those controlled by other governments,” said Brewer.

“It is unfortunate that most Government-led cyber security policies focus on catching and punishing criminals as opposed to preventing computer crime...[and is] no surprise that public calls for urgent and more aggressive Government action are gathering steam.”