Defending the defenders

Inside the Enterprise: MPs question the armed forces' readiness to deal with cyber security attacks. Businesses should pay attention too.

The Latin saying, "Quis custodiet ipsos custodies", or "who guards the guards", usually appears in debates about whether those in authority have too much power over ordinary citizens.

But a report from the House of Commons' Defence Committee suggests a more literal meaning: who is protecting our protectors?

It seems that, when it comes to the UK armed forces and cyber security, they are not protected well enough. Over the last decade, most countries' militaries have become more reliant on IT, and the UK's forces are no exception.

Should systems suffer a sustained cyber attack, their ability to operate could be fatally compromised

This poses some risks both to military operations, and the day to day functioning of the armed forces. If military defence systems lack proper protection from cyber security attacks, a relatively low-risk, low-cost malware infection could wreak havoc on a par with an outright military assault. This could either be a standalone threat, or a precursor to the type of overt, armed action that security experts call a "kinetic" attack.

The move towards greater use of computer systems, cheaper Common Off The Shelf (COTS) technology in computing and telecoms, and the greater use of outsourcing and civilian contractors, is creating chinks in the forces' electronic armour.

The Committee did not mince its words, and it is worth quoting some of the report in detail.

"The evidence we received leaves us concerned that with the armed forces now so dependent on information and communications technology, should such systems suffer a sustained cyber attack, their ability to operate could be fatally compromised," the MPs wrote. "It is not enough for the Armed Forces to do their best to prevent an effective attack."

And it is not just a question of hackers disabling administrative systems, or communications.

"Perhaps the most worrisome scenario of all is a cyber attack that could render dysfunctional main combat units such as airplanes or ships, or that could limit their operational capability or reliability. [...]," warned MPs.

"Moreover the increased utilisation of robotic devices such as drones, battlefield robots and UAVs over the battlefield has numerous advantages, but also creates a new type of information security challenge that is not yet fully understood, studied or realised."

The Committee singled out parts of the defence establishment for praise, particularly the joint work being done by the military and the private sector.

But the message is that the MoD, as well as the individual services, need to do more to guard against a cyber security attack, and to plan their military defence response if one happens.

Continues over page.