Defending against the cyber threat

Clandestine cyber attacks are posing a massive threat to the UK’s security infrastructure

Cyber warfare has become one of the greatest threats to Britain’s national security, according to a recent report by the UK’s National Security Council. Gone are the days where clear battle lines could be drawn with hostile countries; today we face clandestine and potentially devastating attacks capable of crippling the world’s modern infrastructure within seconds.

The claim comes as a second report, the Strategic Defence and Security Review, sets out a £650m programme to tackle cyber threats in the UK. In a week of deep cuts, the additional funding for cyber crime is likely to change the landscape of Britain’s future defence capabilities.

According to the government, cyber warfare now sits alongside violent terrorism, military attacks and natural disasters in a list of the most important challenges the country faces.

The ’Stuxnet’ worm, discovered in June 2010, brought home the reality of the danger posed by cyber crime. Dubbed the world’s ’first cyber super weapon’, Stuxnet was thought to be designed for attacking equipment associated with Iran’s Bushehr power plant. The worm was widely reported as being from a government agency or well-funded source and could target control systems used to manage oil rigs, water supplies and power plants, signalling a new age in cyber warfare.

The threat from Russia, which used cyber attacks in Georgia in 2008 and on Estonia in 2007, is also prominent. More than one million computers were used to disrupt government, business and media websites in Estonia, and caused damage estimated at tens of millions of euros. Meanwhile, China has been at the centre of controversy, with Google’s disclosure last year that the attacks targeting it and other US companies originated from Chinese computers.

Cyber crime costs $1 trillion a year and that figure will rise, along with the speed at which attacks cause devastation

In a speech at the International Institute for Strategic Studies (IISS), Iain Lobban, the director of the Government Communications Headquarters (GCHQ), said British government systems are targeted 1,000 times each month. ’Cyberspace is contested every day, every hour, every minute, every second. I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world. The threat is a real and credible one.’

But while there is a growing awareness of the threat posed by cyber-warfare attacks, the topic remains obscure and solutions are either absent or highly guarded. Earlier this year, IISS director-general John Chipman called for more joined-up thinking on the issue. ’Despite evidence of cyber attacks in recent political conflicts, there is little appreciation internationally of how to assess cyber conflict,’ he said. ’We are now, in relation to the problem of cyber warfare, at the same stage of intellectual development as we were in the 1950s in relation to possible nuclear war.’

The £650m earmarked for the National Cyber Security Programme will go some way to improving collaboration in this area. A large chunk of the money will be invested in GCHQ, the government listening centre in Cheltenham, but the government is also working with the private sector to roll out technology that can deal with the threat. One programme that will benefit is the SATURN (Self-organising Adaptive Technology underlying Resilient Networks), which was launched in 2009 by the Technology Strategy Board. The programme aims to demonstrate how self-managing, intelligent services can allow the discovery of cyber threats in real-time.

Part of the project was unveiled last month by security firm Northrop Grumman, which has developed a cyber test range for research and emulation of cyber threats on large-scale networks. Located in Fareham, the cyber test range is the first of its kind to be launched commercially in the UK. Larry Deatrick, principal architect of infrastructure at Northrop Grumman, believes that the technology is vital if the UK is to keep up with international hackers. ’Ethical hackers work on patches for vulnerabilities and cyber criminals work on exploits,’ he said. ’It’s always a race to see if the patch can get there before the exploit. If we can identify the vulnerabilities of a network first, we will be one step ahead and that’s what this test range will do.’

Northrop Grumman’s UK cyber test range was opened by chairman Sir Nigel Essenhigh (right) and Gerald Howarth MP (left)

The test range emulates 1,500 computer terminals, modelling their network infrastructure – from the amount of email and web traffic to chat, file sharing, power management and printing activities. The hosts communicate through an adaptable network architecture that can be changed to test different scenarios. User domains are populated and connected to multiple internet service providers, which are all connected through core internet routing infrastructure and enterprise services. Northrop Grumman claims that the test range will be able to recreate the real-world environment as accurately as possible in a closed system, allowing networks to be driven to complete failure by a virus without impacting on real services.

Its success, however, will depend on its ability to keep up with the hackers. Two years ago, the Defense Advanced Research Projects Agency (DARPA) in the US embarked on a similar project to develop a National Cyber Range (NCR) that would provide realistic, quantifiable assessments of the nation’s critical information systems if they were under attack. The NCR hosts security systems and local and wide-area network security tools by simulating the technologies under real-world conditions. However, DARPA has been criticised for taking too long to build the range, with agencies looking to their own solutions to pick up the pace.

“If we can identify the vulnerabilities of a network first, we will be one step ahead”

Like the NCR, Northrop Grumman’s cyber test range is a hugely complex system and it may take months to configure it for a specific network. The company remains confident, however, that a commercial cyber range is vital to the UK’s security and has said that its facility has the potential to expand by 75 per cent. Instead of focusing on cyber threat defence, the cyber test range could, in the future, be used to develop attack scenarios.

Gerald Howarth, UK minister for international security strategy, believes that, both from an economic and strategic viewpoint, the UK needs a cyber attack potential: ’I hope we are going to develop an attack capability, but watch this space. I think it’s going to be a growing area of interest. The secretary of state for defence regards this as one of the major “up arrows” for our new defence posture. One of the reasons we are proposing to reduce the number of main battlefield tanks is that there is no immediate threat from the East German plain of hordes of Soviets coming to attack us, but there is a real threat today on cyber,’ he said.

Cyber crime is estimated to cost in the region of $1 trillion per year globally and the figure will rise, along with the speed at which the attacks can cause devastation. In less than five years, the government predicts that there will be more interconnected devices on the planet than humans. Everything from planes, mobile phones and fridges will be part of a network that could be hacked by an organisation or an individual intent on disrupting or taking control of critical infrastructure. Investing in technology to counter cyber attacks is vital, but whether it proves effective against increasingly sophisticated viruses is yet to be seen.

what’s in a name

These innocuous-sounding names hide the nature of harmful viruses

Morris – named after Robert Tappan Morris, who created the worm in 1988, this was one of the first ever viruses. Claimed to be coded to find the size of the internet, an error in the code made the harmless worm into a dangerous one, causing a loss of between $10m (£6m) and $100m. It infected more than 6,000 computer systems in the US, including systems at NASA.

Melissa – Created by David L Smith and named after a bar dancer, Melissa was reported in March 1999. The virus was attached to emails that read: ’Here is that document you asked for, don’t show it to anybody else.’ When the document attachment was launched, a program was created that replicated the email and sent it to the first 50 addresses in the global address book of users running Microsoft’s Outlook personal organiser. It has been estimated that the virus infected more than a million computers.

Love Letter – The virus, which was unleashed in 2000, came in the form of an email with the subject ’I LOVE YOU’ and an attachment LOVE-LETTER-FOR-YOU.TXT.vbs. The virus copied itself to all the addresses in the Windows address book with the user’s sender address and brought malicious changes to the user’s system. The estimated losses were about $8.7bn and around 10 per cent of all the computers that were connected to the internet were affected.