Spy-centre chief warns of cyber risk

In a highly unusual public speech, GCHQ Director Iain Lobban said that Britain’s future economic prosperity depended upon developing effective defences against a cyber assault.

Speaking last night to International Institute for Strategic studies, he said that the massive growth of the internet had opened up new vulnerabilities with opportunities for attack by both hostile states and criminals.

With the Strategic Defence and Security Review due to be published next week, Mr Lobban called for a “holistic approach” bringing together government and the telecommunications industry.

“It’s not a narrow security issue for the spooks but a wide economic issue that demands a holistic response,” he said.

“Fundamentally, getting cyber right enables the UK’s continuing economic prosperity.

“In order to flourish, a knowledge economy needs to protect from exploitation the intellectual property at the heart of the creative and high-tech industry sectors. It needs to maintain the integrity of its financial and commercial services.”

While GCHQ is more usually associated with electronic intelligence-gathering, Mr Lobban stressed that it also had a security role, referred to as “information assurance”.

He said that it had already seen “significant disruption” to government computer systems caused by internet “worms” – both those that had been deliberately targeted and others picked up accidentally.

Each month there were more than 20,000 “malicious” emails on government networks, of which 1,000 were deliberately targeted, while intellectual property theft was taking place on a “massive scale” – some relating to national security.

The increased use of government services online – with the prospect of over 100bn-a-year in tax and benefits payments being processed online – only added to the security challenge.

“Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors,” he said.

“Cyberspace is contested every day, every hour, every minute, every second. I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world.”

While Mr Lobban did not go into detail about the threat to the UK’s critical national infrastructure, he said that it was “real and credible” and demanded a swifter response to match the speed with which “cyber events” happened.

He said there were particular difficulties if a state was behind a cyber attack, as it could be “very, very hard” to identify the perpetrator, although he suggested that military cyber capabilities could be used for “deterrent effect”.

While 80 per cent of the threat to government systems could be dealt with through good information assurance practice – such as keeping computer security patches up to date – the remaining 20 per cent was more complex and could not simply be solved by building “higher and higher” security walls.

“A ‘Maginot line’ approach to defence will not be sufficient of itself,” he said.

“‘Patch and pray’ will not be enough. At the national level, getting the rest of cyber – the more difficult 20 per cent – right will involve new technology, new partnerships, and investment in the right people.”

Although cyberspace presented a potential security threat to the UK, Mr Lobban said that it also offered an opportunity if Britain could get its defences right ensuring that its computer networks were “intrinsically resilient”.

“That will lead to a competitive advantage for the UK.

“We can give enterprises the confidence that by basing themselves here they gain the advantages of access to a modern internet infrastructure while reducing their risks,” he said.