Cyber crime, espionage and attacks pose a major threat to the national security and economic success of the UK. A year ago, the Government launched its National
Cyber Security Strategy to set out how the UK can support economic prosperity, protect national security and protect our way of life by building a more trusted and resilient digital environment. These key objectives are the focus of IA12, the Government's annual information assurance event, which starts today in London.
The Security Service and the UK's other security and intelligence agencies play an important part in helping to tackle the cyber threat to the UK. It is the focus of an increasing proportion of our efforts. A new set of pages on the MI5 website have been published to explain what is being done in this area:
"Cyberspace" is the term used to describe the electronic medium of digital networks used to store, modify and communicate information. It includes the Internet but also other information systems that support businesses, infrastructure and services. We all rely on the availability of these systems on a daily basis. A secure online environment is essential to HM Government, which is providing an ever-increasing number of online services, to UK business and to ordinary people. It is central to the delivery of public and commercial services and communications.
However, some individuals and groups use cyberspace for malicious purposes. We call these people `hostile actors' and they exploit cyberspace to conduct espionage operations or launch damaging computer network attacks.
A wide range of hostile actors use cyber to target the UK. They include foreign states, criminals, 'hacktivist' groups and terrorists. The resources and capabilities of such actors vary. Foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks.
Hostile actors conducting cyber espionage can target government, military, business and individuals. They use computer networks to steal large volumes of sensitive data undetected. This might include intellectual property, research and development projects, strategic data on a company's merger and acquisition plans or any other information that the owner might want to protect.
Cyber espionage should be viewed as an extension of traditional espionage. It allows a hostile actor to steal information remotely, cheaply and on an industrial scale. It can be done with relatively little risk to a hostile actor's intelligence officers or agents overseas. We call this activity Computer Network Exploitation (CNE).
Hostile actors can also use malicious software (or malware) to disrupt and damage cyber infrastructure. This can range from taking a website offline to manipulating industrial process command and control systems. Such activity is known as Computer Network Attack (CNA).
Cyber espionage presents a real risk to the economic well-being of the UK. It poses a direct threat to UK national security.
The Security Service, together with the other UK's intelligence agencies (MI6 opens in a new window and GCHQ opens in a new window), works to tackle the cyber threat along with other Government Departments and industry. Our work is carried out as part of the UK Cyber Security Strategy opens in a new window. Published in 2011, the Strategy states: "Our vision is for the UK in 2015 to derive huge economic and social value from a vibrant, resilient and secure cyber space, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society."
We have a number of teams dedicated to tackling the cyber threat to the UK. These teams carry out a range of work including:
This work is currently part-funded by the National Cyber Security Programme (NCSP), a Cabinet Office-led initiative derived from the UK National Cyber Strategy. It funds a range of projects to improve the UK's ability to protect its interests in cyberspace and to address threats from states, criminals and terrorists. It also looks for new opportunities to use cyberspace to benefit the UK's future prosperity and advance its security interests. Our work aims to make it as difficult as possible for hostile actors to use cyberspace to damage the UK's national security and economic well-being.
Our responsibilities for counter-espionage work are defined in the Security Service Act 1989 opens in a new window, which states:
"The function of the Service shall be the protection of national security and, in particular, its protection against threats from espionage, terrorism and sabotage, from the activities of agents of foreign powers and from actions intended to overthrow or undermine parliamentary democracy by political, industrial or violent means.
"It shall also be the function of the Service to safeguard the economic wellbeing of the United Kingdom against threats posed by the actions or intentions of persons outside the British Islands."
Our work on the cyber threat falls under both headings in that it protects both national security and economic well-being. The UK's national security benefits from our work to defend UK organisations and the public from damaging computer network attacks and cyber terrorism. In helping UK businesses to defend themselves from cyber espionage operations, we help to secure the country's economic well-being.
Hostile actors located in the UK can be prosecuted under a number of statutes. The Computer Misuse Act 1990 opens in a new window was introduced primarily to deal with computer offences such as gaining unauthorised access to networks. The law was updated by the Police and Justice Act 2006 opens in a new window to cover new offences such as carrying out denial of service attacks. It provides for sentences of up to 10 years' imprisonment. The Criminal Law Act 1977 opens in a new window has also been used to prosecute offences of conspiring to carry out computer misuse. The police and Crown Prosecution Service opens in a new window are responsible for arresting and prosecuting individuals who have broken these laws. As with terrorism and espionage, we collaborate with law enforcement agencies to tackle the cyber threat.
There are many simple steps that business and the public can take to improve their cyber security. Good cyber security depends on a combination of both technical measures and human behaviour.
For example, an anti-virus system will go some way to preventing malicious activity on computer networks but it will become ineffective if the user does not ensure that it is kept up to date. Similarly, if staff in an organisation are educated not to open suspicious emails, this can help to prevent their organisation becoming a victim of cyber espionage.
To know more, click here.
Parts of or the whole information published on this page is likely to originate from Official Institutions like Governments, Ministries, Embassies and States. Its reproduction on this page does not constitute any endorsement from DiploNews and any of its affiliates and/or partners. If titles are sometimes modified for better understanding, the contents are reproduced exactly as delivered by the institution that first published it. To know the exact origin, click on 'view original source' at the end of the page. All information that originates from DiploNews is copyrighted and cannot be reproduced without written express authorization from DiploNews.