MI5 has acknowledged the threat of cyber crime to the UK.
Speaking last night at the Lord Mayor's Annual Defence and Security Lecture, the director general of the Security Service, Jonathan Evans, said that ‘malicious activity in cyber space' has become more prominent in the last few years, saying that the frontline in cyber security is ‘as much in business as it is in government'.
He said: “Britain's National Security Strategy makes it clear that cyber security ranks alongside terrorism as one of the four key security challenges facing the UK. Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states and the extent of what is going on is astonishing – with industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime.”
He described this as a threat to ‘the integrity, confidentiality and availability of government information' and also to business and to academic institutions, with not only government secrets at risk, but also the safety and security of the UK infrastructure ‘and the intellectual property that underpins our future prosperity and the commercially sensitive information that is the life-blood of our companies and corporations'.
Evans also admitted that one major London-listed company had incurred revenue losses of some £800 million as a result of a hostile state cyber attack, not just through intellectual property loss but also from commercial disadvantage in contractual negotiations. “They will not be the only corporate victim of these problems,” he said.
He also said that the Security Service is working with ‘many others' that are of high economic value and that are potential future targets of hostile state cyber activity.
Evans praised the work of the Centre for the Protection of National Infrastructure, GCHQ, the Department of Business Innovation and Skills, the Department for Energy and Climate Change and law enforcement, saying that the work that is being done has allowed it to investigate cyber compromises in over a dozen companies.
“We are contributing to the international process of ensuring that the appropriate IT security management standards are in place to manage some of these new risks. So far, established terrorist groups have not posed a significant threat in this medium, but they are aware of the potential to use cyber vulnerabilities to attack critical infrastructure and I would expect them to gain more capability to do so in future,” he said.
He concluded his section on cyber security by encouraging the boards of all companies to consider the vulnerability of their own company to these risks as part of their normal corporate governance, and require their key advisors and suppliers to do the same.
On issues of justice and national security, Evans said that the proposed legislation to ensure that communications data continues to be available to the police and security agencies in the future, as it has in the past, was a ‘necessary and proportionate measure to ensure that crimes, including terrorist crimes, can be prevented, detected and punished'.
He said: “It would be extraordinary and self-defeating if terrorists and criminals were able to adopt new technologies in order to facilitate their activities while the law enforcement and security agencies were not permitted to keep pace with those same technological changes.”