The armed forces are so dependent on information and communications technology, that a cyber attack could fatally compromise its ability to operate.
Commenting on the recent Defence and Cyber Security report, Andrew Beckett, head of consulting and professional services at Cassidian CyberSecurity, said that the report stops short of calling for greater pressure to be placed on the international community to create a common response policy to events in cyber space, which is of paramount importance when cyber attacks do not recognise national boundaries.
The report said that "it is not enough for the Armed Forces to do their best to prevent an effective attack" and it recommended the government "should set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so - and urgently create some".
The report said: “There is clearly still much work to be done on determining what type or extent of cyber attack would warrant a military response. Development of capabilities needs to be accompanied by the urgent development of supporting concepts.
“We recommend that the Ministry of Defence (MoD) makes development of rules of engagement for cyber operations an urgent priority, and that it should ensure that the necessary intelligence, planning and coordination functions are properly resourced.”
The report also called for the government to make it a priority to develop robust protocols for sharing information with industry to allow expertise to be pooled, and that the 'Cyber Future Force' work focuses on the development of career structures for MoD and Armed Forces personnel that will allow them not only to develop, but build on, their cyber skills.
Beckett said: “The UK government's greater involvement with the Nato Cyber-Defence Centre of Excellence has been slow and the UK now needs to move quickly to position itself as the leader in this area that it should be, based on our national capabilities.”
Committee chairman James Arbuthnot MP agreed, saying that it was the view of the group that cyber security "is a sufficiently urgent, significant and complex activity to warrant increased ministerial attention".
Martin Sutherland, managing director of BAE Systems Detica, said: “The UK's ability to defend itself against cyber attacks does not rest in the hands of any single entity. Ensuring our national and economic security in an increasingly interconnected world requires all organisations – government, public and private sector – to put in place robust cyber security defences, as well as appropriate response procedures in the event of a successful attack.
“To improve the effectiveness of these measures we need to encourage more organisations to share best-practice approaches to cyber security and provide more information about the nature of the attacks they're seeing, particularly given that many private sector firms act as suppliers to the government or are delivering essential services that our nation relies upon every day.”
David Harley, senior research fellow at internet security firm Eset, said: “It's not new news that modern military forces are highly reliant on information technology, or that attackers might look for ways in which to subvert that technology.
“No military strategist or tactician in the 21st century is going to assume that technology is unbreakable, and codifying rules of engagement is an important task at national and international level. However, it's just one part of a very complex problem, and the organisation's IT security strategy should be based on expert opinion from within the military and security services, not just the opinions of MPs.”
Ross Brewer, managing director and vice president of international markets at LogRhythm, said: “It is unfortunate that most government-led cyber security policies focus on catching and punishing criminals as opposed to preventing computer crime. It's therefore no surprise that public calls for urgent and more aggressive government action are gathering steam.
“LogRhythm's own research has shown that more than two-thirds of the UK public now back pre-emptive cyber strikes on enemy states. Furthermore, 45 per cent believe that the UK government needs to step up its protection of national assets and information against cyber security threats, and 43 per cent think that the threat of international cyber war and cyber terrorism is something that needs to be taken very seriously now.
“However, any pre-emptive strike could incite disturbing consequences such as the execution of even more sophisticated attacks on the UK's critical infrastructure. Rather than attacking ‘enemy' networks, the scale and nature of today's cyber threat calls for proactive, continuous monitoring of IT networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all – after all, you can only defend against that which you can see.”