The main focus of intelligence and security agencies' work on cyber is on countering hostile foreign activity and covert intelligence gathering, as countries use private groups to carry out state-sponsored attacks.
According to the Intelligence and Security Committee (ISC) of parliament annual report for 2012-2013, beyond ‘known' attackers, the committee had been told that a number of countries are also using private groups to carry out state-sponsored attacks.
It said: “These state-affiliated groups consist of skilled cyber professionals, undertaking attacks on diverse targets such as financial institutions and energy companies. These groups pose a threat in their own right, but it is the combination of their capability and the objectives of their state backers that make them of particular concern.”
It also said that it had learned that there was more increased targeting of professional services firms (such as lawyers and accountants) as opposed to other, more obvious, targets that may have stronger defences.
Foreign Secretary William Hague was quoted as having said that such a trend was ‘worrying', as such attacks are a route into a defence company or high tech manufacturer where a lot of data is sitting with lawyers or accountants. “If they are soft targets, well, then it becomes quite easy to get that data a different way,” Hague said.
The report also claimed that such third-party attacks were targeted against government departments via industry suppliers. This apparently has led to Ministry of Defence (MoD) data being stolen.
The report also claimed that the UK is facing a cyber threat that is at its highest level ever, and the committee called for planning to begin now to ensure that resources will be made available to combat cyber attacks in the latter half of this decade.