RegulationSecurityWorkspace

InfoSec 2013: MoD Warns Cyber Attack Could Bring Down Government

g-cloud government westminster big ben © Shutterstock QQ7
0 0 5 Comments

Head of information security at MoD tells TechWeek he isn’t over-hyping the threat

If the Ministry of Defence (MoD) suffered a serious cyber attack, it could result in the fall of the government, according to Adrian Price, head of information security at the MoD.

The threat is genuine, not hype, Price told TechWeekEurope, during a panel discussion at InfoSecurity 2013 today: “Clearly in my department and other members of the high-threat club we are dealing in the crown jewels… compromise of those crown jewels could potentially bring down the government,” he told TechWeek.

Cyber attack the crown jewels

McMurdieThe biggest threats to those crown jewels are other nation states and terrorist groups, he said,  while hacktivists are another, lesser, danger  – especially those opposing the war in Afghanistan.

“The impact [of an attack] could be the failure of a military operation. It could be damaging to the reputation of government… could indeed perhaps bring about a vote of no confidence in Parliament, and indeed the fall in government itself.”

The government has been accused of over-hyping cyber threats before. In particular, it sponsored a much-criticised piece of Detica research which put the cost of cyber crime to the UK at £27 billion a year – and continues to cite the report, even though other sources say the actual figure is far smaller.

Price also bemoaned the £650 million funding the Coalition dedicated to fighting cyber crime in 2011, saying it was not enough.

He said investment on protection for the nation’s data should equal 20 percent of the country’s gross turnover, if it were based on a private sector rule of thumb on how much budget to spend on protecting organisations from risk.

Taking government tax receipts and national insurance contributions from 2011/2012, the year in which the Coalition’s cyber strategy was officially unveiled, which stood at £543 billion, it appears Price would like an investment of £108.6 billion to protect UK data.

Alternatively, 20 percent of GDP of the UK in the fourth quarter of 2011 was £72.2 billion. Either way, it appears the MoD’s head of security would appreciate billions more financial support from central government.

But Price doubted taxpayers would be happy to see such high sums expended on security.

Charlie McMurdie (pictured) head of the Met’s Police Central e-Crime Unit (PCeU), said she would like more staff and greater capability, but was still able to prevent plenty of financial crime with the £30 million investment the government gave her division.

“I wish I had three or four times the capability I’ve got,” McMurdie added, pointing to the imminent arrival of the National Cyber Crime Unit (NCCU), which the PCeU will be folded into. A recent report from TechWeek found there was much anxiety around the formation of that unit.

What do you know about Internet security? Find out with our quiz!

  1. I think it is utter cod-shite designed to increase budgets and incite fear. Can you actually give me an example of an executed cyber attack that isn’t based on people doing things wrong (poor defences) but rather digital offence (zero day exploits are perhaps an example here). Why haven’t banks fallen down? Why isn’t it happening right now? Do you think someone actually allows a magic digital signal to launch the nukes? What is the actual threat? I was in china last week, and I realised that I signed into a non https connection with some credentials. Stupid of me. That is a kind of threat. Now china have an attack vector to me. But that is my fault. Not hacking.

  2. Not magically jumping into a server using black hat uber magic. Oooohhh give me a DDOS attack using, http://en.wikipedia.org/wiki/Low_Orbit_Ion_Cannon HACKING HACKING YEAH. If people get hacked then they are doing something wrong. End of story. Rebuttal please or can this digital war be put down in history as just a giant scam? Maybe it’s good to teach people to do things right. Surely our password entropy can just be increased so high that compute power will never people able to crack? Or have I missed something here?

  3. Were any of you commenting on this actually present? I was, and what was described by Mr Price was the worst-case scenario. At no time was there any suggestion that more money was needed to stop this “eventuality”.

    How fortunate those who believe in conspiracies, for they are sure to find them everywhere.