The Government CIO John Suffolk warned yesterday that IT criminals are offering denial-of-service attacks as an online service.
Denial of service is an explicit attempt by attackers to prevent legitimate users of a service from using that service.
Suffolk said that people can pay criminals to take down particular services. "There is money going into crime because the pickings are rich." He said that denial of service is being offered on the web "as a service".
The Government is a huge target: it has more than 8,000 data centres, 90,000 servers, 35 networks and about five million desktop systems. "How do we protect those?" asked Suffolk.
He added: There is a massive debate going on which says: 'should I be
spreading my risk out or consolidating my risk and using my scarce money to
protect a smaller number of assets?"
Suffolk's warning came on the day the National Security Council cited the risk of cyber attacks on Britain as one of four top threats
requiring government attention. It was placed alongside terrorism, a major accident or natural hazard such as floods, and an international military crisis.
Last week the head of the Government communications headquarters GCHQ, Iain Lobban, warned
that critical infrastructure such as power grids and emergency services were under threat of cyber attacks.
Denial-of-service attacks on the private and public sectors are common.
At an e-crime conference, the chief information security officer at a large drugs company revealed the existence of frequent and sometimes successful attacks on his systems.
In some cases companies have paid the criminals a ransom to reveal how they brought down systems. Police have confirmed that the ransoms were paid with their full knowledge - because, from the corporate perspective, it can cost less to pay the criminals than suffer the consequences of a denial of service attack.
Days ago the website of the Intellectual Property Office, which is part of the Department for Business, Innovation and Skills, was brought down by a denial-of-service attack. The Intellectual Property Office is the official government body responsible for granting Intellectual Property rights in the UK.
The website is back
online - but with a limited service only. "We are working to resume a full service as soon as possible" says the website.