The UK should go on the attack in the cyber war, rather than just defend, according to MPs on the Intelligence and Security Committee (ISC).
This is because the committee believes that the UK’s cyber defences are not mature enough yet to deal with the threat to national security.
“Twenty months into the National Cyber Security Programme, there appears to have been some progress in developing cyber capabilities. However, cyber security is a fast-paced field and delays in developing our capabilities give our enemies the advantage.
“We are therefore concerned that much of the work to protect UK interests in cyberspace is still at an early stage,” the ISC said in its 2011-12 annual report.
Russia and China are suspected to be responsible for the majority of electronic attacks, which focus on acquiring information and espionage, the ISC said.
While the committee said that defending against cyber threats must be a priority for the UK, it believes that there are more proactive measures that the military and intelligence agencies could take.
Examples could be what the ISC termed ‘active defence’, which involves interfering with the systems of those trying to hack into UK networks, or accessing of data or networks of targets to obtain intelligence or to “cause an effect” without being detected.
The committee also suggested following the example of the Stuxnet virus – which it said UK agencies were not involved in – believed to have caused some disruption of Iran’s nuclear enrichment programme, by accessing the networks or systems of enemies to hamper their capabilities without detection, or “at least without attribution”.
In terms of the military, it suggested the destruction of data, networks or systems that are used to support armed conflict.
In 2010, the government announced the £650 million National Cyber Security Programme, which aims to transform the UK’s cyber skills and capabilities by 2015.