The armed forces could be "fatally compromised" by a sustained cyber attack, MPs warned

MPs warn that military are vulnerable to cyber risk

The armed forces' ability to operate could be "fatally compromised" by a sustained cyber attack, MPs warned.

The Commons Defence Committee said the cyber threat to UK security had the ability to evolve at "almost unimaginable speed" and questioned whether the government had the capacity to deal with it.

It called on ministers to take a more hands-on approach to ensure proper contingency plans were in place.

The committee heard evidence that entire combat units, such as aircraft and warships, could be rendered completely dysfunctional by a cyber attack.

Experts warned an enemy could seek to target radar or satellites to create a "deceptive picture" in the military command structure while the increased use of unmanned drones and battlefield robots potentially added to the vulnerability.

"The evidence we received leaves us concerned that with the armed forces now so dependent on information and communications technology, should such systems suffer a sustained cyber attack, their ability to operate could be fatally compromised," the committee said. "Given the inevitable inadequacy of the measures available to protect against a constantly changing and evolving threat ... it is not enough for the armed forces to do their best to prevent an effective attack.

"In its response to this report the government should set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so – and urgently create some."

The committee accused ministers of "complacency" over the failure to develop rules of engagement covering the military response to a cyber attack on the UK.

"Events in cyberspace happen at great speed. There will not be time, in the midst of a major international incident, to develop doctrine, rules of engagement or internationally accepted norms of behaviour," it said. "There is clearly still much work to be done on determining what type or extent of cyber attack would warrant a military response."

Committee chairman James Arbuthnot said it was now essential that ministers took the lead in ensuring effective plans were in place to cope with the threat.

"It is our view that cyber security is a sufficiently urgent, significant and complex activity to warrant increased ministerial attention," he said. "The government needs to put in place – as it has not yet done – mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities that cyberspace presents."

Defence Minister Andrew Murrison rejected accusations of complacency, saying the government was investing £650m over four years in the national cyber security strategy programme.

"The UK Armed Forces and the equipment and assets they use are among the world's most modern and advanced, so of course information technology plays a vital role in their operation," he said.

"Far from being complacent, the MoD takes the protection of our systems extremely seriously and has a range of contingency plans in place to defend against increasingly sophisticated attacks although, for reasons of national security, we would not discuss these in detail.

"Government funding to tackle this threat underlines the important we attach to these issues."

Shadow defence secretary Jim Murphy said: "This report is worrying. The government stand accused of complacency and lacking contingency planning. Policy progress is falling behind the pace of the threat our armed forces face.

"Developing professional expertise, advanced research, bringing public and private sectors together, using procurement to promote best practice and working with international partners are all essential elements of a comprehensive cyber-security strategy for our forces. Vulnerabilities must be tackled urgently and ministers must respond in detail to the demands in this report.

"Cyber demands new strategies and capabilities as part of a necessarily diverse modern defence posture."

IET Fellow Hugh Boyes said: “There continues to be real and growing threats to our interests in cyberspace and these have increased with the growth of the ‘Internet economy’. This issue is made worse by a lack of suitable professionals who can help us to combat the issues associated with cyber security. This situation will be exacerbated if we do not take urgent action now to fill the skills gap.

“At the Institution of Engineering and Technology we have been working with the Cabinet Office to ensure we have a better mix of skills for the future. With a bigger pool of suitably qualified graduates we can improve cyber security by making software more secure, dependable and reliable.”

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them