Britain vulnerable to cyber-attack from “weaponised misinformation” perpetrated by Russia
There is a high risk of cyber-attack on “vulnerable” British targets from states like Russia that do not operate under the same legal standards, according to the former GCHQ deputy director of intelligence Brian Lord.
He said the security services have “few people” who are able to counter cyber-attacks in an uneven battlefield where the likes of Russia do not operate “under the same kind of shackles”.
He spoke as the influential Public Accounts Committee (PAC) said it has lost some confidence in the Government’s ability to protect Britain from high-level cyber-attacks because of skills shortages and “chaotic” handling of personal data breaches.
Yesterday, Defence Secretary Sir Michael Fallon blamed Russia for numerous cyber breaches. He alleged that the country is “weaponising misinformation” in a sustained campaign of destabilisation against the West.
This particular concern has been particularly prominent in recent months after reports emerged that blamed Moscow for interfering with the United States presidential election which resulted in Donald Trump’s victory.
Fallon said that it was vital that Nato strengthened its cyber defences while doing more to tackle the “false reality” being propagated by the Kremlin. The warning came amid repeated suggestions by Trump that he wants to establish better relations with Vladimir Putin.
Lord said in response the UK should apply “muscular diplomacy” to “legally and legitimately” use online technology to apply pressure on other countries and organisations to stop them from seeing the UK as a “weak target”.
He also said agencies would like to go further than what is currently allowed in UK law: “Well of course they do, what they want to be able to do – they are seeing an adversary, whether that’s state or criminal, who don’t operate under the same kind of shackles and therefore it becomes increasingly difficult with a few people with the skills necessary to be able to counter them.
“I think these are some of the areas where the UK is particularly vulnerable.”
Lord’s comments came as the PAC warned that ministers have taken too long to consolidate the “alphabet soup” of agencies tasked with safeguarding the UK from cyber-attacks.
The committee said that despite cyber-attacks being ranked as a top four risk to UK national security since 2010, the role of the Cabinet Office, which is responsible for coordinating information protection across Government, remains unclear.
Committee chairwoman and Labour MP Meg Hillier said: “Government has a vital role to play in cyber security across society but it needs to raise its game.
“Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.
“The threat of cyber-crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure.
“In this context it should concern us all that the Government is struggling to ensure its security profession has the skills it needs.
“Leadership from the centre is inadequate and, while the National Cyber Security Centre (NCSC) has the potential to address this, practical aspects of its role must be clarified quickly.
“Government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support.”
A Cabinet Office spokesman said: “Our comprehensive and ambitious National Cyber Security Strategy, underpinned by £1.9bn of investment, sets out a range of measures to defend our people, businesses, and assets; deter and disrupt our adversaries; and develop capability and skills.”