Foreign states may already have used malware to map the networks that support the UK's critical infrastructure systems, the government admitted.
The admission by government officials came in the run-up to a parliamentary statement by Cabinet Office minister, Francis Maude, marking the first anniversary of the UK's government's National Cyber Security Strategy.
Maude highlighted future work on a new UK National Computer Emergency Response team, further work on education and skills, Cyber Reservists for the MoD and a partnership with the private sector to boost the cyber security sector in the UK. He pointed out that the private sector is the largest economic victim of crime-crime, such as IP theft, and from economic espionage perpetrated through cyberspace, as well as highlighting efforts to improvement the protection of the UK's critical infrastructure in a written statement to parliament on Monday (3 December).
"We have invested in new and unique capabilities for GCHQ to identify and analyse hostile cyber attacks in order to protect our core networks and services and support the UK’s wider cyber security mission," Maude said. "I cannot reveal details of this work, but it has broadened and deepened our understanding of the threat, helping us prioritise and direct defensive efforts."
"The Security Service has developed and enhanced its cyber structures, focusing on investigating cyber threats from hostile foreign intelligence agencies and terrorists, and working with UK victims. This informs the work of the Centre for the Protection of National Infrastructure (CPNI) which is helping organisations to improve their cyber security measures."
"CPNI is actively influencing standards, researching vulnerabilities and focusing on the key technologies and systems of cyber infrastructure. As part of this work it has commissioned a major research programme from the University of Oxford with the aim of delivering advice, guidance and products to help reduce the risk of cyber attacks mounted or facilitated with the help of company insiders."
Maude praised efforts to secure systems during the Olympics as well as looking ahead to a new Cyber Incident Response scheme, recently launched by CESG and CPNI in pilot form, will move to become fully operational in 2013. Next year will also see the merger of cyber-policing units at Scotland Yard and SOCA to form the new National Cyber Crime Unit of the new National Crime Agency.
The cyber security strategy was launched on 25 November 2011 as a means to co-ordinate government and private sector efforts in the fight against cyber-espionage, malware and other internet security threats.
The government budgeted £650m to bolster the nation's cyber-defences as part of the 2010 strategic defence review. GCHQ was given the lead role and the lion's share of the budget. Only £30m was earmarked for law enforcement.
Government ministers and officials argue that the threats is growing and facilities that power utilities, banking and other vital services are at the front line of attack. The threats come in the form of attacks designed to steal intellectual property and trade secrets as well as more general cybercrime and probes against the networks of utilities and others.
Officials will not be drawn on who is responsible for reconnaissance-style attacks on UK infrastructure systems, beyond saying that the threat came from abroad.
"We understand that there is a threat from hostile foreign states and others to attack it," a senior official said, The Guardian reports.
"It would be absolutely in keeping with that – we have seen attempts by hostile foreign states through cyberspace as well."
"There are attacks against critical national infrastructure and I am not going to say whether they were or weren't successful," the official added.
US officials have warned about attacks on that country's national infrastructure but unlike their UK counterparts they have been far less reticent about apportioning blame, singling out China and Russia for criticism.
Chris McIntosh, chief exec at encryption firm ViaSat, commented that news that cyber-attacks are increasingly targeting critical infrastructure ought to come as little surprise.
"While previously national energy or resource infrastructure was relatively safe from these attacks, the modernisation of these networks has meant they are closely connected to the internet and so more vulnerable than ever. While at one level the threat to infrastructure could involve the targeting of individual sections of the network and deny certain services at specific areas, at the extreme level these attacks could potentially be used to overload systems or override safety mechanisms, causing catastrophic damage to the surrounding area and the infrastructure as a whole." ®