UK infrastructure faces cyber threat, says GCHQ chief

Image caption, GCHQ is mostly associated with electronic intelligence-gathering

The UK's critical infrastructure - such as power grids and emergency services - faces a "real and credible" threat of cyber attack, the head of GCHQ says.

The intelligence agency's director Iain Lobban said the country's future economic prosperity rested on ensuring a defence against such assaults.

The internet created opportunities for hostile states and criminals, he said.

For example, 1,000 malicious e-mails a month are already being targeted at government computer networks, he said.

Speaking to the International Institute for Strategic Studies, Mr Lobban said he did not want to go into detail about the threat to the UK's "critical national infrastructure".

But he said the threat posed by terrorists, organised criminals and hostile foreign governments was "real and credible" and he demanded a swifter response to match the speed with which "cyber events" happened.

Critical national infrastructure also includes sectors such as financial services, government, mass communication, health, transport, and food and water - all of which are deemed necessary for delivering services upon which daily life in the UK depends.

With both the Strategic Defence and Security Review and the Comprehensive Spending Review due to be published next week, Mr Lobban said ministers would be looking at what capabilities the UK needs to develop further.

"Clearly they will also be deciding how they trade off against other spending priorities."

He added: "Just because I, as a national security official, am giving a speech about cyber, I don't want you to take away the impression that it is solely a national security or defence issue. It goes to the heart of our economic well-being and national interest."

Intellectual property theft

While GCHQ is more usually associated with electronic intelligence-gathering, Mr Lobban stressed that it also had a security role, referred to as "information assurance".

He said that they had already seen "significant disruption" to government computer systems caused by internet "worms" - both those that had been deliberately targeted and others picked up accidentally.

Each month there were more than 20,000 "malicious" e-mails on government networks, of which 1,000 were deliberately targeted at them, while intellectual property theft was taking place on a "massive scale" - some relating to national security.

And there was a "big challenge" with the government wanting to get more and more services online, he said.

"Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors," he said.

"Cyberspace is contested every day, every hour, every minute, every second. I can vouch for that from the displays in our own operations centre of minute-by-minute cyber attempts to penetrate systems around the world."

While 80% of the threat to government systems could be dealt with through good information assurance practice - such as keeping security "patches" up to date - the remaining 20% was more complex and could not simply be solved by building "higher and higher" security walls.

Export expertise?

Although cyberspace presented a potential security threat to the UK, Mr Lobban said that it also offered an opportunity if the UK could get its defences right.

"Fundamentally, getting cyber right enables the UK's continuing economic prosperity.

"There's a clear defensive angle. In order to flourish, a knowledge economy needs to protect from exploitation the intellectual property at the heart of the creative and high-tech industry sectors. It needs to maintain the integrity of its financial and commercial services."

But he added that the implications were wider than that.

"There is an opportunity which we can seize if government and the telecommunications sector, hardware and software vendors, and managed service providers can come together.

"It's an opportunity to develop a holistic approach to cyber security that makes UK networks intrinsically resilient in the face of cyber threats.

"That will lead to a competitive advantage for the UK. We can give enterprises the confidence that by basing themselves here they gain the advantages of access to a modern internet infrastructure while reducing their risks."

He said developing such expertise would also open up potential export opportunities, with the global market for cyber security products "growing faster than much of the rest of the global economy".