The Guardian view on cyberwar: an urgent problem | Editorial

The internet is now used as a low-level weapon of war. How should Britain best defend itself?

In the desperate scramble to rearm before the second world war there was always an undercurrent of pessimism. “The bomber will always get through,” Stanley Baldwin warned. In his dark fantasies, destruction and poison gas rained from the skies and obliterated civilisation. That isn’t quite what happened, though the bombers did their best. Today’s equivalent is the feeling that the hacker will always get through, and that attacks on computer networks will become the most devastating form of future warfare.

There are certainly grounds for fear. Technological civilisation is now built on software, much of it desperately insecure. Even when the software itself is secure – and you’d assume that the CIA at least would use properly secured software – the human parts of a bureaucracy can fail, as is shown by the extraordinary case of a teenage hacker, Kane Gamble, operating from his bedroom in Leicestershire, who managed to impersonate the director of the CIA and the deputy director of the FBI and gain access to part of their emails, which included a great deal of classified material.

The British government is projected to spend £1.9bn on cybersecurity between 2016 and 2021. This is for all departments, including the MoD, the surveillance agency GCHQ and GCHQ's front window, the National Cyber Security Centre.   

But the MoD is way behind in spending on cybersecurity, its involvement minuscule compared with GCHQ and the NCSC.  The MoD proudly announced in 2016 it was building a new cyber-defence operations centre at its Corsham base in Wiltshire but the amount, £40m, is tiny compared with overall departmental spending.

And it’s nearly 10 years since the computers of the Tibetan government in exile were found to be infested with sophisticated spyware, presumably Chinese. But espionage like that is only a new front in an age old struggle. This is also the way to look at the exploitation of social media by Russian hacking groups to the benefit of Donald Trump. It was imaginative but not entirely unprecedented. States have used propaganda and disinformation to weaken their adversaries for centuries. What is almost entirely new is the use of computer networks for physical sabotage by state actors. The first known, and perhaps the most successful of these, was the joint US/Israeli Stuxnet attack on the Iranian nuclear programme in 2009. Since then there has been increasing evidence of attacks of this sort by Russia – against Estonia in 2009, and then against Ukraine, where tens of thousands of attacks on everything from power supplies to voting machines have opened an under-reported front in an under-reported war. Across the Baltic, the Swedish government has just announced a beefed-up programme of civil defence, of which the most substantial part will be an attempt to protect its software and networks from attacks. Meanwhile, North Korean state hackers are blamed by western intelligence services for the WannaCry ransomware attacks which last year shut down several NHS hospitals in the UK. Persistent reports suggest the US has interfered in this way with North Korea’s nuclear missile programme.

Parliament’s intelligence and security committee concluded in its most recent report that China and Iran should be added to Russia and North Korea as countries that could threaten the infrastructure of the UK in this way. These attacks are hard to defend against. It is almost impossible to prove beyond doubt who the perpetrators are. International law provides little protection and there is no realistic prospect of general disarmament. Britain’s GCHQ has developed a deterrent capacity of its own for use against other states, although the cost has been redacted in the intelligence and security committee’s report. Cyber-attacks are far more urgent than the spectre of Russian tanks rolling towards underequipped British troops that has been raised by General Sir Nick Carter. Whatever GCHQ spends deterring or defending against them is better value than the billions on aircraft carriers or Trident, which we must all hope will never be used.



The GuardianTramp

Related Content

Article image
The Guardian view on cybersecurity: trust – but verify | Editorial
Editorial: The use of Chinese-made equipment in Britain’s broadband infrastructure demands, and gets, careful scrutiny


20, Jul, 2018 @4:29 PM

Article image
The Guardian view on the defence budget: be realistic | Editorial
Editorial: The military has suffered from austerity and the world is a dangerous place, but that doesn’t mean the case for higher defence spending needs no interrogation


27, Jun, 2018 @5:31 PM

Article image
The Guardian view on North Korea: Pyongyang’s advantage | Editorial
Editorial: While Kim Jong-un’s regime has hacked other countries, US attempts to damage his nuclear programme face tough challenges


05, Mar, 2017 @7:13 PM

Article image
Britain has offensive cyberwar capability, top general admits
Gen Sir Patrick Sanders says Boris Johnson has told him to ensure UK is major cyber power

Dan Sabbagh Defence and security editor

25, Sep, 2020 @5:00 PM

Article image
The Guardian view on cyberwars: enter the trolls | Editorial
Editorial: The great breach in the US government’s database is a classic case of informational smash and grab. But operations to plant misinformation are also worrying for states which care about truth


05, Jun, 2015 @6:11 PM

Article image
Has North Korea found a friend in President Putin? | Natalie Nougayrède
Natalie Nougayrède: In the midst of the Sony hacking scandal, Kim Jong-un received an invite to Russia. It’s a sign that we’re in a new era of hybrid warfare and deniable attacks

Natalie Nougayrède

23, Dec, 2014 @5:09 PM

Article image
The Guardian view on Russia and hacking: time to tackle our vulnerabilities | Editorial
Editorial: The disrupted cyber-attack on the chemical weapons watchdog and allegations of a sophisticated Chinese hardware hack have highlighted the dangers


05, Oct, 2018 @4:48 PM

Article image
US and UK blame Russia for 'malicious' cyber-offensive
Security officials issue alert directly blaming Kremlin for attack as US warns Moscow it is ‘pushing back hard’

Ewen MacAskill Defence correspondent

16, Apr, 2018 @6:23 PM

Article image
Ex-hackers could be recruited to UK cyberdefence force
GCHQ to train hundreds of enlisted computer experts including possible convicted hackers for UK cyberdefence force

Haroon Siddique

22, Oct, 2013 @8:46 AM

Article image
The Guardian view on defence and foreign policy: an old-fashioned look at the future | Editorial
Editorial: A reconsideration of Britain’s place in the world is necessary. But this paper fails to meet the challenges of the 21st century


16, Mar, 2021 @7:10 PM