Britain ‘under attack’ in cyberspace
Britain is seeing about 70 sophisticated cyber espionage operations a month against government or industry networks, British intelligence has told the BBC.
GCHQ director Sir Iain Lobban said business secrets were being stolen on an “industrial scale”. Foreign hackers have penetrated some firms for up to two years, he said. And he denied that his organisation had broken the law in receiving information from the Prism spy programme.
Sir Iain told BBC Radio 4: “People are going after intellectual property and then seeking to translate it into national gain. We started a couple of years ago thinking this was going to be very much about the defence sector but really it’s any intellectual property that can be harvested.”
Foreign intelligence services are behind many of these attacks, according to Britain’s Security Service MI5. British businesses are waking up the threat of cyber espionage.
Sir Michael Rake, chairman of BT and president of business lobby group CBI, has been warning fellow businessmen about the dangers. “These threats are real, they’re sophisticated, they do financial and reputational damage,” he told the BBC. There’s been a lot of concern around espionage in gaining information of advanced planning and design and it is critical because one of our big strengths in the UK is our design capabilities,” he added.
“Graphic showing monthly percentage for targets of sophisticated cyber attacks against the UK”. The job of the Security Service MI5 involves dealing not just with terrorist threats but also cyber attacks.”There are now three certainties in life – there’s death, there’s taxes and there’s a foreign intelligence service on your system,” explained MI5’s head of cyber (who asked not to be named), in his first public interview inside MI5’s Thames House headquarters.
MI5’s origins are as a counter-espionage agency – catching foreign spies – and that is still what it tries to do in cyberspace.
“There are hostile foreign states out there who are interested in a company’s mergers and acquisitions activity, their joint venture intentions, their strategic direction over the next few years and that information would be valuable to that country’s state owned enterprises,” he said.
So who is behind these attacks? Both MI5 and GCHQ said they knew who was behind the attacks but neither was willing to say.
“We’re sure we know who it is,” argued Sir Iain, saying only that in many cases attacks are “state sponsored”.
“Attribution can be very hard and it’s very difficult to do attribution in real time but over a period you can build up a pretty strong idea,” he explained.
Foreign Secretary William Hague also declined to point the finger now but did not rule out doing so in the future. “That’s not been our approach so far. But that might have to change if things get worse,” he told the BBC.
Washington has taken a different approach. Both the administration and Congress are explicit about what they see happening to American companies.
“Blueprints for their products that make them successful are being stolen at a breath-taking pace, taken back to China, repurposed and then they re-engineer it and then compete against those companies with those products which they’ve stolen,” Congressman Mike Rogers, chairman of the House Intelligence Committee told the BBC.
“I stand back in awe as a professional at the breadth, depth, sophistication and persistence of the Chinese espionage effort against the United States of America,” Michael Hayden, former director of America’s spy agency the NSA said. That is, of course, a slightly disingenuous answer since most experts believe that the NSA (along with GCHQ) is amongst the most adept and busy of all global spy agencies when it comes to stealing the secrets of other countries.
Hayden however draws a distinction. “We steal secrets too – but we steal only those things that keep British or American subjects safe and free. We don’t steal things to make Americans – or in GCHQ’s case British – subjects rich. The Chinese do.”
The view from Beijing is very different. It sees America using the charge of economic espionage to distract from its own aggressive cyber activities – ranging from traditional espionage to preparing for cyberwar. The Chinese Foreign Ministry invited me in to talk to the country’s lead negotiator on cyber issues. “China is one of those countries suffering most by hacker attacks,” Dr Huang Huikang argued. “They are misunderstanding what happened in China and sometimes we think this is a political game. It’s not true and not fair to China.”
China is watching the Pentagon grow its cyber command five-fold to nearly 5,000 personnel and also worries at the way in which American corporations still play a dominant role in the internet globally.
“Getting hold of technological secrets so that you can learn from another country is nothing new,” says Professor Xu Guangyu, a former general in the People’s Liberation Army. “It happened well before the advent of cyberspace. The main thing is that the control of cyberspace is too concentrated in the hands of the United States.”
China’s argument has been bolstered by Edward Snowden’s leaked documents which portray a huge level of espionage against Chinese (and other) computer networks and information flows. The interview with GCHQ’s director was conducted before Snowden’s documents began to emerge. A number of his revelations concerned the work of GCHQ including its receipt of information from major technology companies through America’s Prism programme.
In a statement after the revelations, Sir Iain said that GCHQ did not circumvent the law and worked under a robust framework. “I can say that any data obtained by us from any other nation which involves individuals in the UK is subject to proper UK statutory controls and safeguards,” he told the BBC.
“The secret intelligence provided by all the UK security and intelligence agencies is vital to defeating terrorism and maintaining Britain’s broader national security. Acquiring it in ways that somehow evade UK law would be a contradiction in terms.”
The borwell Team say: “Really shows how much the world has changed. Protecting personal information should be top priority in CyberSpace, and companies should take extra steps to ensure security. Attacks on networks and systems are becoming more and more frequent, and so we have to step up to the mark to keep up with the times.”
Taken from BCC News website – “Britain is under attack in cyberspace”.
If you’re worried about your business, contact borwell for a consultation – https://borwell.com/#contact