How Great is the Threat of Cyber War?

Professor Alastair Irons

Professor Alastair Irons

As diplomatic tensions run high between the UK and Russia while the investigation continues into the Salisbury nerve agent attack on former double agent Sergei Skripal and his daughter Yulia, cyber security expert Professor Alastair Irons examines the threat of cyber war and what we can do to combat it.

The political events of recent weeks with the expulsion of Russian diplomats from the UK, and UK diplomats from Russia, suggests that there may be a return to Cold War-style diplomacy.

The threat of attack from nations outside the UK now includes the threat of cyber attack which, when taken to the extreme, could be construed as a ‘cyber war’.

The digital landscape has evolved exponentially in recent years, with society’s dependency on the digital infrastructure increasing. As dependency increases, then the impact of potential exploits on those vulnerabilities increases.

There’s a difference between the digital infrastructure and our Critical National Infrastructure (CNI), but increasingly there’s a digital aspect to the latter (encompassing the utilities, the transport sector, commerce and defence) as well as the digital infrastructure for society’s day-to-day activities.

Advanced Persistent Threats

Advanced Persistent Threats (APTs) are typically cyber attackers sponsored by nation states so have large financial backing, potentially powerful technical resource and an ‘army’ of technical experts. APT attacks are targeted and organised with specific targets designed to disrupt and potentially disable the target’s infrastructure. In 2007, there were a series of cyber attacks against Estonia, mainly distributed DDoS attacks, allegedly from Russia. The attacks were so profound that they disabled the economic infrastructure of Estonia.

Nation state cyber attacks are typically medium-to-long term attacks (ie not an immediate impact) and seek to cause maximum disruption to the country under attack. The attack could be against CNI, but could also be against organisations – either against their ability to trade, their competitive economic advantage or against their Intellectual Property, in turn possibly eliminating years of R&D.

Last year, the UK released an updated cyber security strategy wherein the vision is that, by 2021, “the UK is secure and resilient to cyber threats and prosperous and confident in the digital world”. The UK needs to defend against cyber attacks, deter potential attackers and develop the cyber skills required to realise the strategy.

Education is a key aspect in creating a cyber secure UK and addressing the cyber skills gap. Education about cyber security can take place in a number of different areas – for the general public, as Continuing Professional Development for employees, for school pupils and for those in higher education.

Highly specialised cyber security skills can be developed in undergraduate computer science programmes and in specific post-graduate programmes, such as the MSc in Cyber Security at the University of Sunderland.

Professor Alastair Irons is Dean of Computer Science at the University of Sunderland

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts