As diplomatic tensions run high between the UK and Russia while the investigation continues into the Salisbury nerve agent attack on former double agent Sergei Skripal and his daughter Yulia, cyber security expert Professor Alastair Irons examines the threat of cyber war and what we can do to combat it.
The political events of recent weeks with the expulsion of Russian diplomats from the UK, and UK diplomats from Russia, suggests that there may be a return to Cold War-style diplomacy.
The threat of attack from nations outside the UK now includes the threat of cyber attack which, when taken to the extreme, could be construed as a ‘cyber war’.
The digital landscape has evolved exponentially in recent years, with society’s dependency on the digital infrastructure increasing. As dependency increases, then the impact of potential exploits on those vulnerabilities increases.
There’s a difference between the digital infrastructure and our Critical National Infrastructure (CNI), but increasingly there’s a digital aspect to the latter (encompassing the utilities, the transport sector, commerce and defence) as well as the digital infrastructure for society’s day-to-day activities.
Advanced Persistent Threats
Advanced Persistent Threats (APTs) are typically cyber attackers sponsored by nation states so have large financial backing, potentially powerful technical resource and an ‘army’ of technical experts. APT attacks are targeted and organised with specific targets designed to disrupt and potentially disable the target’s infrastructure. In 2007, there were a series of cyber attacks against Estonia, mainly distributed DDoS attacks, allegedly from Russia. The attacks were so profound that they disabled the economic infrastructure of Estonia.
Nation state cyber attacks are typically medium-to-long term attacks (ie not an immediate impact) and seek to cause maximum disruption to the country under attack. The attack could be against CNI, but could also be against organisations – either against their ability to trade, their competitive economic advantage or against their Intellectual Property, in turn possibly eliminating years of R&D.
Last year, the UK released an updated cyber security strategy wherein the vision is that, by 2021, “the UK is secure and resilient to cyber threats and prosperous and confident in the digital world”. The UK needs to defend against cyber attacks, deter potential attackers and develop the cyber skills required to realise the strategy.
Education is a key aspect in creating a cyber secure UK and addressing the cyber skills gap. Education about cyber security can take place in a number of different areas – for the general public, as Continuing Professional Development for employees, for school pupils and for those in higher education.
Highly specialised cyber security skills can be developed in undergraduate computer science programmes and in specific post-graduate programmes, such as the MSc in Cyber Security at the University of Sunderland.
Professor Alastair Irons is Dean of Computer Science at the University of Sunderland