New legislation is needed to protect the UK's essential systems from the threat of attack from cybercriminals and terrorists, a Labour peer claimed on Tuesday.
Speaking at the Infosecurity Europe conference in London, Lord Harris of Haringey claimed that Britain stood at risk of an "electronic 9/11" because the companies who run parts of the Critical National Infrastructure (CNI) aren't compelled to maintain the highest levels of security against electronic attacks.
"It is essential that the UK national government takes on the responsibility to ensure that the CNI is protected," warned Lord Harris, listing 'nation states' and 'international terrorists' as threats facing the CNI. "If the technology to disrupt our systems is within reach of teenage nerds, it is within the reach of organised criminals," he said, although he added that "I don't know in detail how well of otherwise any of these individual systems are protected".
Harris's claim that cyberterrorists are poised to attack the UK is a controversial one. At another briefing at Infosecurity Europe, security guru Bruce Schneier claimed that cyberterrorism was a myth, promoted by security companies looking to boost their sales.
"Nobody's getting blown to bits," said Schneier. "I don't think that cyberterrorism exists — if you add 'terrorism' to things, you get more budget. If you can't get email for a day, you're not terrorised, you're inconvenienced."
Schneier added: "We should save 'terror' for the things that deserve it, not things that piss us off."
The CNI consists of key systems and networks whose loss would, in the UK government's view, have a serious impact on the economic, political and social life of the UK, and could cause loss of life. It includes communications, water and energy networks, emergency services and public safety systems.
Much of the CNI is run by major international corporations whose business models rely on these assets. The CNI is protected by the National Infrastructure Security Co-ordination Centre (NISCC), which carries out threat assessments and issues warnings about security problems. Harris argued that NISCC's current approach is flawed because it can only issue voluntary warnings, rather than enforce high standards.
"The message to operators of the CNI should be if you want the privilege, business and profits for operating parts of our critical national infrastructure, you will be expected to accept the cost of doing it in a secure manner. Citizens must also accept that it will cost us more," said Harris.
The NISCC referred press inquiries to the Home Office — which was unable to comment as it can't discuss government policy ahead of the forthcoming general election.
According to Lord Harris, immediate action is needed once MPs reconvene.
"We require the new parliament to consider and pass relevant legislation to secure the CNI, and operators to accept that such framework is an essential requisite for them to operate it. A very senior minister must have responsibility for this, with explicit and sustained support from the Prime Minister, backed up by a security tzar who can make things happen," Harris said.
"Top mandarins must know that their careers and pensions depend on getting it right," he added.
But Schneier is not alone in his opposition to talk of cyberterrorism. Back in February, several experts including Richard Clarke, the former White House cybersecurity advisor, rejected claims that a World Security Organisation should be set up to tackle cyberterror.