Foreign powers are 'main cyberthreat' to UK

Overseas governments probing electronic networks for information are the main threats to the UK critical national infrastructure, claims the organisation defending it

Foreign governments are the primary threat to the UK's critical national infrastructure (CNI) because of their hunger for information, according to a government body.

The National Infrastructure Security Co-ordination Centre (NISCC), which is in charge of defending the CNI, claimed on Tuesday the most significant electronic threats to the critical national infrastructure are content-based, targeted, Trojan horse email attacks from the Far East.

"Foreign states are probing the CNI for information," said Roger Cummings, the director of NISCC.

The CNI is made up of financial institutions; key transport, telecoms and energy networks; and government organisations.

NISCC is working with its equivalents in the countries concerned to try to "shut the attacks down", according to Cummings. NISCC cannot name the countries concerned as this may "ruin diplomatic efforts to halt the attacks".

The attackers appears to be aiming to gather commercially or economically valuable information, according to NISCC.

"We call it the 'malicious marketplace'," said Cummings. "Exploit writers can make money by selling exploits. Who are the most capable organisations to make use of exploits? Foreign states are the most capable actors — they are currently sitting up at the top of the marketplace," he added.

Cummings went on to dissect the 'malicious marketplace', in which he claimed the most significant element is foreign states, whose target is information. Below them are criminals who are trying to compromise the CNI in order to sell information. Hackers motivated by kudos or money have "a variable capability", but are more serious than terrorists, who currently have a "low capability", and pose the smallest threat, Cummings claimed.

However, there is a risk these groups will increasingly work together.

"The risk from criminals [to the CNI] increases when they get into bed with hackers. The capability of terrorists will increase if they employ hackers," said Cummings. "We are concerned that the malicious marketplace will make available exploits that can do us damage," he added.

Although foreign states are currently the most capable of launching attacks, NISCC expected criminal capability to "expand and start to bump against foreign states," Cummings said.

Cyberterrorism is a controversial subject within the security industry. Some experts, such as Bruce Schneier, have claimed the threat doesn't exist. Speaking in April, Schneier said that some organisations have been abusing the term in an attempt to fuel their budgets.

Cummings said people needed to be aware of the threat from terrorism, but stressed that he didn't want to hype the threat or alarm people.

"We are constantly aware that terrorists can attack us in a whole host of ways. There is concern that terrorists can acquire exploits through the 'malicious marketplace'. We would say there is hype around cyberterrorism, but we need to remain eternally vigilant," Cummings said.

The UK government should be applauded for developing a more proactive approach to this issue, according to the Communications Electronics Security Group (CESG).

"The government is being proactive, and this is paying dividends. All information is worth protecting — potentially as it could mean people's lives. Where the squaddies are tomorrow needs to be kept secret; you can't put a price on human life," said Chris Ulliot, head of vulnerability research, CESG.

Cummings and Ulliot were speaking at SANS Institute's launch of its Top 20 Critical Internet Vulnerability Listing at the Department of Trade and Industry in London.