UK government 'planning to launch Stuxnet-like attacks' against hostile states

The UK's cyber-security strategy includes "proactive" tactics and "plans to deliver military effects" in order to authorise the use of launching Stuxnet-like state-targeted malware.
Written by Zack Whittaker, Contributor

The UK government's cyber-security plan, while includes measures to protect the UK's critical national infrastructure and threats from hostile states and intelligence services, harbours offensive capabilities to strike back at those who attack the UK's networks.

In keeping with its allies, including the United States and Israel, long believed to have been one of the driving forces behind the Iranian-bound Stuxnet worm, the UK could soon be following suit.

(Previously unreleased image of Global Operations Security Control Centre -- Source: Sky)

Worded albeit vaguely in Friday's released cyber-security strategy -- which also includes plans to restrict the access of cyber-criminals to the web, and allow leading private businesses to access state-secret technology to fend off network intrusions -- the strategy points to assaulting capabilities, sources speaking to the Telegraph confirmed.

The cyber-security strategy will allow the creation of a "joint cyber unit" based at a military facility near Corsham, Wiltshire, to "develop and use a range of new techniques, including proactive measures to disrupt threats to our information security".

GCHQ, the UK's third intelligence service charged with protecting the UK's critical national infrastructure, will also play a part to "develop new tactics".

Detailed on page 26:

4.7 In keeping with the NATO Strategic Concept, and with the agreement of the National Security Council, the NCSP is investing to ensure we take a more proactive approach to tackling cyber threats and exploiting the cyber environment for our own national security needs.

4.9: As part of this we are creating a new Defence Cyber Operations Group to bring together cyber capabilities from across defence. The group will include a Joint Cyber Unit hosted by GCHQ at Cheltenham whose role will be to develop new tactics, techniques and plans to deliver military effects, including enhanced security, through operations in cyberspace.

While offensive action could include directed malware attacks that could target specific nuclear operations or programmes in rogue states, it could include seemingly low-level disruption tactics.

Earlier this year, a Whitehall source speaking to a British national newspaper, said that GCHQ in conjunction with British foreign intelligence service the SIS (MI6) disrupted an online al-Qaeda propaganda 'magazine', by replacing a bomb-making guide with a recipe for non-exploding cupcakes.

Though Russia and China were not named in the cyber-security strategy, Baroness Neville-Jones, the UK's former security minister, previously named the two countries as two of the "worst culprits" in cyber-attacks on the UK's networks.

2.5: Some of the most sophisticated threats to the UK in cyberspace come from other states which seek to conduct espionage with the aim of spying on or compromising our government, military, industrial and economic assets, as well as monitoring opponents of their own regimes.

Unveiling the cyber-security strategy on Friday, UK prime minister David Cameron said: "While the internet is undoubtedly a force for social and political good -- as well as crucial to the growth of our economy -- we need to protect against the threats to our security".


Editorial standards