Cyber guards or soldiers: which do
we need most?
Warships, jets and cash machines can all be put out of action by
an attack over the internet. No wonder the director of GCHQ
broke cover to warn us this week.
  by Con Coughlin, and published: 7:24AM BST 14 Oct 2010

The year is 2025, and the Royal Navy has just dispatched one of its new, state-of-the-art aircraft carriers to the Pacific Ocean, as a bitter trade dispute with China threatens to spill over into open conflict. Equipped with a full complement of Joint Strike Fighter warplanes, and escorted by a battle group of heavily armed destroyers and frigates, the carrier has been sent to demonstrate to Beijing that Britain is determined to protect international shipping lanes.

Soldiers on patrol in Helmand province in Afghanistan,
November 2009 Photo: Heathcliff O'Malley
Then, before a shot is fired in anger, the aircraft carrier and all the other ships are suddenly hit by a massive power failure. The engines and the computer systems shut down, and the fleet's powerful array of weaponry is rendered inoperable.
At a stroke, the British battle group has been neutralised by teams of highly skilled computer hackers assigned to the People's Liberation Army (PLA), which have placed a computer worm in the fleet's operating systems.
At the same time, Chinese cyber warriors launch a "clickskrieg" against mainland Britain. At the press of a mouse button, power stations, water firms, air traffic control and all government and financial systems are shut down. In the space of a few minutes, the entire nation has been paralysed.
Most of the debate over funding for the Armed Forces has focused on how many aircraft carriers and fast jets we will need to fight the wars of the future, based on the assumption that we will be engaged in the type of conventional conflicts that have recently taken place in the Balkans, Iraq and Afghanistan.
But there is also a growing body of opinion, within both military and intelligence circles, that future threats are as likely to take place in cyber space as on the battlefield. As Iain Lobban, the director of Britain's top-secret GCHQ surveillance centre, revealed this week, the prospect of cyber attacks by terrorists, hostile states and criminal gangs poses a grave threat that "goes to the heart of our economic wellbeing and national interest".
Mr Lobban's belated intervention in the debate over the Government's highly controversial Strategic Defence and Security Review, which is due to be published next week, is remarkable on two counts. It is the first time that the head of the most secret of Britain's intelligence agencies has publicised GCHQ's security concerns. Furthermore, he has laid bare the enormity of the challenge facing GCHQ and other security establishments in combating the threat from cyber-related attacks.
On the one hand, there is the danger posed by countries such as China, which has invested enormous resources in trying to use the internet to infiltrate Western governments and institutions, in order to acquire information on military capabilities and sensitive commercial information that can be used to Beijing's advantage.
And then there is the growing problem of criminal and jihadist terror groups exploiting the internet to wreak havoc on the world's leading financial systems. British security officials have warned that al-Qaeda is actively seeking to acquire the technology to launch a devastating cyber attack on the City, which would bring international trading to a standstill.
"Just imagine the civil unrest that would be caused if millions of people in Britain and throughout Europe found they were unable to undertake a simple transaction like withdrawing money from a cash machine," said a senior British security official. "Ultimately, it could cause more damage to the West than the September 11 attacks."
In his speech to the International Institute for Strategic Studies (IISS), Mr Lobban, an Everton supporter who took charge of GCHQ in 2008, revealed the alarming scale of the cyber threat. At GCHQ's Cheltenham headquarters, where an underground vault the size of Wembley stadium is filled with banks of computers that monitor millions of emails and telephone calls every day, more than 20,000 malicious emails that could inflict serious damage on government computer networks are identified each month. Of those, Mr Lobban said 1,000 are targeting the state. Others are aimed at the theft "of intellectual property on a massive scale".
The timing of Mr Lobban's speech is significant, because the challenge of how the Government should best prepare itself to deal with the cyber threat – still relatively new territory – is rapidly moving up the national security agenda. It was only last year that the Office of Cyber Security (OCS) was established to act as a "policy hub" within the Cabinet Office and coordinate the response of Britain's military, intelligence and security agencies to cyber threats. To date, the OCS has a staff of just 15 and a budget to match. By comparison, the United States' equivalent will eventually employ up to 1,100 people.
As Dr John Chipman, the director-general of the IISS, remarked earlier this year: "We are now, in relation to the problem of cyber-warfare, at the same stage of intellectual development as we were in the 1950s in relation to possible nuclear war." Not surprisingly, the cyber threat has figured prominently in discussions held by the Government's new National Security Council, which is attempting to impose some joined-up thinking on defence and intelligence issues.
For the moment, GCHQ is the body that is mainly responsible for dealing with cyber threats. But the possibility that cyber technology could soon pose a tangible threat to our defence capabilities has resulted in senior military officers arguing that they should assume command of the nation's cyber defences.
GCHQ has come a long way since its code-breaking heyday at Bletchley Park during the Second World War. The eccentric group of crossword enthusiasts, mathematicians and chess players who broke the Nazis' Enigma code have long gone. Today, there are 5,000 highly skilled computer engineers and technicians working round the clock at GCHQ's giant, £330 million doughnut-shaped building at Benhall, near Cheltenham.
A significant chunk of their work is taken up with counter-terrorism, particularly tracking jihadist terrorist groups in Afghanistan and Pakistan. They are also required to monitor the activities of states such as Russia, China and Iran that could be potentially hostile to British interests. GCHQ officials privately claim the credit for exposing Iran's secret uranium enrichment plant at Qom, which was publicly revealed last year by President Barack Obama.
With GCHQ bearing such a heavy workload, some military officers are arguing that the Government should follow the example set by the US and set up a body specifically to deal with cyber threats. There is some logic to this argument, considering the scale of the danger facing all the major Western powers.
There is already concrete evidence of cyber warfare playing a central role in state-on-state conflict. In 2007, Estonian government and banking websites were the targets of sustained computer attacks originating from Moscow during a row over a Russian war memorial. The following year, the Russians knocked out the Georgian government's computer system during the brief war over South Ossetia.
But the world leaders in cyber warfare are the Chinese, who regularly hold computer hacking competitions and then recruit the winners to join the PLA's cyber specialists. Beijing's ambition is to become the world's undisputed cyber warfare superpower by the middle of the century.
A number of Whitehall departments, including the Foreign Office, have accused the Chinese of trying to hack into their computer networks, while in America, Chinese hackers are reported to have attempted up to 100,000 attacks on government computers this year.
The Americans have responded by creating the US Cyber Command, which reports directly to the Pentagon. In Britain, when all the arguments over aircraft carriers and fast jets have subsided, the Government should give serious consideration to establishing a dedicated cyber command of our own.
Well.... I don't like the title.
And I wish my university lecturers could see this....
The article is also available from: