Attack Vector: UK Eyes Private Industry

Wednesday, October 20, 2010 @ 11:10 PM gHale

Security is all about collaborating from government all the way over to private companies.
The leader of Britain’s communications intelligence agency said it may need to receive direct feeds of information from private companies in key economic sectors in order to better protect the U.K. economy from the threat from cyber attacks.
Iain Lobban, director of GCHQ, said the risks from cyber attacks were expanding along with the rise in the Internet, which was growing by 60% a year.
He said U.K. government computer networks received more than 20,000 malicious emails a month, 1,000 of which deliberately targeted the networks. There had also been “theft of intellectual property on a massive scale, some of it not just sensitive to the commercial enterprises in question but of national security concern too.”
With the costs of e-crime probably running into the billions of pounds, he said thousands of stolen U.K. credit-card details are available for sale online in hacking forums for about $2 per set, he said. He cited public reports suggesting one botnet stole credit-card and online banking details from up to 12.7 million victims worldwide.
He said criminal groups use “botnets-for-hire” for concerted attempts to perpetrate multiple small frauds against commercial targets and against online tax systems across Europe. “E-Crime therefore begins to look like a low-risk, but potentially high-profit opportunity for the creative criminal,” he said.
Conventional solutions such as patches could deal with 80% of attacks, but the “patch and pray” approach was not enough, he said. They have to deal with the remaining threat in cyberspace, he said.
He said there needs to be new approaches to deal with attacks on Britain’s critical national infrastructure, like gas and electricity supply and banking networks.
“We need to consider the value of receiving in return a direct feed of information from the operators with that same sort of timeliness so that we are aware of the attacks that they are seeing on their systems as they happen.”
He said this pointed to a different sort of partnership between the national security agencies and key industries. “Our systems will need to be more interconnected. And we may need to establish different financial models to underpin a national capability which will be both public and private,” he said.

Leave a Reply

You must be logged in to post a comment.