In an increasingly digital world, all nations are vulnerable to cyber attacks that can paralyse services. Is the UK prepared?
Can you imagine a world where you can’t get information online; use your credit card; draw cash; or check a train timetable?
This happened in Estonia in 2007 when it experienced a series of ‘denial-of-service’ attacks as a result of its government’s decision to relocate a Russian war memorial.
Denial-of-service attacks are when huge amounts of information are sent to targeted websites simultaneously, causing them to overload and freeze.
In Estonia, which is one of the most digitally advanced nations, the attacks shut down local internet service providers for several days, preventing people from buying food, getting petrol or completing bank transactions. One institution alone, Hansabank, reported that it lost at least $1m because of the attacks.
In an increasingly digital world, all organisations, including nation states, are vulnerable to cyber attack. Google and a wide range of companies have complained about attacks and illegal access to their information systems that appear to be politically or criminally motivated. In July 2009, a cyber attack brought down some of South Korea’s most important websites, including those of the defence ministry, the National Assembly and major banks.
Organised cyber crime has grown exponentially over the past ten years as criminals exploit vulnerabilities in government, corporate and personal IT systems. Methods range from ‘phishing’ and other techniques for influencing behaviour (ie, by manipulating individual users) to more sophisticated ‘infections’ capable, for example, of defeating anti-virus software. They can be used to automate criminal activity such as credit card fraud or to access valuable and confidential information.
E-crime is estimated to cost the UK economy many billions of pounds every year and these attacks can affect individuals carrying out financial business from their home computer, as well as major enterprises processing high volumes of transactions across complex networks. Online fraud is believed to have generated at least £52bn worldwide in 2007.
In June 2009, the government announced the establishment of the UK’s own cyber security agency and published a cyber security strategy. The Office of Cyber Security is responsible for co-ordinating IT defences and cyber attacks, and acting as a conduit for information security collaboration across government and with industry experts. This is a mixture of building stronger defensive walls and, in extreme cases, having the ability to mount cyber attacks in response to intrusions into the UK’s own systems.
This probably sounds as if it has more to do with the world of James Bond than public finance. However, almost all public services rely heavily on electronic communications. Ninety per cent of high street purchases are transacted by plastic, which depend on wired and wireless communications, and £50bn worth of consumer purchases and sales now take place online.
Are your organisation’s systems and websites secure? How would your organisation continue to operate in the event of a sustained localised or national denial-of-service attack?
As an increasingly digital nation, we need to be realistic about the risks that arise from our use of electronic communications and plan accordingly. Politically and economically, the UK is an attractive target for a wide range of individuals and organisations. Just as in the past we had to secure the seas and airspace for our national security and prosperity, in the twenty-first century we also have to secure our position in the electronic world.
At some point, the UK could be the victim of a successful ‘surprise’ attack that could bring down major public service websites and critical communications systems. Do we have in place the plans to mitigate the effects and continue to provide vital services?
John Thornton is an independent adviser and writer, the executive director of e-ssential Resources and a member of the CIPFA IT Panel
