A number of governments are battling against an evolving type of cyber-warfare, incidences of which have been appearing increasingly across the world.
It’s hard when discussing such trends not to evoke images of global conspiracies, the dark underbellies of spy networks or the hunt for the “smoking USB”.
Recent events around the globe, however, have demonstrated that it’s a threat that many governments are taking more and more seriously.
Two weeks ago, the Iranian government confirmed that its ongoing nuclear programme had been infected deliberately by a complex and damaging computer virus, which some have, not unhyperbolically, called the “first cyber superweapon”.
Mehr, the Iranian state news news agency, reported that the IP addresses of over 30,000 computers had been infected by the rapacious “Stuxnet” virus, which attacks plants and large-scale industrial systems, first discovered in late June.
The origins of the virus are as yet unknown. Estimates suggest a high level of sophistication and thus state involvement – that it took a team of eight to ten people six months to create, for example.
Some have suggested that it might have originated amid ongoing tensions between China and India, originally developed in the People’s Republic in a bid to attack its neighbour’s systems. The Iranian Foreign Ministry has suggested that blame lay with “Western states”.
Iran, however, was not the only country to have been affected. A subsequent analysis by Symantec, the computer security firm, found that 60 per cent of infected machines were in Iran, 18 per cent in Indonesia and 8 per cent in India. News from Beijing indicates that millions of computer users in China have also been affected.
The European Union’s cyber security agency – the European Network and Information Security Agency (ENISA) – said on Thursday that these events marked a “paradigm shift” in terms of the importance of the attacks for future security and how they might be likely to be repeated in the future.
The events were the latest in a wider series of deliberate cyber attacks which stretch back a number of years.
Only in August this year, the Pentagon confirmed that, in a similar attack two years ago, memory sticks which had been placed in the washrooms of a US military base in the Middle East had been deliberately infected with a computer worm which attacked the operating computer systems of US forces when opened by curious military personnel.
This comes almost two and a half years after Estonia endured a three-week wave of cyber attacks — or “Clickskrieg” as it is occasionally known — which engulfed the country’s banks, parliament and government ministries. In March the following year, members of a Russian backed youth-movement claimed responsibility for the attack.
And it goes on and on.
Today, NATO announced that it aims to spend almost €1bn over the next two years in attempts to address such “increasingly sophisticated” attacks.
Yesterday, official figures from the Austrailian military has revealed a 230 per cent increase in cyber attacks with, it suggests, evidence that “dozens” of countries are involved.
As a result, governments around the world are shifting security priorities and resources towards cyber-crime.
Coincidentally, the European Commission announced yesterday its intention to create a new directive, adding to a 2005 framework decision, to prevent against cyber crimes.
This includes: the penalisation of the use of as malicious software; the introduction of “illegal interception” of information systems as a criminal offence; and the creation of a basic obligation to collect basic data on cyber crimes. As a result of the Lisbon Treaty taking effect, the legislation to do this will no longer need to be approved unanimously by the EU Council of Ministers. It can now be adopted by a simple majority of Member States at the Council together with the European Parliament.
The UK government is also waking up. It has now set up the Office of Cyber Security (OCS) in the Cabinet Office, and a multi-agency Cyber Security Operations Centre (CSOC) at GCHQ in Cheltenham.
As Dr Paul Cornish, Professor of International Security at Chatham House recently observed, our society is increasingly dependent upon a globalised communications infrastructure. With this dependence brings great vulnerability.
It is anticipated that the next major “leap” in this trend will occur when quantum cryptanalysis technology is first developed. Such technology would make it possible to crack virtually any encryption in very short periods of time. At the same time, computer scientists are racing towards developing quantum cryptography technology, which would prevent communications from being intercepted.
Given the ability of just a few individuals to disrupt entire networks and command systems, one might recall the eerie prescience of Sun Tzu’s dictum that “the supreme art of war is to subdue the enemy without fighting”.
You can follow Rob Higson on Twitter.