Ahead of the UK’s upcoming election, the British Prime Minister is looking towards the cyber-security horizon. Along with a major cabinet reshuffle, David Cameron has announced a £1.1 billion package ‘to equip [the UK] armed forces for the conflicts of this century, not the last.’ This includes a £800 million boost to British intelligence, surveillance, and cyber capabilities. Welcome news for sure for NATO allies, who’ll travel to Wales in September for the 2014 NATO Summit. Building on last month’s Defence Ministerial, alliance leaders will work to create a ‘clarity of policy’ on cyber issues. For what it’s worth, UK Permanent Representative to NATO, Adam Thomson, is optimistic: ‘there is a large amount of common ground. I’m sure we will all hotly debate the finer points of policy…but I’m not worried about coming to some good, strong clear conclusions.’
Doing some horizon scanning of its own, the Australian Army’s Directorate of Future Land Warfare has similarly found cyber to be a critical part of this century’s strategic environment. Stating that offensive cyber capabilities can be ‘as effective as precision-guided munitions’, the new study concludes that ‘the army must develop an ability to defend critical networks against cyber-attack, while also being prepared to operate in a degraded network environment.’
Unsurprisingly, the United States also recognises the critical role of cyber. Despite steep cuts to its military personnel overall, the US is looking to boost its cyber cadre by as many as 4,000 personnel to meet the challenge. That move has raised some critical questions about the ‘dangerous concentration’ of people and assets at Fort Meade (which houses too the Defense Information School, the headquarters of United States Cyber Command, the National Security Agency, and the Defense Information Systems Agency), the state of cyber training, and, of course, the impact of the ramp-up on parking and traffic. To pre-empt those issues, the Pentagon could learn from North Korea’s experience, where cyber staff have doubled over the last two years!
A fair warning to anyone thinking of applying for any of those new positions—or to any US government agency for that matter—Chinese hackers are targeting Federal employee personal data. In March, the Office of Personnel Management’s databases were infiltrated, with the perpetrators targeting files on federal employees who have applied for top-secret security clearances. While most experts suggest that this move falls ‘well within the bounds of modern spycraft’ and is ‘OK’ under US rules, don’t expect anything other than denials from the Chinese government. After all ‘Chinese laws prohibit cyber crimes of all forms, and Chinese government has done whatever it can to combat such activities.’
The US Senate is also getting into the action, with the Senate Intelligence Committee approving a bill to boost public–private information sharing. With Congressional inaction a major impediment to US governance cybermaturity in 2014, this move will hopefully help boost the public–private partnership efforts outlined back in the 2013 cybersecurity Executive Order issued by President Obama. (More from ICPC on the Executive Order here)
While the week’s news demonstrates increased government efforts on the cyber front, with The Economist finding that ‘cyber-attackers have multiplied and become far more professional’, the private sector isn’t holding its breath. Microsoft, for one, has been particularly gung-ho on the matter, announcing that it successfully freed 4.7 million infected PCs. Having identified millions more infected machines, the Microsoft Digital Crimes Unit is keen to continue its recent spate of cyber policing. But the company has been taking flak since a ‘technical error’ shut out 1.8 million legitimate Vitalwerks users during a sting operation. That isn’t stopping Facebook testing the vigilante waters by taking down the small Lecpetex botnet operation that has used the social media platform to spread spam and malware. Meanwhile Google has revealed Project Zero, its own elite team of hackers ‘with the sole mission of tracking down and neutering the most insidious security flaws in the world’s software.’ While this type of corporate vigilatism mightn’t be the cyber heroism the Internet deserves, as governments continue to struggle with cybercrime, it might just be what it needs to stem the tide.
Klée Aiken is an analyst in ASPI’s International Cyber Policy Centre.