[ISN] Terror plot to cripple UK in cyber attack

[InfoSec News]

http://news.scotsman.com/uk.cfm?id=305582005

JAMES KIRKUP 
POLITICAL CORRESPONDENT 
22 Mar 2005

INTERNATIONAL terrorists are training to launch cyber-terror attacks 
on Britain which could cripple vital economic, medical and transport 
networks, the government's counter-terrorism co-ordinator said 
yesterday. 

Sir David Omand said surveillance of suspected al-Qaeda affiliates 
suggests they are working to use the internet and other electronic 
communications systems to cause harm. 

Sir David, a former head of GCHQ and one of the most senior members of 
the British intelligence community, yesterday appeared at a conference 
of security experts and business leaders at Chatham House in London to 
discuss Britain's defences. 

To illustrate the point that even entirely civilian industries and 
networks can be vital to national security, the conference was 
reminded of an MI5 assessment that "Britain is four meals away from 
anarchy." 

British security officials are normally extremely reluctant to discuss 
potential threats even semi-publicly, but the need for increased 
action from the private sector is driving a newfound openness. 

Intelligence officials say that no matter how much the state does to 
prepare for cyber-terrorism, a great deal will rest on the willingness 
of businesses to "harden" their systems against attack 

Sir David confessed to his audience that he had doubts about 
commenting publicly on security threats, not least for fear of 
sparking undue panic. He insisted that his remarks constituted an 
attempt to "inform" or to "alert", but stopped short of being a 
"warning". 

Britain has not yet experienced genuine acts of cyber-terrorism, but 
Sir David said intelligence chiefs are in little doubt that the 
country must be ready for such an attack. 

While the mandarin did not name al-Qaeda or its affiliates, he left 
little doubt that the followers of Osama bin Laden are developing 
their electronic warfare capabilities. 

"Many of those who have been arrested or about whom we know have a 
very high level of technological awareness," Sir David said. 

A combination of the terrorists' increasing technological 
sophistication and Britain's growing dependence on electronic networks 
means this is considered "a threat which will rise in silence". 

Cybernetic attacks can take many forms. At the most basic level, 
programmers can set computers to bombard websites and email servers 
with thousands of messages which cause them to jam. 

More sophisticated and dangerous attacks would entail penetrating an 
organisation's internal communication and management systems, either 
distorting messages or blocking them altogether. 

The most sensitive government systems, such as those used by the 
military and intelligence services, are entirely closed to the outside 
world. 

Instead, the authorities' greatest fears about electronic attacks 
relate to the more exposed networks that make up what is known as 
"critical national infrastructure", many of which are in civilian 
hands. 

Central and local government systems, financial markets, the National 
Health Service, the emergency services, transport and energy networks, 
and even the food and drink industry are all deemed vital to Britain's 
ability to resist potential attack or, should an attempt succeed, to 
minimise the harm caused. 

Yesterday's call for greater resilience away from the "core" targets 
of central government and financial targets echoes similar assessments 
in recent weeks. 

Earlier this year, an authoritative study by St Andrew's University 
security experts warned that counter-terrorism preparations in areas 
outwith London need much more work. But Britain is not alone in 
worrying about non-physical terrorist attacks on infrastructure. US 
intelligence agencies are known to be particularly concerned that 
terrorists could combine electronic and physical attacks to 
devastating effect, for example disrupting emergency service networks 
at the same time as mounting a bomb attack. 

And electronic attacks on electricity grids or the floodgates of 
hydro-electric dams are also under active consideration by US 
agencies. 

Other scenarios are less spectacular, but could entail significant 
economic harm to Britain, even as the result of events far beyond the 
UK's borders. 

The global nature of the internet means the threat from cyber-attacks 
is equally international, forcing British agents to work closely with 
nations they say they would often regard with suspicion or even 
hostility. 

One British counter-terrorism official yesterday raised the prospect 
of a electronic attack on the Russian gas industry. 

"Given that Britain is now a net importer of gas and that gas is 
shipped through pipelines controlled by electronic technology, this 
sort of thing has to be considered a potential economic threat," the 
official said. 

Toby Harris, the former chairman of the Metropolitan Police Authority, 
told the delegates yesterday that there remains "significant 
vulnerability in the systems we all rely on." 

Lord Harris insisted the threat was not exaggerated, citing the 
example of HM Coastguard, which was last year almost paralysed by a 
computer virus. 

"What happens were there to be a serious attack that severely damaged 
the critical national infrastructure?" he asked, calling for urgent 
work by public and private sector managers to devise contingency 
plans. 

Otherwise, he said, "Britain could be quickly reduced to large-scale 
disorder, including looting and rioting, in the event of a serious 
disruption of critical national infrastructure".