GCHQ warns of 'disturbing' cyber attacks on public and private sectors

The director of the government spy agency has warned of repeated cyber attacks on the UK aimed at stealing sensitive information and intellectual property

The director of the UK spy agency Government Communications Head Quarters (GCHQ) has revealed that cyber attacks targeting UK businesses and the government have reached 'disturbing' levels.

In a report in The Times today, GCHQ chief Iain Lobbam said the attacks were designed to steal sensitive information.

"I can attest to attempts to steal British ideas and designs - in the IT, technology, defence, engineering and energy sectors, as well as other industries - to gain commercial advantage or to profit from secret knowledge of contractual arrangements," he said.

"We are also aware of similar techniques being employed to try to acquire sensitive information from the government computer systems, including one significant (but unsuccessful) attempt on the Foreign Office and other government departments this summer."

The security industry has been quick to respond to Lobbam's comments.

Paul Davis, director of Europe at security firm FireEye, commented that the UK's cyber security needs to be strong with the Olympics approaching next year.

"It's vital that we see the government take decisive action to protect our critical infrastructure, particularly with the global spotlight of the Olympics being shone on the UK in 2012."

He added that modern attacks employ stealth technology to remain invisible to administrators even once they have successfully penetrated the corporate network.

"The state of IT security has reached this point because conventional defensive security technologies have remained relatively stagnant in the face of a fast-evolving offensive threat," said Davis.

"The sheer volume and escalating danger of modern attacks are overwhelming limited IT resources and out-manoeuvring our conventional defences. It's time for a serious rethink about how the government, business and the security industry address the escalating problem of cybercrime and cyberwarfare."

Frank Coggrave, general manager, EMEA, at digital forensics specialists Guidance Software, called for greater collboration and communication between the public and private sectors as a way to improve cyber defence.

"The only way to protect individuals' freedom and privacy is to make a concerted drive for open sharing and communication of threats.

"This means that government security services and commercial organisations must work together and consistently keep each other abreast of increasing risks and identified threats."

Meanwhile, Mark Darvill, CTO of security provider AEP Networks, said we are seeing another cold war - this time being fought in cyberspace.

"States are engaged in an ‘arms race' akin to that which we saw during the cold war. All major states have cyberwarfare programmes in place (whether acknowledged or not), and are developing increasingly sophisticated techniques for both defensive and offensive purposes.

"The difference with the cold war is that states are actually attacking each other on a regular basis."

He explained that these attacks are in part designed to probe defences as preparation for future attacks.

"Many of these attacks are more like ‘reconnaissance' missions in traditional warfare - they are designed to identify weak spots in an enemy's national critical infrastructure and test their defences to plan for future attacks."

Foreign secretary William Hague will host the London Conference on Cyberspace, from 1-2 November, which will feature speakers such as US secretary of state Hillary Clinton, digital agenda commissioner Neelie Kroes and Icann chief executive Rod Beckstrom.