Businesses should have to report cyber attacks, says shadow defence secretary

"Serious questions need to be asked about the nature of the cyber threat facing the UK" says Labour's Vernon Coaker

Labour shadow defence secretary Vernon Coaker has called for the next strategic review of defence policy to put more focus on the growing threats of cyber crime, and for businesses that are victims of cyber crime to disclose breaches.

Making the comments during a general speech about national defence at London's Royal United Services Institute for Defence and Security Studies today, Coaker argued that the 2015 defence review should focus on new threats.

The review shouldn't be so heavily influenced by the treasury, he argued, but rather more focused on long-term strategy over potential budgetary constraints.

Coaker also urged that the growing threat be recognised by forcing all private companies to report serious online attacks in order to protect national infrastructure as fully as possible.

"New types of threat - such as cyber - will increasingly test the resilience of UK critical infrastructure networks. In the face of increasing sophistication, serious questions need to be asked about the nature of the cyber threat facing the UK," said Coaker.

"What are the rules of engagement regarding cyber attacks?" he asked.

"Does the concept of deterrence apply in cyber warfare as it does in conventional warfare? And is the MoD doing enough to recruit the skilled people it needs to enhance cyber defence capabilities?"

Coaker referred to recent cyber attacks against NATO websites during the Ukraine crisis as evidence that "this threat is now a reality".

"Labour has already called on the government to ensure that every company working with the MoD, regardless of its size or the scale of its work, signs up to a cyber-security charter," he continued.

"Building on this, we will also consult on the prospect of creating a statutory requirement for all private companies to report serious cyber-attacks threatening the UK's national infrastructure."

All of this, Coaker suggested, was to prepare for "an uncertain set of threats in an uncertain future," adding, "but one thing is certain: these are threats from which Britain cannot afford to shy away. We must be both ambitious and realistic in how we choose to meet these threats and mitigate the risks."

Arabella Hallawell, vice president of corporate strategy for security solutions provider Arbor Networks, welcomed the call from the shadow defence minister, suggesting that ultimately such a policy would do more to protect individuals and organisations against cyber threats.

"The malicious threats that organisations face today are evolving so quickly that keeping up-to-speed, with limited visibility, is very difficult," she said.

"More requirements to disclose incidents will hasten organisational maturity in developing effective response plans that better protect customers and their business. The trend is towards more disclosure of breaches, whether forced by regulators, customers or emerging best practices."

However, defence secretary Philip Hammond dismissed the call from his Labour counterpart, claiming it was a "bit rich for Labour to be calling for a strategic review of future threats and defence capabilities after they failed to have a strategic review for 12 years".