Slashdot Mirror

← Back to Stories (view on slashdot.org)

British MPs Warn of 'Fatal' Cyber Warfare Strategy

Posted by Unknown on from the knows-a-guy-good-with-computers dept.

judgecorp writes "British Members of Parliament have warned that the UK's cyber warfare strategy is getting it wrong. According to a defense committee report, the country's IT security forces are inadequately prepared for a cyber attack, rely too heavily on inadequately protected systems, and do not sufficiently appreciate the difficulty of attributing the source of an attack."

43 comments

  1. As usual... by Goose+In+Orbit · · Score: 2, Funny

    Where the US leads, the UK follows...

    1. Re:As usual... by poetmatt · · Score: 0

      it's amazing how much of an example we (the US) set in showing other countries how to fail exactly like we do. You'd think more of them would know to do the opposite.

  2. Also "attribution" does not help when by Chrisq · · Score: 3, Insightful

    Also "attribution" does not help when your main enemy is Islam. The attackers could be in Iran, Iraq, Pakistan, or Wolverhampton.

    1. Re:Also "attribution" does not help when by Anonymous Coward · · Score: 4, Interesting

      I'd have thought corporate espionage was more the main enemy in any sort of "cyber warfare" rather than terrorism.
       
      Though I'm sure the Chinese have already stolen everything they need from our primitive network.

    2. Re:Also "attribution" does not help when by Anonymous Coward · · Score: 0

      On the contrary, how else can you justify a crusade against a the religion as a whole if you're going to narrow it down to a small group of individuals ...

    3. Re:Also "attribution" does not help when by gsnedders · · Score: 3, Insightful

      The largest threat of terrorism to the UK does not come from Islamic extremism: the largest threat remains continuing branches of the IRA. Those damn radicalized Christians!

    4. Re:Also "attribution" does not help when by Chrisq · · Score: 2

      The largest threat of terrorism to the UK does not come from Islamic extremism: the largest threat remains continuing branches of the IRA. Those damn radicalized Christians!

      Not according to MI5 who say

      International terrorism from groups such as Al Qaida presents a threat on a scale not previously encountered. Drawing on extremist messages presented by figures such as Usama bin Laden, Al Qaida and its related networks seek to carry out terrorist attacks around the world, aiming to carry out "high impact" attacks causing mass civilian casualties.

    5. Re:Also "attribution" does not help when by logjon · · Score: 0

      We did it once.

      --
      The stories and info posted here are artistic works of fiction and falsehood.
      Only fools would take it as fact.
    6. Re:Also "attribution" does not help when by Gordonjcp · · Score: 3, Informative

      On the UK mainland alone, over the past 40 years there have been a couple of hundred attacks by Irish republicans - and that doesn't count attacks by loyalists, which tend not to be on the mainland.

      How many attacks by radical Muslims? One, and the people who did it are all dead - the upside of suicide bombings is that people tend to only carry out one.

    7. Re:Also "attribution" does not help when by Anonymous Coward · · Score: 0

      the largest threat remains continuing branches of the USA right wing funding the IRA.

      FIXED that for you

    8. Re:Also "attribution" does not help when by PPH · · Score: 3, Insightful

      But that's the character of the Internet. Its not a classical war with front lines, like the last big one. Its more like an insurgency or just plain old criminal activity conducted by the punks on the street corner.

      Attribution is fine if your plan is to counter attack some state entity. But it does no good against a criminal organization, terrorist cell or spammer that can dissolve and reorganize at any time.

      --
      Have gnu, will travel.
    9. Re:Also "attribution" does not help when by Hentes · · Score: 2

      Attribution does not help, period. Most attacks happen from hacked bots anyway.

    10. Re:Also "attribution" does not help when by Anonymous Coward · · Score: 0

      Elsewhere in the world there have been thousands of attacks by American republicans. Problem?

    11. Re:Also "attribution" does not help when by Anonymous Coward · · Score: 0

      And what they haven't stolen we've given them, through outsourcing, buisness partnerships and the like.

    12. Re:Also "attribution" does not help when by Gordonjcp · · Score: 1

      Well, kind of, but we're not spying on American republicans, are we? Hmm, maybe...

  3. Apparently, someone just told them about proxies by crazyjj · · Score: 2

    do not sufficiently appreciate the difficulty of attributing the source of an attack

    And they were so happy when they successfully traced the latest attack to user "goatse" at fbi.gov.

    --
    What political party do you join when you don't like Bible-thumpers *or* hippies?
  4. Not to mention horribly behind in networking. by Anonymous Coward · · Score: 2, Interesting

    A whole damn new system, built on IPv4 when it could have easily been done in IPv6.

    The people in charge of networking the government are either straight out of college or are 87 and almost for snuffing it.
    They have absolutely no clue.

    It is a shame as well because I have a friend who is actually brilliant with networking, completely jobless and literally got "stood up" on a job interview the other day by some computer repairs and refurbishment company.
    So many others who would have done a better job as well. Probably still jobless.

    Not only that, the NHS computing system is horribly broken in general as well.
    The inability for remote interviews to be done is pretty crippling too.
    I was just in for a check-up recently that was held up by 1.5 hours because most of the doctors weren't in that day because of illness.
    ONE doctor had to take up the majority of interviews, others cancelled for another time.
    Now just imagine if those doctors had access to their systems for remote interviews.
    They could have a nurse in if any examinations were required, to help with moving the camera or feel stomachs or whatever else.
    This is such an incredibly simple system to setup and would help greatly.
    But there was that poor guy having to probably rush check-ups and possibly even put people at risk.

    The government seriously need to rethink their computing systems from the absolutely lowest levels all the way up.
    It is horribly outdated, and a few additions to it could save millions in money, and even save lives.

    As a programmer, I would love to help, but given illness I'd likely not get the job anyway. (and worse, probably going to be accused of being lazy in the coming year with the new push for getting people in to jobs when my illness is activated by long periods of activity, including mental, hell, especially mental, programming is a pain in the ass, even if I have been doing it since 9!)
    Ah, lovely!

    1. Re:Not to mention horribly behind in networking. by SternisheFan · · Score: 1

      I just caught a TV news story about doctor/patient consultations being done via the internet. This looming tech will lower the need of in-person visits. While it won't replace ''real'' exam, for follow-ups it would be useful. Hang in there, sir.

    2. Re:Not to mention horribly behind in networking. by Mike+Frett · · Score: 1

      Yes but if the over-the-Internet Consultation is suppose to be free or a minimal charge; you will not find a lot of Doctors doing it. The good thing I guess, is that it would be easy to weed out the Doctors who are in it for the money, verses the Doctors that actually care about their Patients. From my personal experience, a real caring Doctor is a rarity in the USA.

    3. Re:Not to mention horribly behind in networking. by dkf · · Score: 3, Insightful

      Yes but if the over-the-Internet Consultation is suppose to be free or a minimal charge; you will not find a lot of Doctors doing it. The good thing I guess, is that it would be easy to weed out the Doctors who are in it for the money, verses the Doctors that actually care about their Patients. From my personal experience, a real caring Doctor is a rarity in the USA.

      The healthcare system is very different in the US to in the UK. In particular, patients don't (usually) pay doctors to get treated in the UK so there's no incentive for the medics to incompletely treat someone, and there's a part of the system that is genuinely motivated to reduce overall costs and which will therefore invest in preventative medicine. (I won't argue that it's a perfect system though, just less broken in terms of overall cost-effectiveness.)

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    4. Re:Not to mention horribly behind in networking. by tehcyder · · Score: 1

      The inability for remote interviews to be done is pretty crippling too.

      I was just in for a check-up recently that was held up by 1.5 hours because most of the doctors weren't in that day because of illness.

      ONE doctor had to take up the majority of interviews, others cancelled for another time.

      Now just imagine if those doctors had access to their systems for remote interviews. If the doctors weren't in because of illness, do you really think they should be working from home when they're below par? Aren't doctors allowed holidays and sick time like everyone else?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    5. Re:Not to mention horribly behind in networking. by tehcyder · · Score: 1

      Yes but if the over-the-Internet Consultation is suppose to be free or a minimal charge; you will not find a lot of Doctors doing it. The good thing I guess, is that it would be easy to weed out the Doctors who are in it for the money, verses the Doctors that actually care about their Patients. From my personal experience, a real caring Doctor is a rarity in the USA.

      All consultations are free in the UK (at the point of use, yes I know we pay for the NHS through taxes).

      Fucking socialism, eh?

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  5. Re:Apparently, someone just told them about proxie by ark1 · · Score: 4, Funny

    And they were so happy when they successfully traced the latest attack to user "goatse" at fbi.gov.

    You mean Goatse was able to expose their gaping hole?

  6. Standard response by jbmartin6 · · Score: 3, Interesting

    The government's response to the report will be "We will do anything it takes to resolve these issues as long as it doesn't cost anything and our users do not have to change their behavior."

    --
    This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    1. Re:Standard response by Anonymous Coward · · Score: 0

      Strange, usual follow-up on reports like this is "... as long as we can spend a lot on contractors (who are completely unaffiliated to us, honest) and can pretend we eliminated the problem afterwards"

  7. The clear solution by operagost · · Score: 0

    This is the UK. Won't the solution be to install monitoring devices on everyone's computer and send out TV license^H^H^H^H^H^H^H^H^H^H cybersecurity officers to ensure compliance? Or maybe ban long, pointy^H^H^H^H^H^H^H^H^H encrypted communications?

    --

    Gamingmuseum.com: Give your 3D accelerator a rest.
    1. Re:The clear solution by Anonymous Coward · · Score: 0

      I think you're confusing Britain with the British press's delusional, hyperbolic nightmare world. Swindon.

  8. $650 million in pork oink oink by Anonymous Coward · · Score: 1

    "The current government pumped an extra £650 million into cyber security in 2011. Most – £157 million – has gone on “national sovereign capability to detect and defeat high end threats”, as shown in the chart below. By comparison, £28 million has gone to police via the Home Office, and £31 million to the Ministry of Defence."

    Pork much? Our servers are attacked all the time, we don't call it 'cyber-war' and waste hundreds of millions avoiding cyber-geddon!

    Government does not secure any critical network but their own comms. What 'national sovereign capability to detect and defeat high end threats???', the bullshitted are pulling the wool over MP's eye. Give it a fancy title, scream danger danger and get as much money out as you can!

    1. Re:$650 million in pork oink oink by CodeheadUK · · Score: 1

      The money certainly isn't being used to employ competent personnel. The recent codebreaker PR stunt intended to recruit new 'spooks' was for a job that paid £25k.
      Anyone that had the skills required to pass the challenge would be able to get twice that in the private sector.

  9. In other word.. by 3seas · · Score: 2

    their internet condom has holes. abstinence is the best policy when it comes to the internet and dangerious technology..

  10. Time to ... by PPH · · Score: 1

    ... bring in Hadrian.

    --
    Have gnu, will travel.
    1. Re:Time to ... by Sulphur · · Score: 1

      ... bring in Hadrian.

      We shall defend our network, whatever the cost may be, we shall code on the routers, we shall code on the windows landing grounds, we shall code in the coffee houses and in the streets, we shall code in the wifi hills; we shall never surrender.

    2. Re:Time to ... by PPH · · Score: 1

      From the Halls of mount Zune A:
      To the Shores of IEEE ....

      --
      Have gnu, will travel.
  11. Problem solved .. by Anonymous Coward · · Score: 0

    "GCHQ estimates that 80% or more of currently successful cyber attacks could be defeated by simple best practice, such as updating anti-virus software regularly" link

  12. Solution to the problem by Anonymous Coward · · Score: 0

    Don't rely upon IT for anything critical. E.g. do not make nuclear launch consoles that are internet enabled.

  13. You'd think we'd learn from failure too by raymorris · · Score: 0

    You'd think we'd learn from other countries failures too, but we don't AT ALL. Half the political viewpoints expressed on Slashdot have been proven to be disastrous because other countries have tried them repeatedly, yet we ignore that and expect it to work.
    Examples: Communist Russia was one of the poorest countries, and failed. Now, fully embracing capitalism, Russia is a success story (in the context of global recession.) So in the US, we've decided to try moving further toward communism. Another example is "gun control". Straight gun laws ALWAYS result in a noticeable increase in comment crime. England banned guns and violent crime DOUBLED. So now the many in the US want to try the same thing?

    1. Re:You'd think we'd learn from failure too by Anonymous Coward · · Score: 0

      Calling something communist doesn't make it so.

      Calling someone socialist doesn't make it so.

    2. Re:You'd think we'd learn from failure too by tehcyder · · Score: 1

      Examples: Communist Russia was one of the poorest countries, and failed. Now, fully embracing capitalism, Russia is a success story (in the context of global recession.) So in the US, we've decided to try moving further toward communism.

      You have got to be fucking kidding. You don't know what the words "communism" or "capitalism" mean, although you've certainly proved that you know what "fail" does.

      England banned guns and violent crime DOUBLED.

      England has always had fairly tight gun controls (since the First World war, anyway) and very few people ever legally carried weapons anyway. The people who use guns in crimes now would have done so fifty years ago (i.e. they're career criminals like armed robbers or large scale drug dealers/gangsters). By definition, you can't stop criminals getting hold of guns if they really want to, all you can do is make it harder, and increase penalties for possessing them as some sort of deterrent to lower level criminals.

      Violent crimes of the drunken argument type have seldom been solved with guns in Britain, and any increase in violent crime is down to other sociological issues.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    3. Re:You'd think we'd learn from failure too by Goose+In+Orbit · · Score: 1

      Doubled? Got figures to back that up?

      I have figures that say murders halved in the last decade.

    4. Re:You'd think we'd learn from failure too by Goose+In+Orbit · · Score: 1

      I will add that US figure has also halved, but has taken 20 years to do so (and is still 3x more prevalent per capita)

  14. Not suggesting they're behind the times... by Impy+the+Impiuos+Imp · · Score: 1

    "Mr. Minister, you do, of course, have the telephone numbers of all the sysops of the major IT hubs and backbones?"

    "What's that?"

    "It's the people in charge of actual large-scale networking computer hardw..."

    "No, I mean tele-fone wut?"

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  15. No, government taking over businesses does by raymorris · · Score: 1

    No, what makes it socialist, aka "moving in the direction of communism" is when the government starts owning major businesses. When president says he plans to "exercise ownership and management" of auto companies, that's the definition of socialism.
    Another way of looking at it at is that absolute communism is a 100% tax rate - the government controls ALL of the money. Socialism is where the government controls a lot of the money, around 50%, and capitalism is when the money is controlled by those who earn it. Liberals in the US argue for total tax rates of 50% or more, meaning the government would control most of the money, putting us more than halfway to absolute communism.
    Words DO have meaning, and the Democrat platform perfectly fits the meaning of the word "socialism". If you don't like that, either stop supporting the platform or get comfortable with the fact that you're expousing socialism, because "socialism" is what it's called when the president "exercises ownership and management" of the country's major companies.