« VxWorks MILS 2.1 Platform hands-on | Main | High Assurance Systems Development Using the MILS Architecture »

October 20, 2010

National Cybersecurity Strategy

On Monday, the UK government published its new national security strategy (PDF). This outlines the current and emerging security threats to the UK national interests, ranked by priority based on likelihood and impact. What caught my attention was the fact that the Tier 1 (highest priority) threats include:  

'Hostile attacks on UK cyber space by other states and large scale cyber crime'

Until fairly recently, the threat of cyberwarfare has mainly been discussed in defence and security journals (see 'Evaluating Cyber Security', Digital Battlespace, Aug 2009), but there has been a growing focus on this in the mainstream media (although whether this is due to an increasing threat or an increasing media appetite is subjective).

However, recent events have shown that it is now possible for cyberwarfare attacks to be directed at specific targets, rather than being undirected and indiscriminate. This has been illustrated by the Stuxnet worm incident, which has been alleged to be a a state directed cyber attack ('The Stuxnet worm heralds new era of global cyberwar', The Guardian).

Cyberwarfare provides the the potential to bypass a nation's conventional forces and strike at specific targets including critical national infrastructure whilst remaining invisible and providing the prospect of plausible deniability. The types of cyberwarfare threats were discussed by Iain Lobban, Director of the UK's GCHQ security agency in an unusual public speech.

The UK government's response will be to invest £500m in cyber defences to bolster the UK's critical national infrastructure. At present, few details have emerged on how this will be implemented or how the security of systems will be evaluated. However, if you're using a system which has undergone a security evaluation under conditions which assume that it's connected to a benign network, then you might as well shutdown and pull out your network card now. Instead, we should be basing our critical national infrastructure systems on platforms which are designed to achieve the highest levels of assurance with real-world protection profiles and be resilient against network-based attacks.

http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/documents/digitalasset/dg_191639.pdf?CID=PDF&PLA=furl&CRE=nationalsecuritystrategy

Posted by Paul Parkinson at 01:40 PM in Aerospace & Defense, Linux, Security, Software Engineering, VxWorks |

Technorati Tags: , , , , , , , , , , , ,

| | | | |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451f5c369e20134884af19b970c

Listed below are links to weblogs that reference National Cybersecurity Strategy:

Comments

The comments to this entry are closed.

Paul Parkinson

  • Paul Parkinson is a Principal Systems Architect with Wind River in the UK, working with Aerospace, Defence and Security customers across EMEA. Paul's professional interests include Information Security (InfoSec), Integrated Modular Avionics (IMA) and Intelligence Surveillance Target Acquisition Reconnaissance (ISTAR) systems.

    Subscribe to RSS feed.

Search

External Links

Wind River Blogs

Categories

Disclaimer

Blog powered by TypePad