UK should use 'muscular diplomacy' to counter cyber threat, ex-GCHQ man says
Britain is "particularly vulnerable" to cyber attacks from states like Russia which do not operate under the same legal standards, a former GCHQ deputy director of intelligence and cyber operations has warned.
Brian Lord said the security services only have a "few people" who are able to counter cyber-attacks in an uneven battlefield where the likes of Russia do not operate "under the same kind of shackles".
He spoke as the influential Public Accounts Committee (PAC) said it has lost some confidence in the Government's ability to protect Britain from high-level cyber-attacks because of skills shortages and "chaotic" handling of personal data breaches.
The MPs' warning comes amid increasing concern about Russian cyber-attacks after Moscow allegedly interfered with the United States presidential election in Donald Trump's favour.
Defence Secretary Sir Michael Fallon warned last night that Russia is "weaponising information" and accused Moscow of using cyber weaponry to "disrupt critical infrastructure and disable democratic machinery" in a series of attacks on western countries.
Mr Lord said in response the UK should apply "muscular diplomacy" to "legally and legitimately" use online technology to apply pressure on other countries and organisations to stop them from seeing the UK as a "weak target".
But, speaking to BBC Radio 4's Today programme, he said agencies would like to go further than what is currently allowed in UK law: "Well of course they do, what they want to be able to do - they are seeing an adversary, whether that's state or criminal, who don't operate under the same kind of shackles and therefore it becomes increasingly difficult with a few people with the skills necessary to be able to counter them.
"I think these are some of the areas where the UK is particularly vulnerable."
Mr Lord's comments came as the PAC warned that ministers have taken too long to consolidate the "alphabet soup" of agencies tasked with safeguarding the UK from cyber-attacks.
The committee said that despite cyber-attacks being ranked as a top four risk to UK national security since 2010, the role of the Cabinet Office, which is responsible for coordinating information protection across Government, remains unclear.
Committee chairwoman and Labour MP Meg Hillier said: "Government has a vital role to play in cyber security across society but it needs to raise its game.
"Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.
"The threat of cyber crime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure.
"In this context it should concern us all that the Government is struggling to ensure its security profession has the skills it needs.
"Leadership from the centre is inadequate and, while the National Cyber Security Centre (NCSC) has the potential to address this, practical aspects of its role must be clarified quickly.
"Government must communicate clearly to industry, institutions and the public what it is doing to maintain cyber security on their behalf and exactly how and where they can find support."
PAC's report said the Cabinet Office's ability to make informed decisions about security is "undermined by inconsistent and chaotic processes for recording personal data breaches".
The Government is also struggling to ensure its security profession is suitably skilled, with the Cabinet Office unwilling to bring in a minimum standard for departments.
"It remains unclear as to what skills gaps exist and how to fill these in the face of UK-wide skills shortages in this field," the report said.
A National Cyber Security Centre spokesman said: "In the four months since becoming operational, the NCSC has transformed how the UK deals with cyber security by offering incident management capabilities, fostering technical innovation to help prevent attacks and providing real-time cyber threat information to 3,000 organisations from over 20 different industries.
"The UK faces a growing threat of cyber-attacks and we share the committee's determination to make the UK as safe a place as possible to live and do business online."
A Cabinet Office spokesman said: "Our comprehensive and ambitious National Cyber Security Strategy, underpinned by £1.9 billion of investment, sets out a range of measures to defend our people, businesses, and assets; deter and disrupt our adversaries; and develop capability and skills."