Defence Secretary, Philip Hammond, has announced that the Ministry of Defence (MoD) is set to recruit hundreds of computer experts as cyber reservists to help defend the UK’s national security, working at the cutting-edge of the nation’s cyber defences.
Mr Hammond confirmed the creation of a new Joint Cyber Reserve which will see reservists working alongside regular forces to protect critical computer networks and safeguard vital data. He said: “In response to the growing cyber threat, we are developing a full-spectrum military cyber capability, including a strike capability, to enhance the UK’s range of military capabilities. Increasingly, our defence budget is being invested in high-end capabilities such as cyber and intelligence and surveillance assets to ensure we can keep the country safe.
“The Cyber Reserves will be an essential part of ensuring we defend our national security in cyberspace. This is an exciting opportunity for internet experts in industry to put their skills to good use for the nation, protecting our vital computer systems and capabilities.
“The creation of the Joint Cyber Reserve will represent a significant increase in the number of reservists employed in cyber and information assurance, and members of the Joint Cyber Reserve will provide support to the Joint Cyber Unit (Corsham), the Joint Cyber Unit (Cheltenham) and other information assurance units across Defence.
Recruiting for the Joint Cyber Reserve will start in October and target three sectors: regular personnel leaving the forces, current and former reservists with the necessary skills, and those with no previous military experience, but with the technical knowledge, skills, experience and aptitude to work in this highly-specialised area. All applying to join will be subject to a security clearance process.
Comments
Peter Armstrong, Director of Cyber Security, Thales UK, said: “By re-skilling its existing force in cyber security, the Ministry of Defence has addressed the blurring of the lines between physical and virtual defence which has become prevalent over the past decade. With the advent of cyber espionage and attacks which threaten national critical infrastructure, the need for a holistic approach to national security is long overdue. It’s great to see the Ministry of Defence taking its share of responsibility for this alongside its traditional physical defence remit. In addition, and just as importantly, this move will help enormously in positioning public sector cyber security as an attractive career prospect for the next generation.”
Dr Jarno Limnell, Director of Cyber Security for Stonesoft, a McAfee Group Company, said: “Cyber deterrence depends upon effective communication between a state and the entity it wishes to deter. Hammond needs to convince the UK’s enemies that if its interests are threatened or the country is attacked in the cyber domain that it has the capability and capacity to do something about it. Offensive capabilities form a key part of this objective and are essential for nation-states and armed forces that want to be treated as credible world players. So whilst it’s unlikely future battles will be completely online, it is difficult to imagine future wars or conflicts without cyber activities.
“Hammond’s revelation should not come as a surprise, nation-states world-wide are pouring huge resources into developing a range of defensive, offense and intelligence capabilities. Within the next couple of years the world will experience an increasing number of intentionally executed and demonstrated cyber-attacks resulting in militaristic and economic damage but also loss of civilian life. With ever-heightened awareness amongst the general public of the threats the UK is beginning to face, not just from other states but also rogue-factions, the development of offensive cyber-weapons will become fiercer and publicly more acceptable.”
Ross Brewer, vice president and managing director for international markets, LogRhythm
“In fact, last year, LogRhythm’s own research
“Before launching any pre-emptive strike, government organisations must make sure that they have all of the facts in hand – something that can only be achieved by truly understanding every single piece of activity across their networks. To gain this level of visibility, proactive, continuous monitoring of all IT networks must be in place to ensure that any intrusion or anomaly can be detected before the problem snowballs. Such deep and granular insight will equip the government with the ability to instantly determine the scale of an attack, and most importantly, increase the accuracy of attribution. So, while this is certainly a good move – it pays to remember that with great power comes great responsibility, and in this case, the responsibility lies with those securing and monitoring the network in the first place.”
Neil Thacker, Information Security & Strategy Officer EMEA at Websense, said: “In light of the commons defence select committee in January highlighting weaknesses in the MOD’s cyber-incident response strategy as well as the news in July that the UK is losing the fight against cybercrime, this is welcome and timely news to offer additional resources to aid cyber defence. Highly sophisticated, targeted attacks are occurring every day and are focused on targeting small and large organisations with UK businesses being named by cyber-crime organisations as their no. 1 target. Like the government, UK businesses cannot take their eyes off the ball and need to put in place the right defences to protect their employees and the organisations critical data.
“It is more crucial than ever that UK businesses place data security higher up the agenda and spend IT security budgets on the right and relevant technology. Proactive defences against targeted attacks and new variants of malware are key; adding the ability to detect, contain and mitigate against the attacks is a responsibility of the IT and security teams by applying real-time malware analysis while simultaneously protecting against internal and external breaches and data theft. Detection only is not sufficient to counter this threat.”
Graeme Stewart, director, UK public sector strategy at McAfee, said: “This latest development shows that government is taking the necessary steps to protect the UK against a very real cyber treat that is now on par with physical threats. With greater connectivity comes a far greater risk of cyber attacks on the very foundations of the UK’s infrastructure. In the case of the country’s energy supply, for example – and the UK’s apparent intention to rely on a single, centralised smart grid – a single attack could affect the entire country and, as a worst scenario, leave the UK without power.
“Our priority should be to ensure that the networks and devices securing our critical infrastructure are totally secure, which not only requires physical security but also a complete shift in the mindset of UK organisations. The top level attention to cyber security has to be adopted throughout organisations and individuals as a joint responsibility – government and citizens need to work together to move from a ‘digital-by-default’ to ‘security-by-default’, ensuring that the basic knowledge needed to protect against the ever growing threat is ingrained in our national consciousness.”
And David Emm, Senior Security Researcher at Kaspersky Lab, said: “The British government has for some time been indicating that it is keen to ramp up the overall defence posture of British companies in order to reduce the risk of attacks thereon – something which Eugene Kaspersky has long been calling on all governments to do. But it now seems that the government is saying that it considers that ‘offence is the best form of defence’. While it’s understandable that governments might want to adopt such a position, doing so introduces a very real possibility of a cyber arms race and, accordingly, increased risks to Internet-based systems everywhere. After all, if one government decides to openly engage in cyber offence, others will be sure to follow suit. And a cyber offence escalation would increase the risk of the technologies involved ending up in the wrong hands – to be manipulated for malevolent ends. Unlike traditional weapons, tools used in cyberwarfare are very easy to clone and reprogram by adversaries or other threat actors to be used in sustained strikes.
“It’s imperative for countries to understand the possible consequences – the specific dangers and potential damage – of cyberwar before developing offensive cyberweapons. The only effective way to counter this trend is for governments to work together towards the establishment of a cyber arms limitation agreement to prevent the continued escalation of cyberattacks.”
