Stark warning over cyber attacks on UK businesses

Sustained cyber espionage attacks are being waged on companies that play a key role in the UK national infrastructure, a UK cyber defence chief has warned.

The computer systems of critical businesses in the UK, such as power companies and large financial institutions, are being repeatedly probed to steal information or uncover weaknesses that could take them down.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

That was the warning from Mark Oram, head of the threat and infosec knowledge department at the Centre for the Protection of National Infrastructure (CPNI) - the security service tasked with protecting key government and private organisations in the UK.

Speaking at the RSA Conference 2008 in London he said: "We see frequent attacks on organisations for the purpose of theft of property.

"There are known threat sponsors with known requirements looking to gather information from industry.

"The use of cyber techniques is relatively easy, cheap and low risk in terms of being caught.

"Most of the time we know the likely culprit but proving it is very difficult."

But he added the UK government felt the risk of a cyber terrorist attack was low due to a "lack of capability and difficulties with understanding the vulnerabilities in the infrastructure".

He said the CPNI was committed to continuing working closely with key industries to help them understand the vulnerabilities and threats they face.

Internet warfare expert Ira Winkler, president of the Internet Security Advisory Group, said Chinese hackers were "vacuuming up the internet for security and economic secrets" - citing examples such as the Titan Rain hacking attacks.

It comes as the EU presents a blueprint for how European countries can strengthen national communications networks.

The report from the European Network and Information Security Agency recommends prompt reaction on reported incidents, collaboration between public and private stakeholders and development of a national strategy for information sharing and responsibilities for different parts of the network.

In the US, the Department of Homeland Security National Cybersecurity Division has tripled its budget to $350m over the past two years to upgrade security systems protecting critical civilian networks and build up its US-Cert emergency response team.