On the day of his assassination, President John F. Kennedy was due to deliver a speech in Dallas on national security. In his speech, Kennedy would reference the need to move beyond the traditional roles of military force, and towards methods that combat those who "threaten freedom in a less direct but equally dangerous manner." He would have continued - "over-whelming nuclear strength cannot stop a guerrilla war. Formal pacts of alliance cannot stop internal subversion." Without explicitly referencing cyber war, and despite living in an era dominated by brute force and nuclear power, it's clear that JFK recognised that not all threats with the capacity to destruct were physical, and that a time was coming when these alternative threats would play an important role in defining national security policies.
Fast forward fifty years, and JFKs words bear even more significance. This year marks the 50th anniversary since the nuclear hotline and NRRC (Nuclear Risk Reduction Centre) were erected between the Oval Office and The Kremlin - at the height of the Cold War when the threat of nuclear attack was dangerously imminent. This year, in a significant move, both nations announced that these lines of communication would be re-aligned to address the evolving threat from cyber. Staffed 24 hours a day by the Department of State and Russia's Ministry of Defence, the NRRC now fields calls concerning all hacking, online, and cyber attacks.
Still, for many, it's difficult to imagine how cyber warfare could wreak the same havoc as traditional, conventional war. But as former director of national intelligence Mike McConnell once noted, cyber war has the potential to mirror the nuclear challenge - less in the physical sense, but in terms of the potential economic and psychological effects. As we hurtle towards an increasingly virtual world, cyber threats are inherently complex. Cyber attacks don't have borders - the forum for these attacks, i.e. the Internet, is not confined to geographical boundaries. Unlike the interdependent relationship between the United States and the Soviet Union during the Cold War, modern nations are entangled in multiple networks. For instance, China would itself suffer from an attack that severely damaged the American economy, and vice versa. This not only makes cyber warfare a lethal weapon, but an issue with the potential for severe consequences on a global scale.
To demonstrate this threat there are now numerous instances of cyber attacks causing real damage to the well being of nation states. In 2007, websites of prominent Estonian organisations such as ministries, the media and banks were suspended or defaced by extensive denial-of-service attacks (DoS). In recent months there have also been several attacks on US government and private business websites, attributed to foreign hacktivist groups. Just last month, officials in Washington D.C met to address how to prepare for the possibility of a large-scale cyber attack on the power grid, after fears sparked that an attack could be imminent. It was noted that the standards for how power companies communicate with each other about security threats, and with the government, remain largely unresolved.
Here in the UK, steps have been taken to help combat this problem. The UK government has already revealed new plans to enhance its National Cyber Security Strategy, announcing a new British Computer Emergency Response Team (CERT), National Cyber Crime Unit (NCCU), and a Cyber Reserves force. These teams will help to monitor and report on instances of cyber attack, taking a share of the generous £650m of funding pledged to enhance the current defence capabilities employed by the programme.
To help reduce threats to the UK's defence supply chain, various public-private sector partnerships have also been launched. The Defence Cyber Protection Partnership (DCPP), created by the MoD in conjunction with other government agencies and nine UK defence and telecoms firms including Thales UK, GCHQ, BAE Systems and BT, will work towards this goal. The Territorial Army (TA) is also to retrain its reservists to become specialists in cyber security. This holistic approach to security is long overdue, and the TA is now taking its share of responsibility for this alongside its traditional physical defence remit. In the US, the introduction of a number of federal laws has demonstrated a commitment to combating cyber crime. The Computer Fraud and Abuse Act; Electronic Communications Privacy Act and Identity Theft and Assumption Deterrence Act are just a few. On an international level, a selection of nations have become signatories to The Council of Europe Convention on Cybercrime - helping to bring this problem to the forefront of international politics.
Despite this headway being made, it is clear there is a long way to go before the full threat of cyber warfare is properly addressed. The digital frontier has attributed a new type of ammo to the arms race - putting the days of placing the threat coming from cyber beneath that of military attack firmly behind us. The key to success now lies in ensuring that UK companies appreciate the wider picture when it comes to end-to-end security. A holistic approach must be adopted to protect the UK's assets - people, places and information.