This week, Britain’s security and intelligence agencies have been urged by MPs to engage in cyber attacks against enemy states in a report released by The Intelligence and Security Committee (ISC).
The report encourages using programs such as the Stuxnet virus which targeted Iran’s nuclear in the interests of Britain’s national security. It also stated that it was not enough to just defend against cyber attacks, recommending the use of covert operations to disrupt the computer networks of those targeting the UK.
While it’s clear that cyber war seems likely, pushing for the active disruption of ‘enemy’ networks may be a step too far. It’s undeniable that more needs to be done in the way of Britain’s cyber defence, and that security and intelligence organisations must take urgent action to boost security and ensure that any vulnerabilities are immediately addressed and remediated.
However, the report calls for hostile ‘active defence’ mechanisms such as interfering with the systems of people trying to hack into British networks.
Rather than engaging in such antagonistic pre-emptive cyber attacks – which would no doubt only incite more damaging and sophisticated attacks on the UK’s cyber infrastructure – the move to an ‘active defence’ system simply requires truly proactive protection of Britain’s own networks.
Traditionally, protection of IT systems meant the deployment of perimeter defences such as anti-virus software. However, such defences have increasingly proven inadequate in securing IT systems.
Rather than just keeping threats out, ‘active’ cyber security measures now require continuous, protective monitoring of every single event that occurs across networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all.
As such, instead of blindly attacking potential perpetrator’s networks, Britain’s cyber security depends on the ability addressing any potential threats in real time. This enables proactive identification, isolation and remediation of any potential cyber threats the moment that they occur.
Furthermore, having such an in-depth insight into IT networks also gives organisations the actionable intelligence to effectively conduct forensic investigations into cyber attacks. Unfortunately, even once a cyber breach has been remediated and any potential damage minimised, there often remains an enormous amount of uncertainty and speculation surrounding the origins of the attack and attackers, which plays a large role in inciting further cyber aggression.
Further forensic analysis of the breach is often required to attribute cyber attacks, insight which traditional point security solutions cannot provide. As such, only with this holistic, 360 degree network visibility can attacks be accurately attributed to the correct perpetrators, and serious mistakes avoided.