The report encourages using programs such as the Stuxnet virus which targeted Iran’s nuclear in the interests of Britain’s national security. It also stated that it was not enough to just defend against cyber attacks, recommending the use of covert operations to disrupt the computer networks of those targeting the UK.
Ross Brewer, managing director and vice president, international markets, LogRhythm, made the following comments:
While it’s clear that cyber war seems likely, pushing for the active disruption of ‘enemy’ networks may be a step too far. It’s undeniable that more needs to be done in the way of Britain’s cyber defense, and that security and intelligence organizations must take urgent action to boost security and ensure that any vulnerabilities are immediately addressed and remediated. However, the report calls for hostile ‘active defense’ mechanisms such as interfering with the systems of people trying to hack into British networks.
Rather than engaging in such antagonistic pre-emptive cyber attacks – which would no doubt only incite more damaging and sophisticated attacks on the UK’s cyber infrastructure – the move to an ‘active defense' system simply requires truly proactive protection of Britain’s own networks. Traditionally, protection of IT systems meant the deployment of perimeter defenses such as anti-virus software. However, such defenses have increasingly proven inadequate in securing IT systems.
Rather than just keeping threats out, ‘active’ cyber security measures now require continuous, protective monitoring of every single event that occurs across networks to ensure that even the smallest intrusion or anomaly can be detected before it becomes a bigger problem for all.
“As such, instead of blindly attacking potential perpetrator’s networks, Britain’s cyber security depends on the ability addressing any potential threats in real time. This enables proactive identification, isolation and remediation of any potential cyber threats the moment that they occur.
Furthermore, having such an in-depth insight into IT networks also gives organizations the actionable intelligence to effectively conduct forensic investigations into cyber attacks. Unfortunately, even once a cyber breach has been remediated and any potential damage minimized, there often remains an enormous amount of uncertainty and speculation surrounding the origins of the attack and attackers, which plays a large role in inciting further cyber aggression.
Further forensic analysis of the breach is often required to attribute cyber attacks, insight which traditional point security solutions cannot provide. As such, only with this holistic, 360 degree network visibility can attacks be accurately attributed to the correct perpetrators, and serious mistakes avoided.”