Hague details cyber attacks against UK Government
William Hague has detailed a set of cyber-attacks against the UK, as he called for countries to work together to battle the issue.
While the foreign secretary noted the security benefits of the web – highlighting the ability of Egyptian protesters to get around the internet block – his speech at a security conference in Munich focused on the “darker side”.
Hague outlined three attacks against the UK. In the first, a “malicious file” claiming to be a report on Trident was sent to a defence contractor, by someone pretending to be an employee at a related firm. “It’s purpose was undoubtedly to steal information relating to sensitive defence projects,” said Hague.
We do not underestimate the difficulties ahead
Then at the end of last year, an email spoofed to look like it was from the White House was distributed, with a link to the Zeus malware. Hague admitted some of the emails made it through Government filters, but said all infections have been cleared up.
Last month, three of Hague’s own employees were sent emails that appeared to be from a colleague. “In fact it was from a hostile state intelligence agency and contained computer code embedded in the attached document that would have attacked their machine,” Hague said.
To battle such threats, the British Government is calling for international agreement about how countries should act in cyberspace.”
Hague proposes to host a conference later in the year to kickstart such such cooperation – with “like-minded countries”, at least.
“We do not underestimate the difficulties ahead,” he said. “Many countries do not share our view of the positive impact of the internet, and others are actively working against us in a hostile manner.”
Hague’s speech comes as a report from a US think tank lays out the questions surrounding the use of cyber-attacks during war – and whether they should fall under the Geneva Convention.
The EastWest Institute report names five areas world governments – particularly Russia and the US – need to consider.
First, it calls for important infrastructure to be “detangled” from the public web. Second, it asks if it would be possible to name “protected zones” on the web, that couldn’t be attacked by states in much the same way as the Red Cross is protected in war zones.
The report also calls for consideration on how to identify attacks and what to do about non-state actors, and whether cyber-weapons could break the Geneva Convention protocols because they target people indiscriminately. Last, it asks whether there should be a term aside from cyberwar to describe lower level attacks.
“Today, nearly all critical civilian infrastructure is online, from the electricity grids that support hospitals to the systems that guide passenger planes through the air,” said EWI chief technology officer Karl Rauscher. “And, by and large, it is not protected by international norms.”
“We do this work very much in the spirit of the reset,” says Rauscher. “These recommendations carry great potential for engaging the international community, because when Russia and the US speak together, the world listens.”