U.K. cybersecurity office to have attack role

The U.K. government plans to form a cybersecurity agency, with functions including cyberattack capability.

The Office of Cyber Security (OCS), dedicated to protecting Britain's IT infrastructure, will be created with a model proposed--and in part practiced by--the U.S. The U.K. government said Thursday that the OCS will have charge of a cross-government program, while a multi-agency Cyber Security Operations Centre (CSOC) will coordinate the protection of critical IT systems.

The OCS will also act as a conduit for information security collaboration between government and industry experts. Robert Hannigan, the prime minister's security adviser, said the OCS would be about "drawing together what people are already doing in the Ministry of Defense, the intelligence services, and the police."

The government has never admitted that it has the systems and personnel to launch a cyberattack. However, according to a senior government official, who wished not to be named, the OCS will have a role in coordinating cyberoffense capabilities that will build on the resources the government currently has.

In extreme cases, the government would launch a cyberattack in response to intrusions into the UK's own systems.

"Yes, we will do things proactively," the official said at a Cabinet Office press briefing. "Information assurance has been about building stronger walls, but there's only so much you can do. You come to a point when you are allowing criminals and others a low risk in continuing to attack, and there comes a time when that has to change. This is the first time we are saying publicly we are not going to sit back."

The government will develop information systems to allow it to launch denial-of-service attacks and to spy on chosen targets, said the official. "We will have a whole range of offensive capabilities, including distributed denial-of-service," said the official. "DDoS is not a first response. We definitely need graduated responses."

"Aggressive attacks are pretty far up the scale, and we want to avoid collateral damage as far as possible. It's a fine line. We don't want to get into cyberwarfare, but it's not reasonable to sit back," the official added.

The Cabinet Office official said the government would try to respond to attacks on U.K. systems by legal recourse: "Whenever we can, we will pursue criminals through legal frameworks, but that only works in some countries. Clearly, in other areas of the world, people are acting with impunity."

The model for the OCS is similar to that in the U.S., which plans to quadruple the number of security experts defending against cyberattack, while cyberoffense capabilities are currently under the aegis of the U.S. Air Force. The Pentagon will create a cybercommand to oversee U.S. cybermilitary efforts.

The OCS will pool intelligence capabilities from MI5, MI6, the Ministry of Defense, the Metropolitan Police e-Crime Unit, and the Serious and Organized Crime Agency.

The OCS will launch with a staff of 16 to 20, while the CSOC in will have 20 to 25. "We will start small and learn from initial U.S. attempts," said a Cabinet Office official.

Tom Espiner of ZDNet UK reported from London.

[n3td3v]

If you "DDoS" then you block the tubes and therefore GCHQ for that time will be blindfolded, because signal intelligence in and out will be disrupted.

You've got to weigh up, whats more of value and worth our time, sending a packeted response to the enemy for a short period and losing signal intelligence, which may not be effective and we can't keep the DDoS running forever, or forget the DDoS and keep the signal intelligence uninterrupted.

It's not worth our time doing the DDoS, I want GCHQ to maintain its signal intelligence presence, DDoS just doesn't fit into the equation.

[Lerianis3]

I have to agree.... DDoS is good when you are trying to silence someone with a viewpoint that you dislike.... it's not so good when it's a government doing it to prevent an attack or respond to an attack.

[santuccie]

@n3td3v:

I'm sure the British government has more than one connection. Unless it's focusing all systems on the task, I'd think other agents can continue to do their job while a handful are banding together a network with sizable bandwidth to tell an attacker to back off. And again, they're saying this is a last resort. You can only lie for so long, letting the bugs chew on you.

That said, I wonder what would happen if they got into a DDoS war with the Russian Business Network? I imagine the British government would have more bandwidth per node, but do they have access to enough machines to take down a large botnet?

[Commander_Spock]

Well, well, well... just are we having here! Re: "The government has never admitted that it has the systems and personnel to launch a cyberattack. However, according to a senior government official, who wished not to be named, the OCS will have a role in coordinating cyberoffense capabilities that will build on the resources the government currently has...."

If one is attacked (an offensive is launched against a country's computer network...) then, if that country which was attacked launches an counter-attack... therefore, should not these OCS's capabilities be described as "counter-offensive" rather than "offensive"!!!

Let the battles begin.

Cool!