David Omand says power grids and telecoms have been “pretty well reconnoitred” by hostile states. This article features in Prospect’s new cyber resilience supplementby Alex Dean / September 3, 2019 / Leave a comment
Britain faces a new kind of threat. The digital world has given hostile international actors an entirely new toolkit. Cyberattacks are now one of the foremost security risks. The consequences range from disruption to compromised information and even physical harm. Targets have included banks, the NHS, power systems and notoriously, democratic elections.
The furore over the involvement of Chinese technology giant Huawei in Britain’s telecoms infrastructure brought the cybersecurity issue to national attention. Yet foreign state interference is only one aspect of a multifaceted threat. What precisely does that threat look like? And how can Britain best secure its networks?
Few people are better placed to answer than David Omand. He was head of GCHQ, the government’s central intelligence, security and cyber agency, as well as the UK’s first intelligence and security co-ordinator and permanent secretary at the Home Office. He spent seven years on the Joint Intelligence Committee and is now a visiting professor in war studies at King’s College London. We met at the Prospect offices in June and started by discussing the most serious threat: rogue governments.
As the number of “cyberattacks by hostile states has gone up,” Omand said, leaning back in his chair, there is a “recognition that with modern attack methods, you can’t guarantee to keep the bad guys outside the perimeter.” He spoke slowly, pausing sometimes to choose his words carefully, as befits a former intelligence chief.
The classic high-level threats include sabotage, espionage, theft and also the distribution of misinformation intended to confuse. “The digital age we’re in makes it easier and cheaper. The risk is going up. And the cost to the nation doing this to us is going down.”
Alarmingly, “there is evidence that critical infrastructure, power grids, telecommunications and so on, have been pretty well reconnoitred by states like Russia and China. That is certainly true of the United States. And so the possibility of sabotage arises.”
There could be very real-world consequences. At the most serious end, for example with attacks on a hospital, there could be loss of life. Would we in the UK ever respond to a cyberattack with conventional weapons? That “depends what damage [has been done]. If people are dead as a result of some serious cyberattack, then the response has got to be proportionate,” said…