Under the Labour government there was a strategic defence review in 1998 and two updates in 2002 and 2003, but another defence review is imminent and will decide the future shape and role of the armed forces. But the issue of cybersecurity will not top the agenda in times when Afghanistan is the main focus. Labour, as a progressive party which can reflect on the changing nature of modern wars and security threats, has to give cybersecurity a high priority in its defence policy but also as a responsible opposition has to make sure the government takes this issue seriously.
Cybersecurity has in recent years become a global concern. Cyberattacks can disrupt transport, financial systems, power, water and food supplies, bringing about paralysis of our daily lives. The threat is real, as cyberweapons are widely available and rapidly evolving, and attacks have already taken place. There are a number of countries that are integrating cyberwarfare as a modality into their warfare doctrine, as well as extremist and terror organisations.
The attacks on Estonia in 2007 show all too clearly how vulnerable we are, as we become increasingly reliant on computer and telecoms networks which are interdependent at regional and world levels. Taking preventative measures and working for international coordination can help to reduce and eliminate the level of threat and the potential damage of any attack. Indeed there have been cyberwarfare attacks against Britain by foreign governments in past years.
Cyberattacks have unique characteristics, unlike those of conventional warfare, and require strategies specifically crafted for this new form of contemporary conflict. Nations are, at the executive policy level as well as at the private sector level, dedicating increasing resources to deal with the threat to their national interests – and Britain must do likewise.
The former MP for Crosby, Claire Curtis-Thomas was very passionate about cybersecurity both in her work in the European security and defence assembly but also in the House of Commons. It is thanks to her contributions and other Labour MPs that the first ever cyber security strategy in June 2009 emerged, and the centre for the protection of national infrastructure was formed, providing advice on electronic or cyber protective security measures to businesses and organisations that comprise the UK’s critical national infrastructure. It was encouraging also to see the establishment of CESG (the Information Assurance arm of GCHQ), which provides advice and assistance on the security of communications and electronic data. Then last year the association of chief police officers set up specialist regional police squads to tackle cybercrime and the last government’s established a cybercentre and a new cabinet office unit, the office of cyber security.
Having said that, what does the new government have to offer on this matter? Although they have established a national security council, the Conservatives didn’t put cybersecurity at the top of the agenda in their national security green paper of January 2010, but they would like to extend the not yet operational cyber security operations centre by creating a cyber threat and assessment centre. Mark Pritchard, a Conservative MP, created an all party parliamentary group for cyber security in November 2009 and invited MPs and Lords.
Labour has to take the initiative in this parliament. There remains a very real case for further legislation: it is essential to make provisions in the antiterrorism crime and security act 2001 to include a definition for cyberterrorism. We can look to the US federal emergency management agency which defines cyberterrorism as “unlawful attacks and threat of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives”. Such a definition will increase the effectiveness of government departments and agencies in combating cyberterrorism. We also need to strengthen the computer misuse act to reflect the seriousness of offences and to take account of technological advances. We should consider defining cyberattacks as acts of war and ensure that cybersecurity and cyber defence are top priorities on the national security agenda. There is a further need for the allocation of human and financial resources to tackle the problem and for putting in place mechanisms to coordinate the work of different departments of government; there is also a need to create greater cooperation in regional organisations such as NATO and the EU. Specifically, Britain should play an active role in NATO’s cooperative cyber defence centre of excellence in Tallinn and ratify the European convention on cybercrime which it signed in 2001.
Cyberspace is defensible: what is needed is a coherent cyber security strategy, further legislation and the development of technological tools to tackle cyber threats. Creating a strategy and legal framework, while at the same time acquiring the necessary capabilities, will deter our adversaries from pursuing cyberattacks and significantly reduce their ability to compromise our systems. As the real progressive party in the parliament, Labour needs to take a proactive stance before it is too late.