Yahoo News 
UK faces 'growing threat from cyber weapons'
A security expert has warned Britain faces a growing threat from cyber weapons, as a study lays out the dangers of criminals and even countries using malicious computer codes for financial or political gain.
Such next-generation weaponry can be as simple as viruses designed to steal information or harness the power of millions of PCs to bring down entire websites.
At the other end of the scale, they could use malicious computer code to infect, infiltrate and take offline key infrastructure or installations such as power stations or military satellites.
Baroness Pauline Neville-Jones, former head of MI5 and now the UK Government's Special Representative to Business on Cyber Security, told Yahoo News! she believes the threat should not be underestimated.
“We are not as secure as we need to be," she said. “I don't think we are bottom of the league either but being reasonably well placed it is very important that you don't let it slip.
“Constant vigilance and safeguarding and watching for new kinds of threats and new sources of threats is a very, very important part of remaining secure."
[Related link: Sci-fi tech that became a reality]
But while the threat from cyber weapons is real, academics Thomas Rid and Peter McBurney, of King's College in London who compiled the report, argue the risks of a significant attack are - for now - low.
In their report published in the Royal United Services Institute (RUSI) Journal, the pair believe it would take a great deal of insider knowledge to be as destructive as detonating an explosive device.
They argue a cyber-terrorist would first have to identify a particular vulnerability to exploit, such as a faulty generator within a specific structure, rather than just blindly hacking into a computer system hoping to cause devastation.
Mr Rid said: “We all know security standards in power plants or factories and industrial control systems are very bad. But why haven't we seen a major attack yet? Because you need more intelligence.”
The researchers also stressed that all publicly known cyber weapons have far less ‘firepower’ than is commonly assumed.
Mr Rid added: “We have never seen a cyber weapon in the wild that has harmed human beings but the potential that their destructive power will be increased is obviously very real.”
The report’s co-author Peter McBurney argues a powerful attack to cause huge loss of life or overthrow a political regime could not be done in one single cyber weapon strike.
Instead it would need to be highly targeted – thus limiting any major collateral damage – and would have to be repeated more than once to get beyond back-up systems that would automatically kick in.
And he said this is something that actually weakens the overall effect of the weaponry, explaining: “By attacking successfully, you are exposing some of the methods used, so the shelf-life of the attack is limited.”
The report sets out the scenario of a rise in insiders selling crucial information to potential attackers, both lone and state-sponsored.
It also suggests 'weaponised' code is likely to become cleverer, and able to infiltrate a system, learn how things work and pinpoint vulnerabilities itself.
*In the meantime, smaller cyber weapon attacks used both on the frontline of war – such as blinding a radar system - or to crash websites and cause economic harm are likely to continue to be the norm.*
Major virus outbreaks such as Stuxnet, which sabotaged the Iran nuclear programme, proved this is possible.
Baroness Pauline Neville-Jones pointed to the threat from the lone attacker by highlighting a case in Australia in 2000. In that instance an individual who had been rejected for a job succeeded in spilling more than a million litres of raw sewage into local parks and rivers.
He knew about the system's weaknesses having being one of those who helped install the system designed to stop that from happening.
Baroness Neville-Jones said: “I think that you can't rule anything out. We saw in the Australian example that these things are possible.
“Supervisory Control and Data Acquisition (SCADA) systems are on the whole quite hardened and so you have to have a special set of circumstances.
"In that case it was a disgruntled employee so what that tells you is if you leave a vulnerability, like an employee having access to a system when they no longer should, you are leaving the door wide open.
[Related link: Latest Terrorism News Headlines]
“That's the kind of attack that should not be allowed to happen. That is carelessness.”
Baroness Neville-Jones also raised the rise in, and risk posed by, groups of 'hacktivists', who use cyber weapons to aid their political or economic cause.
She said: “Twelve months ago I wouldn't have put my finger nearly so much as I would today on the activities of the hacktivist. This is now becoming quite a significant and serious element in provoking distrust in systems and reducing their reputation for reliability and constituting economic harm.”
She added: "Today you also have vandalism, people coming in just to wreck things for the sake of it."
