On the day the mighty U.S. government shut down, the U.K. government threw down a colossal gauntlet: it revealed that it has been developing the capacity to carry out cyber attacks. The Financial Times reported today: Philip Hammond, defence secretary, said ahead of the Conservative party conference in Manchester that the UK was "developing a full-spectrum military cyber capability, including a strike capability." It was the first time any country has made such a sensitive statement in public.
It is common knowledge that cyber warfare between states has been ongoing for a few years now. For a state like the UK to make such an open admission means that the war has escalated dramatically, with the public likely unaware of the effects. As with any war, cyber war effects are very real, potentially resulting in leaked defense plans, website and e-commerce disruption, or real-world effects such as denying our citizens access to electricity.
The difference is that, with cyber warfare, there is no "front line" and--despite statements like this from the U.K. defense minister--there is no "army" fighting this war somewhere abroad and far away from the homeland. Instead, the cyber war is on our home turf, inside our homes and enterprises. It can--and will--affect our day-to-day lives.
So the key takeaways are:
- This is real
- It is getting worse
- We had all better be prepared.
Enterprises should not misinterpret the minister's statement and conclude that soldiers are coming to fight this war on their behalf. As the target of many of these attacks, the enterprise must be equipped to:
- Expose attacks that have circumnavigated their network defenses
- Respond rapidly to mitigate the attack
- Capture information that federal law enforcement can use to determine the identity of the attackers.
Developing a security plan designed under the assumption of compromise along with a robust incident response plan is a must.