Britain planning cyber weapons factory?

The UK Government has started work on creating a range of cyber weapons as it looks to beef up its arsenal to protect the nation, according to a report.

In the first official recognition of such an initiative, the Cabinet Office and Cyber Security Operations Centre at GCHQ have taken hold of the programme, sources told the Guardian today.

"We need a toolbox of capabilities and that's what we are currently developing," said armed forces minister, Nick Harvey.

"The circumstances and manner in which we would use them are broadly analogous to what we would do in any other domain."

The Ministry of Defence (MoD) was reticent about a cyber weapons project when IT PRO contacted the department, although outlined a number of ways in which the Government was to shift focus in the security space.

In particular, it said “future conflict will see cyber operations conducted in parallel with more conventional actions in the sea, land and air operations.”

“Therefore we must plan, train, exercise and operate in a way which integrates our activities in both cyber and physical space,” an MoD spokesperson said.

“We will grow a cadre of dedicated cyber experts to support our own and allied cyber operations and secure our vital networks.”

The £650 million National Cyber Security Programme (NCSP) announced last year will be used to overhaul the UK’s cyber security approach.

The MoD was unable to discuss the funding of individual components of the NCSP.

However, it is establishing a Defence Cyber Operations Group to help “embed cyber security within defence, incorporating cyber into strategic concepts and doctrine.”

“Due to the complex nature of cyberspace, improving the UK’s cyber security requires a multi-faceted approach involving a number of Government departments and agencies working in close partnership with industry and academia,” the spokesperson added.

“Government will commence a transformative national cyber security programme which will aim to give the UK a security advantage in cyber security and resilience.”

Earlier this month, the Chancellor of the Exchequer, George Osborne, admitted the UK Government’s Treasury was hit by targeted attacks on average more than once a day in 2010.

Risky behaviour?

Cyber security professionals have raised concerns over any potential cyber arms scheme, whilst suggesting the revelations are public announcements of operations which have been going on behind the scenes for some time.

Jose Nazario, senior security researcher Arbor Networks, was worried the UK was not going to back up its announcements with genuine investments.

“The announcement is partly a means of achieving deterrence, namely that the UK is willing to both defend its assets in kind and to possibly strike at others. The risk in this, of course, is if the deterrence is not credibly backed up,” Nazario told IT PRO.

“I expect this to play out for a few more years both in terms of demonstrating such capabilities against rivals and investments to increase their capabilities.”

David Harley, senior research fellow at ESET UK, was concerned political aspirations would determine what moves the Government would make, rather than actual necessity.

“Security and intelligence are difficult and wide-ranging areas, and sooner or later, political expediency will mean that mistakes will be made,” Harley said.

“Necessary measures will be dropped or skimped on because of economic pressures, inappropriate and/or inadequate measures will attract funding because it’s a way for elected officials to be seen to be doing something. The whole ‘security theatre’ problem is based on the political assumption that it’s better to do something visible but half-baked than to do something effective but invisible.”

This article originally appeared at itpro.co.uk