MI5 chief: UK industry under "astonishing" rate of cyber attacks
26 Jun 2012
London - Industry is now coming under an “astonishing” rate of cyber attacks, according to Jonathan Evans, director general of the UK’s MI5 Security Service. The issue, he said, rates alongside terrorism as one of the biggest security challenges facing the UK.
“Vulnerabilities in the internet are being exploited aggressively not just by criminals but also by states,” Evans said in a speech on national security issues at the Mansion House in London, 25 June.
“And the extent of what is going on is astonishing – with industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organised cyber crime.”
According to the MI5 chief, at risk were the safety and security of UK infrastructure, the intellectual property and the commercially sensitive information of major industrial companies and corporations and their suppliers.
Evans cited how one major London-listed company had incurred revenue losses of some £800 million as a result of hostile state cyber attack – not just through intellectual property loss but also from commercial disadvantage in contract negotiations.
The UK’s Centre for the Protection of National Infrastructure is currently investigating cyber compromises in over a dozen companies and are working with many others that are potential future targets of hostile state cyber activity. But, said Evans, this is only a tiny proportion of those affected.
“The internet [now connects] the buildings we work in, the cars we drive, our traffic management systems, bank ATMs, our industrial control systems and much more,” he said. “This increases the potential for mischief and leads to risks of real world damage as well as information loss.”
Evens went on to note that established terrorist groups had not yet posed a significant cyber threat. But, he added, they were aware of the potential to use cyber vulnerabilities to attack critical infrastructure and likely to gain more capability to do so in future.
He concluded” “The Government’s National Cyber Security Strategy makes clear that success in this endeavour is only possible if it engages not just government but also the private sector in tackling cyber crime, making the UK more resilient to cyber attacks, shaping an open and stable internet and developing our skills base.
“The boards of all companies should consider the vulnerability of their own company to these risks as part of their normal corporate governance - and they should require their key advisors and suppliers to do the same.”
