Page last updated at 17:40 GMT, Thursday, 26 January 2012

Call for cyberwar 'peacekeepers' force

Susan Watts
BBC Newsnight Science editor

MoD technology centre
The MoD has a centre dedicated to protecting military technology

The US Army's Cyber Command is recruiting.

Its mission? To create "a world class cyberwarrior force", and to develop cyberspace as an "active domain".

That's according to Lieutenant General Rhett Hernandez, Arcyber commander, speaking at a London conference on cyber defence this week.

He spoke of the explosive complexity of living in a digital age, and a cyber threat that was "growing, evolving and sophisticated".

Newsnight was invited to listen in at the conference, which brought together military experts on cyber security from around the world

Overall, the US military aims to recruit 10,000 "cyber warriors", and is apparently prepared to relax the usual entry criteria. They will accept long hair, even someone who can't run too well.

But there is a minimum requirement. Recruits will naturally be at the top of their field. They will be "a professional elite… trusted and disciplined, and precise… collateral damage is not acceptable," Lt Gen Hernandez told delegates.

Recruits will be trained using cyber challenge scenarios, for what is widely acknowledged as setting the cyber threat apart is not just its scale but its unpredictable and all-pervasive nature, posing a risk to critical national infrastructure such as power grids and water supplies, as well as the financial sector, individual companies and citizens.

'A huge issue'

Sir John Scarlett tells Newsnight that state-to-state cyber attacks remain a huge issue

Newsnight spoke to Sir John Scarlett about the nature of the cyber threat.

He was head of MI6 from 2004 to 2009, and chairman of the Cabinet Office Joint Intelligence Committee before that.

Earlier this month, Sir John became chairman of the Bletchley Park Trust.

In his first television interview since that appointment, he told us that Bletchley Park, and its famous wartime codebreaking success, held a special place in the history of cyberwarfare.

"Bletchley Park is at the very centre of this whole issue. In the Second World War, this was a state-to-state matter, and it was states grappling with each other… and so all the issues around cyber communications and their vulnerability were in that context.

"It was super secret. It didn't impact on people's everyday lives, and the whole issue of cyber communications, or machine communications didn't impact on people's everyday lives. Now it's into everything and everybody is affected by it.

"We have to worry about crime, we have to worry about terrorism, we have to worry about state activity, and we have to worry about what's called hacktivists…people with missions of one kind or another."

There seems little doubt in his mind that what he calls the "state-to-state issue", and the threat from the most capable states in this area, "remains a huge issue"

'Virtual peacekeeping force'

John Bumgarner, from the US Cyber Consequences Unit in Washington, would agree. His research organisation describes him as an "uber-hacker" with 18 years of service in special operations and intelligence.

When you give your information out as a private citizen to a corporation you're praying that that corporation will protect your data... but they can only do so much
John Bumgarner

He goes further. He told Newsnight there will soon be a need for a virtual UN peacekeeping force - in cyberspace.

"We've seen cyber incidents between Russia and Georgia, and that's ongoing. We've seen incidents between Pakistan and India and that's ongoing. We've seen stuff between China and India... between Israel and other Middle Eastern states. The UN needs to figure out how they can deploy peace keepers in the digital borders of a nation, virtual peacekeepers that would protect the peace."

Sir John thinks the cyber threat is growing by definition because use of the internet is growing. But he sees this as more than a purely military domain.

"There's quite a lot of talk about cyber warfare, and cyber attacks as if this is a military issue. Of course there are military aspects to it and military infrastructure aspects to it, and in the event of some future state-to-state conflict undoubtedly this would be a huge feature. But in the immediate term this is something which is happening now, the attacks and the downloading and the theft and the invasion of privacy are happening now on a day-by-day basis."

Computer security company Sophos confirms that the scale of attacks is growing, significantly.

Its teams constantly monitor computers infected with malicious code - often designed to send out Spam designed to trick users into giving away personal information that's valuable to organised crime. The company sells software to protect against such attacks.

"Here at Sophos we see 180,000 new pieces of "malware", that's malicious code, every single day. That compares with 1500 a day when I joined Sophos 6 years ago," said Mark Harris, VP SophosLabs & Global Engineering Operations.

'Cyber law'

Watch Susan Watts' full report on Thursday 26 January 2012 at 22:30 GMT on BBC Two, and then afterwards on the BBC iPlayer and Newsnight website

And there are complaints that our laws are struggling to keep pace.

Stewart Room of Field Fisher Waterhouse said there was now a need for an amnesty - instead of punishment - for companies that suffered a data loss or cyber-attack.

An amnesty, he argued, would help to encourage companies to come forward and discuss what went wrong - so that others could learn, fast.

He is also calling for a new "cyber law", to formalise best practice.

"A good idea within legislation would be to introduce a requirement that companies need to state in their annual reports exactly what they've done to protect our security and our information that year. In the same way that annual reports contain statements about environmental issues such as CO2 emissions. If we were to deal with security in that way, shareholders would engage with the matter and so would the public generally and that would improve security."

Headlines about cyber attacks pop up almost daily now. One of the most startling was the attack on the global intelligence firm Stratfor over Christmas, for which members of the loose-knit hacker group Anonymous claimed responsibility.

John Bumgarner analysed the data released for the Guardian newspaper and concluded that thousands of British email addresses and passwords - including those of defence, intelligence and police officials as well as politicians and Nato advisers - had been revealed.

Mr Bumgarner chuckled when we asked if the Stratfor release might dent people's confidence in the ability of even the most security-conscious of organisations to keep data safe.

"We're taking it on blind faith... really when you give your information out as a private citizen to a corporation you're praying that that corporation will protect your data... as much as possible, but they can only do so much."

This week, the Republican presidential hopeful Newt Gingrich has been citing cyberwar on the campaign trail, reportedly saying that the appropriate response to countries that target US corporate or government information systems is to "create a level of pain which teaches people not to do it".

But how far can we trust what we're being told about the scale of the threat? I asked Sir John why anyone should take seriously his warnings about the threats to cyber security, given the track record - some might say failings - of British intelligence on Iraqi weapons of mass destruction.

"I think people have to judge what's being said here, make their judgements, apply their commons sense, and then just think it through and say: Well, is this a serious and believable and realistic issue, or is it not?"

At this week's London conference, delegates were reassured that technology would allow us to adapt to the cyber threat.

"We once thought of Aids as an existential threat, now we live with it," Major General Jonathan Shaw, commander of UK Cyber Policy at the Ministry of Defence told the audience.

"Our reaction today is similarly out of balance…. we're never going to cure it, we have to live with it… But how much intellectual property will we have left by the time we get it right?"

Watch Susan Watts' report in full

Paul Conroy Homs 'another Srebrenica'
Journalist Paul Conroy on Homs bombardment and his escape

Hip replacement X-ray Hip implants concerns
Problems with metal-on-metal hip implants 'ignored'

General Dhao Gaddafi's last days
General Mansour Dhao on last days in Sirte and bid to flee

Pit bull terrier Kennel costs
3.7m police bill for kennelling of suspected dangerous dogs

Egyptian women Blighted lives
Female genital mutilation still rife in Egypt despite ban

Italian Senator Lucio Malan Italian senator: 'We were not informed of Nigeria rescue bid'

For sale signs Why are mortgage rates rising and will more lenders follow?

Newsnight's Tim Whelwell on the tail of an 'election bus' in Russia Evidence of voters 'bussed in' to boost Russian vote

David Miliband David Miliband on Vladimir Putin's 'cold' political style

The streets of Sirte Mark Urban on the 'bitter ironies' of Sirte destruction


Cyber war Geneva Conventions call
03 Feb 11 |  Newsnight
Experts warn of cyber hijack threat
10 Feb 11 |  Newsnight

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific