BBC Home > BBC News > Technology

Is the UK safe from cyber attack?

30 April 09 12:01 GMT

Earlier this week the British former Home Secretary David Blunkett warned of the danger of a cyber attack on the 2012 Olympics, but how big is the risk? Ben Hammersley, of BBC Radio 4's The Report, assesses the cyber threat from terrorists.

On Monday, David Blunkett, spoke about his fears that cyberspace might be used by Jihadists to attack the UK.

Terrorists, he told the BBC, could be planning to attack national infrastructure - power grids, telecommunications and the like - via the internet, in order to hit a big and symbolic target: the 2012 London Olympics.

"My own worry, and of course even by raising it you are actually raising a spectre, is that it will be about disruption and attack, which will not just embarrass Britain, but cause us great economic and commercial harm, should the Olympic Games be damaged."

Risky botnets

Mr Blunkett is not alone in his concerns. This month has seen a huge spike of interest in the idea of cyberwar and cyberterror.

Following on from reports of hackers successfully attacking US and UK military and government computers, many of the UK's top security officials are meeting in Whitehall on Thursday, at the Critical National Infrastructure Conference. The topic of cyber-security is high on the agenda.

But just how could these attacks be carried out?

The weapon of choice is deceptively simple: a network of computers called a botnet.

Without adequate protection (Windows updates and anti-virus software), your PC can be infected, accessed and remotely controlled by visiting a hacked website or clicking on an infected file.

Once that has happened the virus will lay dormant, and at some point whoever has slipped it in can take control of your PC without your knowledge. And then your PC will join hundreds of thousands of others worldwide - a robot network that can be used to launch a mass cyber attack on a target and shut it down.

As politicians and the military start to think about these problems, they turn to outside security experts.

One, who has advised the US military and the US government, is Sami Saydjari, head of a consultancy called the Cyber Defence Agency.

His view is that America's enemies will use cyberspace to create havoc in the physical world by attacking critical infrastructure with botnets.

Dangers overstated?

He ran a scenario called Dark Angel that involved simultaneous cyber attacks on the power grid, banking, telecommunications and oil and gas supply.

"Think of the damage Hurricane Katrina wrought, where a portion of our country became a Third World country. And if you imagine that level of damage a thousand-fold, you will understand the level of damage we are forecasting."

But just how serious a problem is this? Could hackers - whether terrorists or ones acting for another nation-state - really cause massive damage to a country's infrastructure? And if they could, why have they not done so already?

Tom Espiner is the security reporter with IT website ZDNet UK. He is one of the few who challenges the growing orthodoxy that cyberspace is both dangerously compromised, and that cyber attacks pose a real physical threat to nation states.

"Electricity grids and other national infrastructure have failsafe backups. There are vulnerabilities, but they are known and documented.

"Security," he says, "is about layers; fail-safes, manual overrides and human monitoring. The likelihood of a successful cyber attack would be small."

He says terrorists are much more likely to spend their time and resources on physical attacks, like bombings.

And individuals can do their bit to protect themselves from online threats. Cyberspace can be made safer for everyone by following a few precautions.

Ed Gibson, ex-FBI, and now chief security advisor for Microsoft UK, advises: "whatever programme you use, you need to take the security updates routinely and consistently.

"By doing so the vast majority of rogue software won't bother you and you won't become part of a robot network."

That is simple and sound advice.

Ben Hammersley presents The Report on BBC Radio 4 on Thursday 30 April at 2000 BST. You can also listen via the BBC iPlayer or download the podcast.

Related BBC sites

*