PM Johnson: UK has to boost cyber-attack capacity

Britain needs to increase its capacity to conduct cyber-attacks on foreign enemies, Prime Minister Boris Johnson has said before the publication of a national security review this week.

“Cyber power is revolutionising the way we live our lives and fight our wars, just as air power did 100 years ago,” Johnson said in a statement released by his office on Saturday.

Johnson is due to present a long-term review of national security strategy to parliament on Tuesday which media reports suggest could also lead to a reduction in armed forces personnel.

“The review will set out the importance of cyber technology to our way of life – whether it’s defeating our enemies on the battlefield, making the internet a safer place or developing cutting-edge tech to improve people’s lives,” Johnson’s office said.

Speaking over the weekend, Johnson said the National Cyber Force (NCF) – including spies, defence officials and scientists – would have a permanent base in northern England as the government tries to boost regional development outside London.

The NCF currently targets threats including foreign air defence systems and the mobile phones of people the government views as serious criminals or terrorists.

It was created last year alongside a dedicated army regiment focused on cyber warfare.

In 2016 a National Cyber Security Centre was set up to advise the government and public on how to reduce the risk of cyber-attacks.

Last month, Lloyd’s published a new report in conjunction with cyber analytics specialist CyberCube and reinsurance broker Guy Carpenter, which examines how ‘Internet of Things’ devices are posing an increasingly high risk of cyber-attack to industrial and manufacturing businesses.

The report warns Cyber-attack risks have previously been considered unlikely to materially impact the physical market, with cyber perils traditionally emerging in the form of non-physical losses.

However, the report looks at how physical risks have become a rapidly growing concern for industrial businesses as shown by recent high-profile breaches.

Part of the report suggested that, while an imminent mass-scale cyber-physical attack may be unlikely, the threat is evolving very rapidly.

Precedents strongly point to continual targeting of strategic industrial sectors, as described in this report. Currently technology implementation and vulnerabilities can be fairly bespoke in many cases, but attackers are aided in this respect by the increasing interconnection of systems and the homogenisation of technology: this will act to heighten the risk significantly over time which requires a comprehensive response.