11 February 2017

MPs and the public are being kept in the dark about Britain's secret cyber war

BYJASON BEATTIE

The Ministry of Defence has launched cyber attacks but refuses to given any more information

Defence Secretary Michael Fallon has made a robust and important speech on the dangers posed by Russian hacking.

Moscow, he warned, was “weaponsing information” and trying to subvert democracies through its cyber attacks on Western institutions.

There was also a piece of sabre-rattling: adversaries should know “there is a price to pay if they use cyber weapons,” he said.

The information Sir Michael neglected to tell his audience was we are doing it too.

Britain has put cyber warfare at the heart of its defence policy since 2011 when the Strategic Defence and Security Review set out plans to “ develop, test and validate the use of cyber capabilities.”

In 2013 Philip Hammond, the then Defence Secretary, said that in response to the “growing cyber threat” the UK was “developing a full spectrum military cyber capability, including a strike capability”.

This is not unexpected.

What we don’t know, because the Ministry of Defence is refusing to tell us, is how we are engaging in cyber warfare, the frequency of the offensives and which countries and institutions we are targetting.

Some will argue that cyber warfare should come under the same category as special operations or the secret services.

They believe that secrecy is necessary to protect those charged with carrying out such tasks.

But what if our actions are resulting in the loss of civilian life?

What if are actions are destabilising alliances or provoking retaliation?

The most well-documented use of state-backed cyber warfare by a Western nation is Stuxnet in 2011 when the US, in alliance with the Israelis, used malware to disrupt Iran’s nuclear programme.

The virus, one of the most complicated ever developed and still infecting computer systems beyond Iran to this day, had potentially lethal consequences as it attacked the centrifuges at Natanz uranium enrichment plant.

It is alleged, though never acknowledged, the Government Communications Headquarters (GCHQ) was involved in the Stuxnet project.

Has Britain carried out similar attacks? Have we used cyber warfare not just to spread false information but to disrupt or destroy other countries’ infrastructure and defence installations?

Britain has put cyber warfare at the heart of its defence strategy (Photo: Getty)

Have any lives been lost as a result of an offensive cyber attack by the UK?

We don’t know. If the UK launches a military offensive using conventional weapons then MPs are told in Parliament.

The Defence Secretary gives regular updates on our operations in Syria and Iraq.

When it comes to cyber warfare, even though it is an act of aggression, we are left in the dark.

Defence Minister Mike Penning was asked by the Lib Dems this week in a parliamentary question how many offensive cyber attacks the Government has authorised since 2010.

This was his response: “Details of any UK cyber capability or operations are being withheld for the purpose of safeguarding national security.”

In a further question Mr Fallon was asked which ministers are responsible for authorising offensive cyber attacks on other states or terrorist groups.

He replied: “The Secretary of State for Defence is responsible for authorising the military use of force in cyberspace in accordance with domestic and international law. Authorities may be delegated in accordance with the Ministry of Defence Full Spectrum Targeting Policy.”

We will have to take Mr Fallon’s word for it that everything is conducted in accordance with domestic and international law.

As they will not tell us how many times the UK has authorised a cyber attack we cannot know if any of them, and they did not deny that attacks have been launched, were legal or not.

We have entered a new era of defence which throws up complicated issues about transparency and accountability.

While you can understand the reluctance of the Ministry of Defence to offer more information that must be set against the right of the public and MPs to know if we are engaged in hostile acts against other nation states and on what legal basis.

As the Lib Dem MP Alastair Carmichael says: “If Ministers are authorising cyber attacks on other nations and organisations the public has a right to know.

“Parliament is informed when we use military force against another country using conventional weapons why is that not the case using cyber warfare?

“The government should not be using force, in our names without telling Parliament and being held accountable.”

No comments: