November 22, 2005
Foreign governments are the primary threat to the UK's critical
national infrastructure (CNI) because of their hunger for information,
according to a government body.
The National Infrastructure Security Co-ordination Centre (NISCC),
which is in charge of defending the CNI, claimed on Tuesday the most
significant electronic threats to the critical national infrastructure
are content-based, targeted, Trojan horse email attacks from the Far
"Foreign states are probing the CNI for information," said Roger
Cummings, the director of NISCC.
The CNI is made up of financial institutions; key transport, telecoms
and energy networks; and government organisations.
NISCC is working with its equivalents in the countries concerned to
try to "shut the attacks down", according to Cummings. NISCC cannot
name the countries concerned as this may "ruin diplomatic efforts to
halt the attacks".
The attackers appears to be aiming to gather commercially or
economically valuable information, according to NISCC.
"We call it the 'malicious marketplace'," said Cummings. "Exploit
writers can make money by selling exploits. Who are the most capable
organisations to make use of exploits? Foreign states are the most
capable actors =97 they are currently sitting up at the top of the
marketplace," he added.
Cummings went on to dissect the 'malicious marketplace', in which he
claimed the most significant element is foreign states, whose target
is information. Below them are criminals who are trying to compromise
the CNI in order to sell information. Hackers motivated by kudos or
money have "a variable capability", but are more serious than
terrorists, who currently have a "low capability", and pose the
smallest threat, Cummings claimed.
However, there is a risk these groups will increasingly work together.
"The risk from criminals [to the CNI] increases when they get into bed
with hackers. The capability of terrorists will increase if they
employ hackers," said Cummings. "We are concerned that the malicious
marketplace will make available exploits that can do us damage," he
Although foreign states are currently the most capable of launching
attacks, NISCC expected criminal capability to "expand and start to
bump against foreign states," Cummings said.
Cyberterrorism is a controversial subject within the security
industry. Some experts, such as Bruce Schneier, have claimed the
threat doesn't exist. Speaking in April, Schneier said that some
organisations have been abusing the term in an attempt to fuel their
Cummings said people needed to be aware of the threat from terrorism,
but stressed that he didn't want to hype the threat or alarm people.
"We are constantly aware that terrorists can attack us in a whole host
of ways. There is concern that terrorists can acquire exploits through
the 'malicious marketplace'. We would say there is hype around
cyberterrorism, but we need to remain eternally vigilant," Cummings
The UK government should be applauded for developing a more proactive
approach to this issue, according to the Communications Electronics
Security Group (CESG).
"The government is being proactive, and this is paying dividends. All
information is worth protecting =97 potentially as it could mean
people's lives. Where the squaddies are tomorrow needs to be kept
secret; you can't put a price on human life," said Chris Ulliot, head
of vulnerability research, CESG.
Cummings and Ulliot were speaking at SANS Institute's launch of its
Top 20 Critical Internet Vulnerability Listing at the Department of
Trade and Industry in London.
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.