DSEi 2011: Cyber attacks only tip of the iceberg, says Detica

The number of 'highly covert and targeted' cyber warfare attacks against defence and national security organisations around the world cannot be estimated, according to a wholly-owned subsidiary of BAE Systems.

Speaking at DSEi on 15 September, Henry Harrison, technical director at Detica, said the point of a covert attack was to evade detection. Acknowledging the 'Stuxnet Incident' which he said was 'widely believed' to have comprised an effort to cause disruption to uranium centrifuges in Iran, Harrison admitted: 'We don't know how many more [attacks] there have been.'

Highlighting the wide array of cyber attacks, which can range from visible to covert missions, Harrison described attackers' objectives to disrupt, manipulate and thieve information. 'These are the things you might want to do in cyber space,' he said.

Highly covert targeted attacks, he continued, comprised military attack, hacktivism, extortion, terrorism and cyber espionage - the last of which he described as being 'rife' and 'less reported'.

A small number of reported incidents is blamed on the 'Targeted Attack Iceberg' which comprises reported, unreported and undetected incidents.

'Cyber espionage may be more significant than you may be aware of. Defence and national security organisations around the world are affected by this. What is really significant is that the problem has grown,' Harrison continued.

Referring to the UK's National Security Strategy which highlighted cyber as one of four 'tier one' risks to the country and designated some £650m to the cause, he urged: There is real recognition from the government that cyber security is no longer the preserve of geeks and information technology specialists.'