The Islamic State terror group hasn’t demonstrated the ability yet to wage a cyberattack on the same scale as a full-fledged nation-state, but the fatal events that unfolded last week in Paris, France have forced British authorities to fund the nation’s digital endeavors like never before.
In the wake of Friday’s terrorist attacks, Chancellor of the Exchequer George Osborne announced this week that the U.K. is ramping up its abilities to fend off any future attacks against Britain’s online infrastructure, and for the first time is establishing policies for launching offensive strikes of its own.
Mr. Osborne, the U.K.’s top financial official, said on Tuesday that he’s asked to nearly double the spending allocated to the government’s cybersecurity programs “to protect Britain from cyber attack and develop our sovereign capabilities in cyberspace.”
The additional investment of £1.9 billion over the next five years will bring the British government’s total cyber spending to more than £3.2 billion, Mr. Osborne said during an address at the headquarters of GCHQ, the U.K. spy agency, while specifically singling out the Islamic State group as the potential perpetrator of cyber war with Britain.
“The Internet has made us richer, freer, connected and informed in ways its founders could not have dreamt of. It has also become a vector of attack, espionage, crime and harm,” said the chancellor.
“It is right that we choose to invest in our cyber defences even in a time when we must cut other budgets,” he continued, calling his proposal “a bold comprehensive plan to give Britain the next generation of cyber security.”
While western intelligence has largely downplayed the digital capabilities of hackers working for the group also known as ISIS or ISIL, Mr. Osborne said extremist groups across the board are expanding their cyber efforts on a routine basis and could perhaps cripple critical infrastructure if proper precautions aren’t in place.
“ISIL are already using the internet for hideous propaganda purposes; for radicalisation, for operational planning too. They have not been able to use it to kill people yet by attacking our infrastructure through cyber attack They do not yet have that capability. But we know they want it, and are doing their best to build it,” Mr. Osborne said.
“From our banks to our cars, our military to our schools, whatever is online is also a target,” the chancellor said, adding “The stakes could hardly be higher.”
“If our electricity supply, or our air traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost,” said Mr. Osborne.
As part of the British government’s new effort to deter cyberattacks against its infrastructure, the chancellor said the U.K. is establishing new policies that will let authorities launch “offensive” cyber attacks against terrorists for the first time.
“Strong defenses are necessary for our long-term security. But the capacity to attack is also a form of defense,” he explained. “If we are to tackle the asymmetry between attack and defense, then we need to establish deterrence in cyberspace.”
The chancellor’s remarks echo concerns voiced by American lawmakers as of late who have advocated for formally adopting a policy with respect to offensive cyberattacks.
“We don’t know what constitutes an act of war, what the appropriate response is, what the line is between crime and warfare,” Rep. Jim Himes, Connecticut Democrat, said during a House Intelligence Committee hearing on global cyber threats in September.
“[It’s critical that] we commit ourselves as a country to lead the establishment of some rules of the road internationally on how warfare and crime is conducted in the cyber realm,” the congressman pleaded.
Last week, the U.S. Congress approved next year’s National Defense Authorization Act, in turn authorizing the Pentagon to conduct a series of war games “to assess the strategy, assumptions, and capabilities of the United States Cyber Command to prevent large-scale cyber attacks, by foreign powers with cyber attack capabilities comparable to the capabilities that China, Iran, North Korea and Russia are expected to achieve in the years 2020 and 2025, from reaching United States targets.”