The armed forces are now so dependent on information technology that their ability to operate could be ‘fatally compromised’ by a sustained cyber attack, MPs have warned.
The Commons Defence Committee said the cyber threat to UK security had the ability to evolve at ‘almost unimaginable speed’ and questioned whether the Government had the capacity to deal with it.
It called on ministers to take a more hands-on approach to ensure proper contingency plans were in place.
The committee heard evidence that entire combat units, such as aircraft and warships, could be rendered completely dysfunctional by a cyber attack. Experts warned an enemy could seek to target radar or satellites to create a ‘deceptive picture’ in the military command structure while the increased use of unmanned drones and battlefield robots potentially added to the vulnerability.
‘The evidence we received leaves us concerned that with the armed forces now so dependent on information and communications technology, should such systems suffer a sustained cyber attack, their ability to operate could be fatally compromised,’ the committee said.
‘Given the inevitable inadequacy of the measures available to protect against a constantly changing and evolving threat ... it is not enough for the armed forces to do their best to prevent an effective attack. In its response to this report the Government should set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so - and urgently create some.’
The committee accused ministers of “complacency” over the failure to develop rules of engagement covering the military response to a cyber attack on the UK.
‘Events in cyberspace happen at great speed. There will not be time, in the midst of a major international incident, to develop doctrine, rules of engagement or internationally-accepted norms of behaviour,’ it said. ‘There is clearly still much work to be done on determining what type or extent of cyber attack would warrant a military response.’
Defence Minister Andrew Murrison rejected accusations of complacency, saying the Government was investing £650 million over four years in the national cyber security strategy programme.
Shadow defence secretary Jim Murphy said: ‘This report is worrying. The Government stand accused of complacency and lacking contingency planning. Policy progress is falling behind the pace of the threat our armed forces face.’