UK government officials have come under sustained and targeted attack from malware in recent months, Foreign Secretary William Hague has confirmed in a speech at the Munich Security Conference.
The alarming developments included a campaign to get the Zeus information-stealing Trojan on to the government computers using an email that appeared to originate with the White House to an attack on the a Trident nuclear submarine defence contractor.
A third email attack from a “hostile intelligence agency” contained a PDF that could have compromised PCs used by staff had it been allowed to execute.
The picture built by Hague was of British Government that was now routinely under attack from state-of-the art malware built specifically to attack its infrastructure.
In all cases, security detected the attacks in time to stop them compromising security, Hague said, despite the fact that many of the malicious emails appear to have evaded initial filtering.
"Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common," Hague was quoted as saying.
Separately, the EastWest Institute think tank issued a report that has called for ground rules to be agreed upon by countries conducting cyber-espionage. A key argument is that cyberwar is a form of conflict that falls between current definitions of war and peace, a sort of perpetual conflict that could be open to mis-interpretation and over-reaction.
It might also be necessary define neutral zones to protect elements in cyberspace that have an impact on civilians.
It’s not a million miles away from an idea put forward by Bruce Schneier that the US, its allies and rivals should establish cyberdefence ‘hotlines’ to improve communication as a prerequisite to creating a set of treaties that govern how countries behave in the online world.
A key element of the UK strategy is the European Union cyber security plan which will look, among other things, to harmonise policing and cybercrime laws.