17 Nov 2015

Is Isis planning murderous cyber attacks?

Is Isis really preparing to kill people by cyber attacking our infrastructure? That’s what the Chancellor seemed to say this morning as he unveiled a series of cyber security measures at GCHQ, the government’s surveillance centre.


I can’t remember any of my contacts flagging up the threat of a lethal Isis cyber attack (and if there’s one thing the tech security community likes to do, it’s hype up a threat).

As far as I know, there are two Isis behaviours online that are a cause for concern: firstly the use of encrypted technology by jihadis to communicate with each other that potentially puts them beyond the reach of GCHQ’s officers.

Secondly, the use of open and more secretive channels for promotion of and recruitment to Isis causes (as ably demonstrated by my colleague Mike Deri Smith)

Yet George Osborne said of Isis: “They have not been able to use (the internet) to kill people yet by attacking our infrastructure through cyber attack. They do not yet have that capability. But we know they want it, and are doing their best to build it.”

Let’s be clear: even the most advanced cyber attack yet exposed, the Stuxnet virus that infected an Iranian nuclear reactor, did not kill anyone as far as we know. Cyber tactics are used in war, but as a “force multiplier” for the weapons that actually do the damage.

I’ve been covering cyber security for several years and I think it’s a hugely important topic, but I’ve very, very rarely come across incidents that directly resulted in physical harm, let alone death.

GCHQ’s experts know lots of things that I don’t, so perhaps they’ve seen something to support the Chancellor’s statement.

But  the people who run our power stations, transport networks and other vital industries have long been alive to the threat of cyber attack, and working with the Committee for the Protection of National Infrastructure they’ve been cagey about putting their back-office systems online for that very reason.

I applaud any advances in our national tech security, and George Osborne’s announcement of a National Cyber Centre might help eliminate the chaotic mix of agencies battling online wrongdoing. But flagging up a mortal threat seems outlandish.

Follow @geoffwhite247 on Twitter