The armed forces are now so dependent on information technology that their ability to operate could be “fatally compromised” by a sustained cyber attack, MPs warned today.
The Commons Defence Committee said the cyber threat to UK security had the ability to evolve at "almost unimaginable speed" and questioned whether the Government had the capacity to deal with it.
It called on ministers to take a more hands-on approach to ensure proper contingency plans were in place.
The committee heard evidence that entire combat units, such as aircraft and warships, could be rendered completely dysfunctional by a cyber attack.
Experts warned an enemy could seek to target radar or satellites to create a "deceptive picture" in the military command structure while the increased use of unmanned drones and battlefield robots potentially added to the vulnerability.
"The evidence we received leaves us concerned that with the armed forces now so dependent on information and communications technology, should such systems suffer a sustainedcyber attack, their ability to operate could be fatally compromised," the committee said.
"Given the inevitable inadequacy of the measures available to protect against a constantly changing and evolving threat ... it is not enough for the armed forces to do their best to prevent an effective attack.
"In its response to this report the Government should set out details of the contingency plans it has in place should such an attack occur. If it has none, it should say so - and urgently create some."
The committee accused ministers of "complacency" over the failure to develop rules of engagement covering the military response to a cyber attack on the UK.
"Events in cyberspace happen at great speed. There will not be time, in the midst of a major international incident, to develop doctrine, rules of engagement or internationally-accepted norms of behaviour," it said.
"There is clearly still much work to be done on determining what type or extent of cyber attack would warrant a military response."
Committee chairman James Arbuthnot said it was now essential that ministers took the lead in ensuring effective plans were in place to cope with the threat.
"It is our view that cyber security is a sufficiently urgent, significant and complex activity to warrant increased ministerial attention," he said.
"The Government needs to put in place - as it has not yet done - mechanisms, people, education, skills, thinking and policies which take into account both the opportunities and the vulnerabilities which cyberspace presents."
Defence Minister Andrew Murrison rejected accusations of complacency, saying the Government was investing £650 million over four years in the national cyber security strategy programme.
"The UK Armed Forces and the equipment and assets they use are amongst the world's most modern and advanced, so of course information technology plays a vital role in their operation," he said.
"Far from being complacent, the MoD takes the protection of our systems extremely seriously and has a range of contingency plans in place to defend against increasingly sophisticated attacks although, for reasons of national security, we would not discuss these in detail.
"Government funding to tackle this threat underlines the important we attach to these issues."
Shadow defence secretary Jim Murphy said: "This report is worrying. The Government stand accused of complacency and lacking contingency planning.
"Policy progress is falling behind the pace of the threat our armed forces face.
"Developing professional expertise, advanced research, bringing public and private sectors together, using procurement to promote best practice and working with international partners are all essential elements of a comprehensive cyber-security strategy for our forces.
"Vulnerabilities must be tackled urgently and ministers must respond in detail to the demands in this report. Cyber demands new strategies and capabilities as part of a necessarily diverse modern defence posture."
- More about:
- Armed Conflict
- Department Of Defense
- Information Technology
- SAndp500 Information Technology