Introduction

This article defines key terms and concepts to give readers an understanding of the cyber domain and emerging challenges for central government, businesses, and individuals. The ‘cyber’ prefix relates to computers, information technology, and virtual reality. Currently, the UK is a global leader in cybersecurity, with 1400 businesses generating £8.9 billion in revenue in 2021 and supporting 46,700 skilled jobs. Cybercrime includes fraud and information theft from individuals, disruption and espionage against businesses, and attacks on government services. Reported losses from cybercrime in the UK cost £3.1 billion in the last year alone.

The UK Government’s Cyber Security Breaches Survey 2022 found that small to medium sized enterprises faced an average of £19,400 in costs from successful cyber attacks in 2022, with 31% of businesses and 26% of charities estimating they were attacked at least once a week. However, only 54% of businesses are actively working to identify cyber risks despite these impacts and 82% of senior managers rating cyber security as a high priority for their business. One of the major challenges in that the cyber domain is often discussed with a great deal of imprecision, with complex terminology shaping perceptions that highly technical understanding is required to understand cyber threats and opportunities. This is not the case, and the irremovable dependence on this domain in the modern world means all businesses and individuals should understand cyber and its implications.

What is the cyber domain?

Cyberspace describes the non-physical terrain created by computer systems and the electronic medium of digital networks used to modify, store, and communicate information. This includes the internet and other information systems that support businesses, infrastructure, and services. The UK’s National Cyber Strategy 2022 breaks down this maturing domain into three levels: virtual, logical and physical.

• The virtual layer is what most people experience, and consists of the virtual space and identities used by organisations and individuals. These include email addresses and social media accounts, and actors can have shared or multiple identities.
• The logical layer is made up of code or data, including software and operating systems. This logical layer requires the physical layer to function as information flows though wired networks or the electromagnetic spectrum.
• The physical layer includes all the hardware on which data is transmitted, ranging from the wires and internet routers in your home to the large complex telecommunications systems operated by private companies. This physical infrastructure also includes the electromagnetic spectrum on which data is transmitted, such as WiFi and radio frequencies. The logical and physical layers allow virtual identities to communicate and act.

We all rely on the constant availability of these systems to conduct transactions, work, travel, and communicate. While a secure online environment is essential to MH Government, which is providing an ever-increasing number of online services to UK citizens and businesses. The ability to conduct online transactions securely is central to delivering commercial and public services and communications. However, some individuals and groups use cyberspace for malicious purposes.

Cyber challenges

Cybersecurity refers to the technologies and processes designed to protect computers, networks, and data from unauthorised access, vulnerabilities, and attacks delivered via the internet, software, or hardware. 39% of UK businesses suffered some form of cyber attack in 2022, with a fifth of these involving a more sophisticated attack type such as a denial of service, malware, or ransomware attack.

• Cyber espionage allows an actor to steal information remotely, cheaply and on an industrial scale. This usually has a relatively low risk of attribution and response against perpetrators, and this activity is called Computer Network Exploitation (CNE). This presents both an economic risk to government and business, as well as a direct security risk as personal details or sensitive information could be stolen.
• Cyber attacks involve the using malicious software (or malware) to disrupt and damage cyber infrastructure. This ranges from taking websites offline to manipulating industrial process command and control systems. Such activity is known as Computer Network Attack (CNA). These attacks cause economic, security and reputational risks, with many organisations failing to prepare adequately.

Cyber espionage and attacks can often occur concurrently, with espionage often occurring without detection while disruptive attacks are subtle until demands are made. Here are some of the most common methods used:

1.   Phishing and Social Engineering

This is used in over 90% of cyberattacks due to its ability to be used at a large scale and automated. Social Engineering involves impersonating a trusted person or entity, and tricking individuals into granting an attacker sensitive information, transferring funds, or providing access to systems or networks. Whereas, Phishing attacks occur when a malicious attacker obtains sensitive information from a target and sends a message that appears to be from a trusted and legitimate source. The attacks include a prompt for the user to download malicious software, or request sensitive information directly through email, text messaging systems or social media platforms.

A variation on phishing is “spear phishing”, where attackers send carefully crafted messages to individuals with special privileges, such as network administrators, executives, or employees in financial roles and this often occurs when an email directory has been compromised.

2.   Ransomware

Ransomware is malware that uses encryption to deny access to resources (such as the user’s data or files), usually to compel the victim to pay a ransom. Once a system has been infected, files are irreversibly encrypted, and the victim must either pay the ransom to unlock the encrypted resources, or use backups to restore the data. This is one of the most prevalent types of attacks, often including extortion techniques, such as threatening to expose sensitive data if the target fails to pay the ransom. In many cases, paying the ransom is ineffective and does not restore the user’s data.

3.   Malware

There are many types of malware, of which ransomware is just one variant. Malware can be used for a range of objectives from stealing information, to defacing or altering web content, to damaging a computing system permanently. The threat landscape evolves very rapidly, but generally either steals information or gives an attacker control of your device.

4.   DoS and DDoS Attacks

Denial-of-service attacks overwhelm targeted system so they cannot respond to legitimate requests. Distributed denial-of-service (DDoS) attacks are similar but involve multiple host machines. The target site is flooded with illegitimate service requests and is forced to deny service to legitimate users. This is because servers consume all available resources to respond to the request overload. These attacks don’t provide the attacker with access to the target system or any direct benefits. They are used primarily to sabotage an organisation, or as a diversion used to distract security teams while attackers carry out other attacks or espionage activities.

Firewalls and network security solutions can help protect against most small-scale DoS attacks. Whereas, protecting against larger scale DDoS requires organisations to utilise cloud-based DDoS protection which can scale on demand to respond to a huge number of malicious requests.

UK Government Policy

The Integrated Review 2021 specified cyber power as being essential in achieving the UK’s objective of “sustaining strategic advantage through science and technology”, and underpinning other objectives of economic prosperity, security and resilience. The National Cyber Strategy 2022 refined the UK’s cyber objective to be the “leading responsible and democratic cyber power, able to protect and promote our interests in and through cyberspace in support of national goals” (HM Government, 2021, pg.32).

The National Cyber Strategy 2022 also elevated the National Cyber Security Strategy 2016’s description of cyber from an increasing security concern for technology specialists to a core component of the UK’s economic strategy. The National Cyber Strategy 2022 stated that a “whole of society” approach is now required, with collaboration between government actors and commercial, education and technology sectors to increase the industrial capacity and skills base needed to reduce the UK’s aggregate vulnerabilities. To improve and grow the UK’s cyber sector we must seek to develop a larger skilled workforce, new training methods and qualifications, greater resilience, and technical leadership.

This updated strategy set out five pillars to support these ambitions;

1.   Strengthening the UK’s cyber ecosystem.

2.   Build cyber resilience for a prosperous digital UK.

3.   Countering threats by detecting, disrupting, and deterring our adversaries to enhance UK security.

4.   Gain technological advantage in vital capabilities for cyber power.

5.   Advance UK global leadership and influence for a secure and prosperous international order.

Future articles in this series will summarise the UK’s 2022 National Cyber Strategy and supporting documentation, discuss economic risks, cybersecurity standards and training, and articulate the structural challenges in training and qualifying sufficient skilled professionals to support businesses and central government in counteracting increasing cybersecurity challenges.