“Cyberspace” is the term used to describe the electronic medium of digital networks used to store, modify and communicate information. It includes the Internet but also other information systems that support businesses, infrastructure and services.
Cyberspace lies at the heart of modern society; it impacts our personal lives, our businesses and our essential services. A secure online environment is essential to HM Government, which is providing an ever-increasing number of online services to UK citizens and businesses as part of a major digital services transformation programme. The ability to conduct online transactions securely is central to the delivery of public and commercial services and communications. However, some individuals and groups use cyberspace for malicious purposes. We call these people 'hostile actors' and they exploit cyberspace to conduct espionage operations or launch damaging computer network attacks.
Cyber security affects both the public and the private sector and spans a broad range of issues related to national security, whether through terrorism, crime or state and industrial espionage.
E-crime, or cyber crime, whether relating to theft, hacking or denial of service to vital systems, has become a fact of life. The risk of industrial cyber espionage, in which one company makes active attacks on another, through cyberspace, to acquire high value information is also very real.
Cyber terrorism presents challenges for the future. We have to be prepared for terrorists seeking to take advantage of our increasing internet dependency to attack or disable key systems.
CPNI works with the National Cyber Security Centre (NCSC), Cabinet Office and lead Government departments and agencies to drive forward the UK's cyber security programme to counter these threats.
Although a significant and challenging issue in its own right, cyber is just one vector used by hostile actors to achieve their objectives. Cyber methods are often used in combination with other methods, such as recruitment of a human agent. Protective security measures aiming to prevent hostile cyber activity should, therefore, also take account of physical and personnel security considerations.
A wide range of hostile actors use cyber to target the UK. They include foreign states, criminals, "hacktivist" groups and terrorists. The resources and capabilities of such actors vary. Foreign states are generally equipped to conduct the most damaging cyber espionage and computer network attacks.
Hostile actors conducting cyber espionage can target the government, military, business and individuals. They use computer networks, for example, to steal large volumes of sensitive data undetected. This might include intellectual property, research and development projects, strategic data on a company's merger and acquisition plans, or any other information that the owner might want to protect.
Cyber espionage should be viewed as an extension of traditional espionage. It allows a hostile actor to steal information remotely, cheaply and on an industrial scale. It can be done with relatively little risk to a hostile actor's intelligence officers or agents overseas. We call this activity Computer Network Exploitation (CNE). Cyber espionage presents a real risk to the economic well-being of the UK. It poses a direct threat to UK national security.
Computer network attack
Hostile actors can also use malicious software (or malware) to disrupt and damage cyber infrastructure. This can range from taking a website offline to manipulating industrial process command and control systems. Such activity is known as Computer Network Attack (CNA).
More information about the cyber threat can be found on the NCSC website.