Home Tags Cyber War

Tag: Cyber War

Greenbacks needed for 'electromagnetic railguns, lasers, and electronic warfare' The Pentagon has asked for $582.7bn to bolster the US Department of Defense's (DoD) capabilities, especially when it comes to a future cyber and space war. Testifying before the House Appropriations Committee, which regulates the US Government's expenditure, the Defense Secretary Ash Carter explained why his department was requesting so much for FY 2017. Carter said the budget, which is annual, was “taking the long view" and preparing “for what might come 10, 20, 30 years down the road.” which the Pentagon seemingly expects full-on cyberwar, and rail-gun laden post-orbital spacecraft nuking each each other off of the shoulder of Orion. In his submitted statement, Carter particularly focused on the threats that cyber and space warfare posed in that period – noting specifically how “innovation in technologies like the electromagnetic railgun, lasers, and new systems for electronic warfare, space, and cyberspace” will be particularly relevant to “deterring Russia.” Cyber & Electronic Warfare New investments in cyber will stretch to over $900m, according to Carter, primarily focusing on defending American networks.

They also included building potential military response options to "even the most advanced adversaries" in the cyber domain, whom Carter has previously claimed were the Russians, Iranians, Chinese, North Koreans and general terrorists. "As I made clear when I released DoD’s new cyber strategy last April," said Carter, "we have three missions in cyberspace – first and foremost, to defend our networks, systems, and information; second, to defend the nation and our interests from cyberattacks of significant consequence; and third, to provide options that can augment our other military systems." It was due to the “pervasive presence” of Daesh online, and the recent data breaches at the Office of Personnel Management, that the DoD “has undertaken responsibility for the development, maintenance, and cybersecurity of the replacement background investigation systems and their data infrastructure” according to Carter, whatever the "replacement background investigation systems and their data infrastructure" may be $6.7bn specifically was committed over the financial year to fund the US Cyber Strategy, which was stated to enable the DoD to “continue to develop, train, and equip our growing Cyber Mission Force, and also make new technological investments to strengthen our cyber defenses and capabilities.” A further $347 million was being invested over the five-year defense plan to help provide cyber tools and support infrastructure for the various forces operationalised to do military business on the 'net. Space War Carter was also keen to note that the “budget continues and builds upon important investments in last year’s budget to help secure US access to space and address space as an operational domain.” The 2016 budget had included $5bn to make America "better postured for contested military operations in space – including over $2 billion in space control efforts to address potential threats to US space systems Carter was keen to stress that, while in the past "space was seen as a sanctuary, new and emerging threats make clear that’s not the case anymore, and we must be prepared for the possibility of a conflict that extends into space." Out-and-out orbital warfare seems unlikely at the moment, however, but enemy activities in space could involve anti-satellite operations, as well as "jamming radars" and borking comms and GPS capabilities, suggested Carter, disrupting America's work to "identify, target, reach, and destroy an enemy with precision." Carter said that the US must "focus on assuring and defending these capabilities against aggressive and comprehensive counter-space programs of others.

Though competitors may understand our reliance on space, we will not let them use it against us, or take it away." ®
By Barry Mattacott, marketing director, Wick Hill Group Are industrial control and SCADA (Supervisory Control and Data Acquisition) systems the new frontier, not just for cyber-crime but also for cyberwar? Until recently, when you were at war with a country, you sent in your bombers. First they hit the military targets. Once they had finished those off, they would hit infrastructure, with attacks designed to destroy industry and demoralise the civilian population. Electricity production, oil and gas, even water and waste services would all be targeted. However, nowadays, you don't need brute force to turn the lights off. This was recently demonstrated by hackers attacking The Ukraine, who succeeded in knocking out power supplies to up to 1.4 million residents through the social engineering attack known as spear phishing. An infected Word document was used to introduce BlackEnergy malware into critical systems. http://www.bankinfosecurity.com/ukrainian-power-grid-hacked-a-8779/op-1 It was also social engineering which introduced that classic piece of industrial control malware, Stuxnet. It is now widely believed that Stuxnet was originally developed by an American/Israeli alliance, specifically to attack the control systems within Iran's nuclear industry. It eventually destroyed around 20% of Iran's centrifuges. The belief is that it was introduced into their system via an infected USB stick. Statistically, 60% of found USB sticks get plugged straight in, with this rising to 90% if the USB stick has a recognizable logo on it. https://en.m.wikipedia.org/wiki/Stuxnet More recently, researchers revealed a vulnerability in the Chrysler Jeep which caused the virtual recall of 1.4 million vehicles. It was demonstrated that a hacker could wirelessly access the control systems of the Jeep with the potential to disable the brakes and steering. Although a recall notice was issued, owners were sent a USB stick that allowed them to apply an update themselves without the need to take the vehicles back to a dealer. Chrysler also implemented network level security protection to block the exploit on the Sprint cellular network that connects their cars to the Internet. http://www.wired.com/2015/07/jeep-hack-chrysler-recalls-1-4m-vehicles-bug-fix/ Let's not stop at cars, let's think big - The Great Train Robbery 21st Century style. Now they can steal the whole train! A hacking team has discovered vulnerabilities within the control systems used in train networks worldwide that could allow attackers to cause derailments and even steal a whole train. https://www.rt.com/usa/327514-absolutely-easy-hacking-train-systems/ Other worrying hacking incidents include The Slammer Worm, which affected critical infrastructure as diverse as emergency services, air traffic control, water systems, ATMs, electrical companies, and a nuclear power plant’s process computers and safety display systems. So why are these systems all so vulnerable? It’s probably due to a number of widely held misconceptions which were highlighted in research by Kaspersky Lab entitled ‘Five Myths of Industrial Control Systems Security.’ http://media.kaspersky.com/pdf/DataSheet_KESB_5Myths-ICSS_Eng_WEB.pdf Myth Industrial control systems are not connected to the outside world. Fact: Most industrial control systems have eleven connections to the Internet. Myth We are safe because we have a firewall. Fact Most firewalls allow "any" service on inbound rules. Myth Hackers don't understand SCADA. Fact More and more hackers are specifically investigating this area. Myth We are not a target. Fact Stuxnet showed us that just because you weren't the intended target of industrial hacking, doesn't mean you won't become a victim. Myth Our safety system will protect us. Fact The chances are that your safety and control is using the same operating system with the same vulnerabilities. ConclusionLittle recognised, dangerous, seriously disruptive, disabling, potentially lethal, and not widely defended against, industrial control and SCADA systems have the potential to be the new front line in modern warfare. Instead of brute force, countries can be softened up by the loss of essential infrastructure and services. Infrastructure providers, utility companies, transport companies and any organisation whose disruption could cause serious problems, as well as governments themselves, need to look much more seriously at how to defend against such cyber- attacks. Or there could be serious consequences for national security. About the author Barry Mattacott is marketing director of Wick Hill Group, which is based in Woking, Surrey and Hamburg Germany. Wick Hill Group is part of Rigby Private Equity (RPE), a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc. Specialist distributor Zycko is also part of RPE, and in co-operation with Zycko, Wick Hill can offer a pan-European service which provides a common proposition and consistent delivery for vendor and reseller partners covering 13 countries. Users of products sourced through Wick Hill include most of the Times Top 1000 companies, in addition to many non-commercial organisations, government departments and SMEs across all business sectors. Through its channel partners, the company has delivered IT solutions to more than a million users world-wide. Wick Hill currently has offices in Woking, Surrey, with sister offices in Hamburg. ENDS For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com, Wick Hill https://www.wickhill.com Source: RealWire
Cyber war is real and likely in our lifetime, according to Richard Clarke, chief executive of Good Harbor Security Risk Management. “Nuclear war is less likely because of international arms control agreements but, as yet, there are no such agreements on limiting cyber weapons,” he told the RSA Conference 2015 in Abu Dhabi. The recent pact between the US and China promising no cyber espionage is really all there is, said Clarke, a former special advisor on cyberspace to three US presidents, but he said there are already indications that China is not keeping that promise. “There is the Budapest Convention on cyber crime, but that does not really have any teeth,” he said. Clarke said it was appropriate to have a cyber security conference in the Arabian Gulf, because it was in that region that the first real battle of cyber war took place. Just five years ago, it was considered by many to be science fiction that nation states could use bits and bytes to create the same sort of destruction as bullets and bombs, he said. But Stuxnet changed all that, said Clarke. “The US government still won’t admit it, but everyone else seems to understand that the US fired the first shot, that engaged in destructive cyber war.” The target of the physical destruction was the centrifuges in use at the Iranian uranium enrichment site. Instead of a bomber or missile attack, he said the US decided to attack with software. “Despite the plant being disconnected from the internet, the US still managed to get a huge piece of code into the plant without being detected,” said Clarke. The sole purpose of the Stuxnet malware, he said, was to make subtle changes to the operation of the centrifuges that over time would destroy 800 without raising any computer systems’ alarms. Although Stuxnet was designed to self-destruct and cover its tracks, Clarke said it somehow escaped into the wild, with the result that the code of the first known cyber weapon became publically available. “Governments and hackers throughout the world were able to download it and learn from it,” he said. Iranian retaliation But Clarke said that was not the end of the first battle in cyber war; shortly  afterwards Saudi Aramco was targeted by an attacked now believed to have been ordered by the Iranian government. While the attack on Aramco was not a sophisticated piece of software, he said it nonetheless had a very impressive result, wiping all software from 30,000 endpoints, including routers, servers, printers, laptops and desktops – halting the, normal business operation of the company for weeks. “But still it wasn’t over, because just weeks later the eight largest banks in the US – some of which spend up to $250m a year on cyber security – suddenly found they were being targeted by an Iranian-inspired DDoS (distributed denial of service) attack that they couldn’t deal with because it was eight times larger than any DDoS attack seen previously,” said Clarke. The important thing to note, he said, is that even though the banks’ online banking systems collapsed under the attack, the US government was unwilling to step in and help “Iran was sending a message. Their message was: We can attack the US, and we can attack the most important part of the US economy: the banking industry.” According to Clarke, the banks asked the government for help, but the government decided that it was the banks’ problem. The banks then turned to their internet service providers who tried and failed to stop the DDoS attacks. Imbalance in cyber defence capability Finally the attacks stopped, he said, but not because of action by the government or the ISPs – but because the Iranians had made their point and demonstrated their capability. The lesson to be learned, said Clarke, is that, while the US had created an offensive cyber capability, it had not created and equal ability to defend the US from cyber attack. “When most governments around the world – not just the US – think about cyber war, they tend to put their money into offensive capability,” he said. The lesson for the US banks was that, when they come under cyber attack, they are on their own. “When you go back to your companies, remind them of that lesson,” he told conference attendees. “At the CEO level of large companies, at the board level, in the UK, Germany, Japan and in the UAE, they assume that if their company should every come under cyber attack by a foreign government, that their own government will defend them. But the lesson from that first battle in cyber space is that you can’t count on that,” said Clarke. He said that investing only in an offensive cyber capability is risky, because that will be of little use to the average citizen or company when a nation’s critical national infrastructure has been crippled by a cyber attack and there is no electricity, water, gas, banking or telecommunication services. A cyber attack in which the power grid is attacked and the physical infrastructure is destroyed, he said, is not science fiction. It is also something that would take weeks and even months to fix. No backup for medieval roll-back “A cyber attack – without firing a single bullet, without a single bomb going off and without aircraft or missiles – can reduce a modern society to medieval times, and there is in almost no society the ability to roll back to a pre-cyber existence. There are no backup systems. Try to find anything that operates after a massive cyber attack. That’s the reality,” said Clarke. The fact that the world has not yet seen a massive cyber attack of this kind does not mean that it cannot happen, he said. It just means no nation has had the cause to use this capability yet. “But when nations that possess these cyber weapons do decide to go to war, they will use them,” said Clarke. “The result will be that the society attacked is rendered useless. Unable to function for weeks or months on end, and that’s going to happen in your lifetime so cyber security and cyber war are not some marginal issue in your government or in your company. They could be the most important issue of your generation,” he said. Need for international diplomacy For this reason, Clarke said governments need to begin serious negotiations to reach international agreements on arms control in cyber space, in the same way they did on nuclear arms control. He called on information security professionals who understand cyber security to help diplomats construct proposals on how to control arms in cyberspace. “The other thing we can do is to have governments force companies – particularly those that run critical national infrastructure – to have better cyber security. Instead of concentrating all of their efforts on offensive cyber war, governments should think about how they protect their own countries, and that can be through regulation,” said Clarke. But he said most governments are reluctant to tell private companies what to do. As a result, most companies that run oil, gas, water, electricity and banking systems are still “extraordinarily vulnerable to cyber attack”. Clarke said while 100% security is impossible to guarantee, most of the data breaches that have become public in recent months could have been prevented by existing technologies. “There are technologies today that can stop most attacks which, if deployed properly and in the right combination, would make it very difficult for attackers to achieve their goals – and yet they are not being used,” he said. Regulatory role for governments These include technologies for continuous monitoring, network segmentation and network resilience. “Governments could require companies to do that, and in industries in countries where some countries have, we have seen vast improvement in security. But without government regulation, companies will not do it voluntarily,” said Clarke. He said no organisation will be as secure as it could be with existing technologies, unless they are forced to do it through regulations. “The only companies that really pay attention, are companies that have had massive and devastating attacks that have become known publically and several executives have been dismissed.” Clarke called on information security professionals to advocate their governments test the cyber security of companies, and mandate what they need to do to become secure. “In the absence of that, we will continue to have a very good offensive capability, which will eventually be developed by every nation and dribble down to individual hackers and terrorist groups,” he said. According to Clarke, a former US national co-ordinator for security and counter-terrorism, once terror groups have the acquired the capability to carry out major cyber attacks against infrastructure, they will not hesitate to do so. Cyber risk from terror groups “The history of cyber war so far has been that capability that at one point could be done only by one or two nations, dribbles down, expands, proliferates and spreads to many more, and eventually it will leak out to individual hackers and terrorist groups,” he said. Clarke said terror groups such as Al Qaeda have vast amounts of money that can be used to hire and train hackers. “So in addition to the nation state threat, the next threat that we haven’t seen yet, but will happen, is sophisticated terrorist cyber attacks,” he said. Clarke said this is the message that information security professionals need to take to business and political leaders. “If this fails to resonate with your leaders, tell them they are already in a cyber war because it includes cyber espionage and cyber crime, which go on every day, costing companies billions. “As cyber security professionals, you have an obligation to not only secure your own network, but to also take the message to your leaders, who don’t know how much damage can be done,” he said. Security professionals, he said, can help company and political leaders to understand the risks as well as what can be done minimise that risk and make attacks less damaging when they happen. “We are running huge risks, we haven’t yet seen the full extent of the damage that can occur through cyber attack, and we need to do more on the defensive side because having a great offensive capability won’t turn the lights back on.”
Participants in the UK competition faced a fictitious cyber terrorist network.

Why we need cyber war games

After a year of high-profile cyber attacks, the US and UK have agreed to set up a joint cyber squad and conduct a series of cyber “war games” to test each other’s resilience – but will that really do any good? The cyber security industry response has been largely positive and, if anyone should know, it is this community which is responsible for the cyber safety of business organisations around the world. “This programme has been needed for some time. Vital services already have regular drills against more traditional methods of attack, but with a growing number of cyber attacks on large companies – most recently Sony – the government has recognised the need for far more comprehensive cyber warfare protection,” said Roy Tobin, threat researcher at security firm Webroot. “These tests will go beyond the normal scope of internal security testing by using custom malware built specifically to try and bring down a particular service. “This programme will finally test how banks fare in protecting vital infrastructure from these more complex attacks that require a high level of skill from the attacker – for example, targeted attacks such as spear phishing, botnets, distributed denial of service (DDoS) attacks and advanced persistent threats (APTs). Tobin said with the threat landscape changing on an almost daily basis, attackers are constantly devising new, more complex techniques to bypass security systems. “Our testing scenarios and defences need to keep pace,” he said. Other security professionals said the joint exercises will bolster collaboration on cyber security between government, military and business sectors. Threat to the economy Although high-profile cyber attacks have raised awareness of the threat of cyber warfare and cyber terrorism among the public, many people still struggle to imagine how cyber conflict could wreak the same havoc as conventional war, according to Andy Settle, chief cyber security consultant and head of practice at Thales UK. “But as former director of national intelligence Mike McConnell noted, cyber war has the potential to mirror the doomsday nuclear threat – less in the physical sense, but in terms of the economic and psychological effects. The threat posed and potential consequences go beyond one sector’s scope to deal with it effectively. This is why the process for dealing with these threats must take a collaborative approach between the government, civilian world and the military,” he said. Darren Anstee, director of solutions architects at Arbor Networks, said anything that focuses organisations on their incident-handling processes and capabilities is a good thing. “The more these are used and tested, the better our people and processes – and thus our defensive capabilities – become,” he said. The first in the series of joint US-UK cyber testing exercises will be simulated attacks on the City of London and Wall Street amid growing fears about the vulnerability of the financial sector. Cyber security professionals agree this is a good place to start. Risk to financial sector “As the sophistication and regularity of cyber attacks continue to increase, it has never been more important for organisations to have robust cyber defences, and this is particularly important in the financial services sector, with personal data and highly confidential information at risk of falling into the wrong hands,” said Robert Norris, director enterprise and cyber security, Fujitsu UK and Ireland. According to Norris, research commissioned by Fujitsu revealed that only a third of financial services organisations are "very confident" that they would be able to guarantee security measures in the event of an IT failure. “Clearly there is a need to address these issues to ensure the finance industry does not fall victim to significant cyber attacks. The collaboration between the US and UK will bring together companies at the forefront of the cyber security industry to share knowledge, skills and technologies which will help to address these growing threats and strengthen the defences already in place,” he said.   An attack on a country’s financial sector could lead to disastrous consequences around the world, with staggering effects on markets, said Andy Settle of Thales UK. “To this end, it is promising to see that the first drill is targeting the City of London and Wall Street, taking clear precautions to ensure the security of these countries’ economic infrastructure,” he said. UK and US joint exercises Settle said the new round of cyber resilience testing will build on the successes of collaborative cyber conflict simulation, which have been a regular occurrence between the UK and the US for nearly 10 years. “US exercises, such as Cyber Flag and Cyber Guard which take place every year, have been a crucial factor in developing qualified responses to cyber attacks,” he said. Others cyber security professionals welcomed the focus on the cyber defences of critical national infrastructure. “With the majority of their critical national infrastructure running on connected networks, these industries cannot afford to take any liberties,” said Ross Brewer, vice-president and managing director for international markets at LogRhythm. “The last couple of years have shown it really is a case of when, not if, they will be targeted, and by using the most sophisticated techniques, the US and UK crime agencies will be able to expose any existing weaknesses. Businesses will no longer be able to cross their fingers and hope that their ill thought-out or inadequate security strategies will be sufficient,” he said. Window dressing? Despite the general support for the cyber war games in principle, some have expressed concern that the initiative may be little more than window dressing aimed at allaying concerns about cyber attacks. “Technical teams need to be given the freedom, resources and time to ensure this is more than just a public relations exercise,” said Chris Boyd, malware intelligence analyst at security firm Malwarebytes. “Today's advanced attacks are carried out by creative, skilled teams who are not burdened by the limitations of Government bureaucracy, something which needs to be replicated for such an initiative to flourish.” Richard Cassidy, European technical director at Alert Logic, said the success of the exercises will depend on how the information about the lessons learned is shared. “The goal has to ensure better security posture of the targets and raised awareness across the industry of the real danger organisations face into today’s light-speed evolving threat landscape,” he said. Cassidy said that, like all security best practice, organisations need to assess and assure their environments constantly against the latest threats and compliance mandates. “The war games are a great start but, without repeated activity – not just by government led bodies, but by businesses themselves –  it can be case of ‘baton down the hatches’ for the storm and focus moved elsewhere until the next event, but this would be missing the point entirely,” he said. Security agency collaboration Ross Brewer of LogRhythm said sharing of intelligence between MI5, GCHQ and the FBI will be key to the initiative’s success. “While in the UK we have seen the Waking Shark exercise and the Bank of England employee ethical hackers to test its infrastructure in recent years, it is only worthwhile if the lessons learned are acted on and shared with a wider audience. It doesn’t matter which industry you are in, or which country you live, it’s still us against the bad guys," he said. Brewer said many industries are still failing to take a proactive approach to cyber security. “Businesses need to be constantly prepared for an attack and any of those in this programme who aren’t doing this should expect to be exposed,” he said. Darren Anstee of Arbor Networks said the fact that determined, well-resourced and persistent attackers will usually find some way into an organisation means the speed with which an organisation’s tools and processes enable it to detect and contain a problem is becoming increasingly important. And, although data breaches can have a devastating impact on businesses, the risk of cyber attack is not an unmanageable one, said Richard Horne, cyber security partner at PricewaterhouseCoopers (PwC). “While attacks are becoming more sophisticated, so too are defences. With focused investment, preparation and the right skills, companies can defend themselves by both preventing the vast majority of breaches, and reacting rapidly and appropriately when incidents do happen,” he said. But, due to the global nature of cyber risk, Horne said collaboration between the UK and the US is paramount to combating the threat. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK
The United Kingdom and the United States will carry out simulated cyber attacks on each other as part of a war games initiative designed to bolster national cyber defences against computer hackers and other internet criminals. Prime Minister David Cam...
NEWS ANALYSIS: We've had isolated hack attacks before, but never sustained war. Here's why cyber-war is here to stay. Isolated cyber attacks between governments have been taking place for decades. The 2010 "Stuxnet" attack on Iran to disrupt that country's nuclear program is one stellar example. The multi-year "Red October" hack discovered in 2012 is another. But we seem to be entering a new era of bona fide cyber-war, where two nations engage in frequent attacks that are claimed to be retaliation for previous attacks. The recent attack on Sony Pictures, which probably involved the North Korean government and which may have provoked a counter-attack by the U.S. government, appears to be the start of a sustained cyber-war between the two countries. In this column, I'll review the facts of the Sony hack. Then I'll spell out what it is about this episode that serves as a harbinger of the endless cyber-war to come. The Sony Pictures hack and its aftermath The whole Sony Pictures hack is rife with speculation and false claims of certainty. Let's start with the actual facts. On Nov. 24, hackers downloaded copies of huge quantities of data from Sony Pictures computers, which included personnel data on employees (including executive salaries and employee performance reviews), emails and possibly creative content like screenplays and even movies. The hackers then erased company computers, including boot records (making recovery difficult or impossible) and left behind graphic images claiming that a group called the Guardians of Peace, or GOP, were responsible. The White House and FBI said that the government of North Korea was "centrally involved" in the attack and promised an "appropriate" response. The North Korean government denied involvement, but said it was a "righteous deed" that may have been carried out by its "supporters and sympathizers" in retaliation for the Sony Pictures comedy, "The Interview," which is set in North Korea, mocks the North Korean regime and depicts the assassination of Kim Jong-Un. The GOP referred to North Korea and "The Interview" only after that nation and that motivation were publicly associated with the attack. Last week, North Korea lost internet access nationwide for more than nine hours. Then another outage struck the country on Saturday. North Korea blamed the U.S. for the outages; president Obama had no comment. There's much more collateral damaged from this network breach, including scandalous content revealed in stolen documents posted online, Sony's initial decision to cancel the theatrical release of the "The Interview," followed its decision to reverse course and distribute the file online and in theaters. But these aspects are peripheral to the events as a harbinger of the cyber-wars to come. Here's what we don't know. First and foremost, we don't know for certain whether the North Korean government actually had a role in the Sony Pictures hack. We don't know who Guardians of Peace are. We don't know if someone inside Sony Pictures helped with the attack. We don't know if GOP leaked five movies to torrent sites. We don't know if the U.S. was responsible for the North Korean internet outage. We may find learn some of this information, or we may not. But that hardly matters. The U.S. and North Korea blame each other and each says they will retaliate. It doesn't matter. This is the start not only of a cyber-war between the U.S. and North Korea that won't end as long as the North Korean regime exists—and it's also the start of an era where cyber-war is the normal state of affairs on the Internet.
Computer-based hack in 2008 could add important new chapter.
Sony can't catch a break, no matter how hard the company tries. Just years after its PlayStation Network was taken down by a major hack, the Sony Pictures business has also fallen prey to hackers that have not only accessed a wide range of internal inf...
The UK is to recruit hundreds of computer experts to form a cyber-army, defence secretary Philip Hammond announced over the weekend. The unit will defend vital networks against cyber-attacks and launch high-tech assaults of its own, it is claimed at the Conservative party conference. Hammond proudly announced to the true blue loyalists that while there's no cash for anyone else, Britain is spending increasing amounts on defending the great unwashed from people they are unlikely to ever meet. Hammond said that while the UK is broke, it has the fourth largest defence budget in the world and a big chunk of the cash is not being spent on cyber intelligence and surveillance. He said last year, cyber defences blocked around 400,000 advanced malicious cyber threats against the government's secure internet alone, so the threat is real. But he added that building cyber defence is not enough, as the UK also has to deter attacks. Hammond said Britain will build a dedicated capability to counterattack in cyberspace and, if necessary, to strike. He told the Wail on Sunday that clinical "cyber strikes" could disable enemy communications, nuclear and chemical weapons, planes, ships and other hardware. Hammond told the conference the government will recruit a new Joint Cyber Reserve. The "reservists" will work alongside existing experts in various government agencies such as the Ministry of Defence and the extremely unpopular GCHQ surveillance agency. His speech did not go that smoothly. Hammond was heckled by former soldiers Colonel Ian Brazier and Captain Joe Eastwood who interrupted the minister's speech to complain about cuts to regimental size. Conservative party officials escorted him from the conference building to the library where he was given a revolver and told to do the decent thing.