A cyber attack by one state on another could be considered an “act of war”, Tony Blair’s former top national security adviser has said.Sir Richard Mottram told a House of Lords inquiry new “laws of war” were needed to cope with such a threat.He also criticised the EU after the multi-million pound theft of carbon credits, saying its apparent lack of cyber security “took my breath away”.It comes amid claims the threat of cyber war is being exaggerated.Earlier this month, Foreign Secretary William Hague called for countries to come together to agree a set of rules to prevent cyber war.He revealed that the Foreign Office IT system had come under attack from a ”hostile state intelligence agency” as recently as January.Sir Richard, a former top civil servant at several government departments, who ended his Whitehall career in 2007 as chairman of the Joint Intelligence Committee, appeared to back Mr Hague’s call for new international rules in evidence to the Lords EU sub-commitee on Home Affairs.“Could a cyber attack constitute an act of war? Absolutely. If you could establish who had done it of course… is it feasible to imagine laws of war that could apply in relation to cyber attack? Answer – it is feasible,” said Sir Richard, who was also in charge of the previous government’s counter-terrorism strategy.He was also asked for his reaction to the theft last month of 7m euros (£5.9m) of emission permits from the European Commission’s carbon trading system.According to the Financial Times, it was believed to have been the work of computer hackers who used a hoax bomb threat to get a building in Prague evacuated before stealing codes and allowances from computers.The allowances could be sold on the open market for “millions of euros” before anyone would have noticed, the newspaper said.It said there have been at least six attacks on operators of the EU emissions trading system in eastern and central Europe in the past three months – with thieves taking more than 50 million euros – before trading was suspended.
Asked if he had confidence in the EU’s cyber security systems following these incidents, Sir Richard said: “I wouldn’t have generalised confidence in those systems – no.”He said the Prague incident, in particular, highlighted the vulnerability of EU-wide computer systems.”These are all systems issues where people seek out the weakest point. So it’s no use the UK having the most fabulous security, which I don’t suggest it has, but it has in many areas adequate security, if it is also sharing information with others who aren’t anywhere near our level,” he said.Commenting specifically on the carbon credits theft, he said: “They (the EU) don’t seem to have realised until quite recently that they were an attractive target, which rather took my breath away.”Committee chairman, crossbench peer Lord Hannay, also criticised the EU’s cyber security systems following the Prague incident.”We have asked the government to give us the best knowledge they have about what happened in this case.
“But I think it is pretty clear that cyber security is inadequate both in a number of the national offices that run the emission trading scheme and in Brussels.”That would not be a particularly surprising discovery but it does have important implications for the need for the EU to do something about its own security, its own institutions’ security, as well as looking into the wider issue of all the member states.”The Lords EU Home Affairs sub-committee is investigating the EU’s internal security strategy.It comes as one of Britain’s leading cyber security experts, BT’s head of security Bruce Schneier, told BBC News the threat of cyber war had been exaggerated and was based on only a handful of incidents around the world.His view appeared to be backed by Howard Schmidt, cyber security co-ordinator for the White House, who called for an end to the use of inflammatory language when talking about internet security.”Cyber war is a turbo metaphor that does not address the issues we are looking at like cyber espionage, cyber crime, identity theft, credit card fraud,” he told reporters at a conference in San Francisco – BBC