Al-Qaeda lacks expertise for cyberwar, expert tells MPs
Al-Qaeda lacks the technical expertise to sabotage Britain's national power and water systems, a cyber-security expert has told a committee of MPs.
Asked why a cyber-attack had never been launched on such assets, Thomas Rid said: "Al-Qaeda are too stupid and China doesn't want to do it."
China denies state-backed hacking and says it is, rather, a victim of it.
Dr Rid, a reader in war studies at King's College, London, was briefing the Public Accounts Committee.
He said Britain's critical infrastructure was vulnerable to disruption at sites where industrial control systems were linked to the internet.
In some cases, the owners of the equipment might not know it is capable of being connected to the internet or, if it was installed some years ago when cybersecurity was less important, it might not be adequately protected from attack, he told the MPs.
'Skills and intelligence'
But although cybersecurity was a rapidly changing field, his assessment was that terror groups did not currently have the expertise required to disrupt key public services.
"It requires intelligence about the targets you are trying to penetrate.
"And then it is not just enough to switch off the systems through a software attack, but you actually have to reprogram the system in order to modify outcome parameters and that is much more difficult. You need to know what you are doing.
"You need skills and intelligence. Right now militants don't have that."
Dr Rid, who has hit back at warnings from military experts about the risk of cyberwarfare in the past, said it was important to distinguish between sabotage and espionage.
"Let's put it this way, people in China have a commercial interest in stealing information from Western companies.
"They don't have a commercial interest in breaking anything. So they want to steal stuff, but they don't want to break stuff because, after all, they are part of the same economy."
Cabinet Office Minister Francis Maude warned last year against the threats to British interests from "hostile foreign states and others".
In 2011, the British government launched a £650m National Cyber Security Programme, the latest phase of which was unveiled this week by security minister James Brokenshire..
The government has also issued advice to senior business leaders about how to combat the threat of electronic espionage.
Britain's major banks now share information on attempted cyber-attacks and hold regular meetings with officials from the UK's secret listening post GCHQ, the Public Accounts Committee was told.
But British officials have been reluctant to point the finger at China or any other foreign state suspected of being behind the attacks - in contrast to increasingly strident comments from Washington.
On Wednesday, President Barack Obama said he had made clear to Beijing and "some other state actors" that the US expect them to abide by international rules.
"We have seen a steady ramping up of cybersecurity threats," said Mr Obama in a television interview. "Some are state sponsored, some are just sponsored by criminals."
Last month, a US cybersecurity firm said a secretive branch of China's military was probably one of the world's "most prolific cyber-espionage groups", believed to have stolen hundreds of terabytes of data from at least 141 organisations around the world.