UK must be able to 'retaliate in kind' to state-backed cyber-attacks - Philip Hammond
The UK will "retaliate in kind" to any state-backed cyber-attack, Philip Hammond has said amid warnings about Russian-sponsored hackers.
The Chancellor warned that "rogue states" and other online threats were seeking to target the UK's infrastructure such as power grids and air traffic control, as well as trying to carry out industrial espionage.
Launching the Government's new national cyber security strategy, Mr Hammond said investment in "offensive" capabilities would help deter other countries from targeting the UK.
Mr Hammond warned that failure to develop the UK's ability to launch its own cyber-attacks would leave the country either not responding to any damaging online assault or having to resort to military action.
His comments came after MI5 director general Andrew Parker used a Guardian interview to warn that Russia "is using its whole range of state organs and powers to push its foreign policy abroad in increasingly aggressive ways - involving propaganda, espionage, subversion and cyber-attacks".
The Chancellor did not mention Russia by name during his speech at a technology conference in London, but he highlighted attacks on French broadcaster TV5 Monde and Ukraine's power grid - both of which security experts have suggested were carried out by Moscow-backed hackers.
Outlining the five-year strategy, supported by £1.9 billion of funding, the Chancellor said the UK needed a "fully functioning and operational cyber counter-attack capability".
Mr Hammond said: "We will deter those who seek to steal from us, threaten us or otherwise harm our interests in cyberspace.
"We are strengthening our law enforcement capabilities to raise the cost and reduce the rewards of cyber criminality, ensuring we can track, apprehend and prosecute those who commit cyber crimes.
"And we will continue to invest in our offensive cyber capabilities because the ability to detect, trace and retaliate in kind is likely to be the best deterrent.
"A small number of hostile foreign actors have developed and deployed hostile cyber capabilities, including destructive ones.
"These capabilities threaten the security of the UK's critical national infrastructure and their industrial control systems.
"If we do not have the ability to respond in cyberspace to an attack which takes down our power networks, leaving us in darkness, or hits our air traffic control system, grounding our planes, we would be left with the impossible choice of turning the other cheek and ignoring the devastating consequences or resorting to a military response.
"That is a choice we do not want to face and a choice we do not want to leave as a legacy to our successors.
"That is why we need to develop a fully functioning and operational cyber counter-attack capability."
Mr Hammond said that as a former foreign secretary, responsible for GCHQ, he had seen the "full extent" of the threats against the UK.
They included "threats to our data, to our IP (intellectual property), to our military secrets, to our financial information and perhaps most of all to our infrastructure itself".
"All of those areas are targets for our adversaries," he warned.
The new strategy also aims to address concerns about the vulnerability of the so-called "internet of things" - networked devices including household appliances.
Experts have warned that many of those devices feature little in the way of security, making them easy targets for hackers, potentially opening a way into networks.
Mr Hammond said the UK had a "duty" to demonstrate that cyber attackers could not act with impunity.
"We will not only defend ourselves in cyberspace, we will strike back in kind when we are attacked," he said.
Moscow has rejected British suggestions that it is responsible for cyber-attacks.
Kremlin spokesman Dmitry Peskov said Mr Parker's words "do not correspond to the reality" and no evidence had been provided of Russian links to online attacks.
The UK's National Security Strategy, published last year, categorised the threat of cyber-attack as a tier one risk - the same as terrorism and global instability.
Unveiling the new strategy, ministers warned how vulnerable society is to online attack thanks to the expanding range of connected devices, the continued use of old IT systems by many organisations in the UK and the ready availability of hacking tools.
The new plan involves:
:: Strengthening the Government's own defences and helping industry protect critical national infrastructure such as transport networks and power stations
:: Investing tens of millions in law enforcement to target cyber crime
:: A new cyber security research institute bringing together UK universities to improve the defences of smartphones, tablets and laptops, potentially making password protection obsolete
The Chancellor said he wanted the UK to be "the most secure cyber environment anywhere" for the UK to take advantage of the economic benefits of the "fourth industrial revolution".
Under the plans, he said, "Government, business, security agencies and academia work together to defeat the hackers and the phishers, the criminals and the rogue states".