Malware and cyber crime - Science and Technology Committee Contents


Written evidence submitted by Raytheon UK (Malware 15)

1.  EXECUTIVE SUMMARY

Raytheon UK welcomes the opportunity to feed into the Malware and Cyber Crime inquiry by the House of Commons Science & Technology Committee.

2.  COMMITTEE OBJECTIVE

"The Committee has decided to gather evidence on the impact of malware on individuals, the responsibilities of Government to aid in preventing malware infections and the economy that has grown up around this industry..."

3.  CONSULTATION QUESTIONS

(1)  What proportion of cyber-crime is associated with malware?

(2)  Where does the malware come from? Who is creating it and why?

(3)  What level of resources are associated with combating malware?

(4)  What is the cost of malware to individuals and how effective is the industry in providing protection to computer users?

(5)  Should the Government have a responsibility to deal with the spread of malware in a similar way to human disease?

(6)  How effective is the Government in co-ordinating a response to cyber-crime that uses malware?

4.  RAYTHEON UK SOLUTIONS

(1)  What proportion of cyber-crime is associated with malware?

Malware, short for malicious software, consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to system resources, and other abusive behavior. (Source Wikipedia)

Software is considered to be malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or program. (Source Wikipedia)

The total cost of Cyber Crime in the UK has been estimated at £1.9 billion. (Norton Cybercrime report 2010. Note the BBC News is reporting £27 billion loss to Cybercrime. Nearly 60% of people who reported being victims of cyber crime experienced malware and "malicious intent". (Source www.bytecrime .org).

(2)  Where does the malware come from? Who is creating it and why?

There are a multitude of sources that malware can come from, these include individual efforts, organised criminal group efforts and those sponsored by States.

Over the past few months there have been sophisticated organised attacks against some of the world's leading suppliers of secure solutions to global enterprises, as well as attacks against major consumer companies providing games and media services to large multi-national consumer bases. Second level service providers have also been targeted, with cyber criminals gaining access to the marketing service provides who maintain customer contact details and records of customer behaviour. Evidence suggests that the level (number of) and profile (numbers of users / customers being affected) of the attacks is increasing. Symantec believe that in 2008 more malware code was produced than legitimate commercial and open source code.

Malware designers can and will endeavour to mislead anyone analysing either the malware or its behaviour using decoy and beacon hosts in geographically disparate locations.

Factors are motivated by creating malware for a myriad for reasons, these include economic / financial benefit, collection of IPR, ideology and political beliefs.

As a Tier 1 defence and aerospace company, Raytheon's valuable IPR has come under attack from every day threats for the last 30 years. This has allowed Raytheon to amass a wealth of experience in protecting our critical IPR and infrastructure from the most complex and persistent threats. Recently, Raytheon has also procured a number of high profile enterprises with widely used secure solutions protecting commercial enterprises and government agencies all over the world. Amongst the acquisitions are Oakley, Trusted Computer Systems and the assets of Compucat.

(3)  What level of resources are associated with combating malware?

Raytheon cannot disclose the numbers of resources associated with combating malware. However, the Raytheon Cyber team has designed an infrastructure and operational processes rivalling that of any of the Tier 1 defence providers in the world. Raytheon has teams of analysts at multiple locations defending the company's assets from attack and analysing threats found by Raytheon and on behalf of other significant government and commercial organisations.

(4)  What is the cost of malware to individuals and how effective is the industry in providing protection to computer users?

The cost of malware to individuals can be measured by the estimated number of days taken to resolve an attack. Studies have shown that on average the resolution of an attack requires 28 hours. If the hourly rate of $30.00 USD is applied, then each attack costs an average of $840.00 USD or around $1000.00 USD to resolve. (This calculation is available on the Internet.)

Commercial industry companies providing anti-virus solutions to the mass market are thought to be around 70% effective against viruses and malware. It is ironic that the very act of issuing patches to the mass market alerts the malware designers that their code has been nullified and begins another cycle of malware development.

(5)  Should the Government have a responsibility to deal with the spread of malware in a similar way to human disease?

The Cyber threat, sometimes described as the Advance Persistent Threat is now considered to be one of the most serious security threats facing the UK—it has been categorised as a tier 1 threat by the National Security Council. The dependence on software and IT for critical infrastructure elements (eg the national grid, power stations and the public services) means that hostile states or organisation need only mount a concerted organised cyber attack to potentially damage another States economy or infrastructure. In this respect it is critical that the Government does take responsibility for educating the wider public on the consequences of malware and how to detect and deal with it.

Although malware spread in a similar manner to contagious diseases the analogy does not work well with the containment of the spread of diseases. Yes, there can be a warning and reporting process (WARP) to alert to incidents and alerts but malware mitigation is achieved by good housekeeping. If the government were to have a responsibility, it would be to inform and educate the public on cyber security and good information security management.

The Communications Service Providers currently collaborate to share information on threat actors, to ensure that the risk to customers (Public and Private) and the national network are minimised. This model could be implemented between the government and the cyber industry.

(6)  How effective is the Government in co-ordinating a response to cyber-crime that uses malware?

Many different parts of government and agencies are now working to support cyber security efforts. The government needs to show a streamlined approach on the initiatives it is implementing and how clear authority on roles and responsibilities.

Raytheon Company is not only working to protect its infrastructure and systems but is working to educate and inform its employees about information security. Raytheon's Cyber Operations Training empowers individuals and organisations with the knowledge and confidence to excel at cyber defence, attack and exploitation. Within Raytheon we have the professional training skills and Subject Matter Experts (SMEs) with up to date operational experience to deliver bespoke education and training in a variety of blended packages. By using virtual classrooms, Computer Based Training (CBT) and traditional classroom based activities, employees are kept informed of how to detect, identify and respond to malwares as quickly as possible.

September 2011


 
previous page contents next page


© Parliamentary copyright 2012
Prepared 2 February 2012