Government and military computer systems in the West are coming under sustained attack from China and other countries, a major new study warns.
Internet security company McAfee's closely-read annual Virtual Criminology Report, which draws on interviews with senior staff at organizations including Britain's Serious Organized Crime Agency, NATO and the FBI, says that the world has entered a "cyber cold war" in which Web-based espionage poses the biggest threat to national security.
It envisages a future where rogue governments and criminal gangs regularly target the computer systems that run electricity, air traffic control, financial markets and governmental computer networks.
Dr. Ian Brown of Oxford University, one of the report's authors, said: "We know that U.K. computer networks have been probed by China. The means to carry out 'cyber-warfare' have been under development for years. Now is the first time that we are seeing states flex their muscles."
Brown added that computer programs traced back to China have been found trying to crack British government passwords and attempting to uncover weak spots in the nation's IT infrastructure.
The Center for the Protection of National Infrastructure, one of several U.K. bodies charged with protecting the country's computer systems, has described the threat posed by attacks on government networks as "enormous."
A sense of what future cyber-wars could entail was given earlier this year when Estonia was the target of a massive "denial-of-service" attack that bombarded the country's education, banking and government networks with requests for information and crashed them.
Experts are especially concerned that the attackers, believed to be based in Russia, appear to have stopped of their own volition rather than being shut down.
McAfee's report, released Thursday, identifies China as the country most active in Internet-enabled spying operations and attacks but says 120 other countries are using the same techniques.
Defense departments across the globe are already rewriting manuals for a future of digital warfare. The U.S. alone has recorded 37,000 attempted breaches of government and private systems in 2007 , and a new unit at the U.S. Air Force, staffed by 40,000 people, has been set up to prepare for "cyber-war."
On Tuesday, Andrew Palowitch, a senior adviser to the Pentagon, said that military officials had conceded that attacks had reduced the U.S. military's operational capability.
NATO said that all 26 of its member countries have been targeted by some form of cyber-attack, and that the threat posed to national infrastructure was now so serious that more than 10 of its own agencies were working to protect against further incidents.
Officials were reluctant to point the finger at individual governments, but said "state parties" were suspected.
"The definition of security is changing," a NATO official said. "National infrastructure is critical — politically, economically and commercially, and now that we know these kinds of attacks are happening, there is an increasing push to give the issue a higher profile on the political level."
The British government has been criticized for not paying sufficient attention to computer-based threats since merging the National Hi Tech Crime Unit with the Serious Organized Crime Agency.
Member of Parliament James Brokenshire, the opposition Conservative Party's spokesman on e-crime, said in a statement that "The Government remains in denial over the seriousness of the situation. Specific funding for computer crime teams was cut off by the Home Office earlier this year, and the Government's latest crime law doesn't even define computer misuse offenses as serious, when salmon poaching apparently is."
The Virtual Criminology Report found that attacks "have progressed from initial curiosity probes to well-funded and well organized operations for political, military, economic and technical espionage."
McAfee research head Jeff Green said, "Cybercrime has evolved significantly and is no longer just a threat to industry and individuals but increasingly to national security.
"We're seeing emerging threats from increasingly sophisticated groups attacking organizations around the world," Green continued. "Technology is only part of the solution, and over the next five years we will start to see international governments take action."