Breaking finance and business news, tax information, jobs and more for finance directors and senior finance professionals.

Jonathan Evans, director-general of MI5, took the unprecedented step of sending a confidential letter to 300 UK business leaders at banks, accountants and legal firms.

In the letter, quoted by The Times newspaper, Evans warns them of a co-ordinated web-based espionage campaign against the British economy, including the computer systems of banks and financial services firms.

A summary of the letter was published on the website of the Centre for the Protection of the National Infrastructure (CPNI). CPNI is formed from the merger of the National Infrastructure Security Co-ordination Centre (NISCC) and a part of MI5 (the UK's Security Service), the National Security Advice Centre (NSAC).

Designed to defeat best-practice IT security 

In the letter Evans raises concerns about the possible damage to UK business resulting from electronic attack sponsored by Chinese state organisations, and the fact that the attacks are designed to defeat best-practice IT security systems.

It adds, “The letter acknowledges the strong economic and commercial reasons to do business with China, but the need to ensure management of the risks involved.”

Prime Minister Gordon Brown is scheduled to visit China early in the New Year.

MI5 says that the threat of spying did not end with the collapse of Soviet communism in the early 1990s. Espionage against UK interests continues from many quarters.

In the past, espionage activity was typically directed towards obtaining political and military intelligence. In today's high-tech world, the intelligence requirements of a number of countries now include new communications technologies, IT, genetics, aviation, lasers, optics, electronics and many other fields.

Intelligence services, therefore, are targeting commercial enterprises far more than in the past.

Russians and Chinese of greatest concern 

The security service adds that the UK is a high priority espionage target and warns that a number of countries are actively seeking UK information and material to advance their own military, technological, political and economic programmes.

MI5 estimates that at least 20 foreign intelligence services are operating to some degree against UK interests. It says that the Russians and Chinese are of greatest concern. The number of Russian intelligence officers in London has not fallen since Soviet times, according to MI5.

It adds that the threat against UK interests is not confined to the UK itself.

“A foreign intelligence service operates best in its own country and some may therefore find it easier to target UK interests at home, where they can control the environment and where we may let our guard drop,” according to MI5.

The potential for electronic attack against computer networks is enormous. As users demand software with more features and services to improve business delivery, new opportunities for exploitation will continue to emerge.

Prevent attacks 

CPNI examines all types of electronic attack on information and process control systems that form part of the UK's critical national infrastructure. This could include malware, hacking, botnets, keystroke logging, phishing and denial of service.

It liaises with vendors about the responsible disclosure of patches for vulnerabilities discovered in their products, helping to prevent attacks that use previously unpublished vulnerabilities.

The Centre recommends that firms ensure that all systems are patched and have current, up-to-date, anti-virus software and a firewall that restricts access on to services that users need for their business, typically web and email.

Threats evolve 

The UK statistics on network growth and speeds are dramatic. Broadband access is predominantly by Asynchronous Digital Subscriber Line (ADSL) connections and these are getting faster and more widespread.

Wireless connectivity is also growing rapidly. A key implication of this unprecedented wireless connectivity is that attackers can reach systems at all times.

Threats always evolve. CPNI says that the convergence of networking and telecommunications technologies around the Internet Protocol (IP) will likely lead to vulnerabilities being discovered in any new technologies, for example telecommunications networks rely on IP.

As vendors improve the security of their products, for example by providing security update patches, so CPNI expect to see new types of software applications being targeted, such as back-up software.

Related articles

• Do you know who you are employing?
• How companies can exploit opportunities in China
• Human and financial cost of crime rises
• Banks concerned over staff breaches
• UK firms 'in denial' on economic crime
• Non-execs lose sleep over crime
• Reported business fraud soars by 42%
• Crime and punishment
• Senior level staff 'greatest fraud threat'
• UK trade in China hit by culture gap
• Chinese highflyers mix global and local
• UK firms told to check Chinese suppliers

Related links

• MI5
• Centre for the Protection of the National Infrastructure