George Osborne claimed ISIS is building the ability to launch damaging cyberattacks against UK infrastructure as he announced the latest of a series of new UK national security measures on Tuesday in the wake of Friday's attacks on Paris.
In a speech delivered at the UK's GCHQ spy agency, the chancellor of the exchequer sought to connect the Paris attacks with his new "National Cyber Plan".
"This was an assault not just on the people of France but on all of us who value freedom and democracy," he told the assembled audience of intelligence officials and contractors.
"We stand with the people of France. We know we must act as one, just as our enemies see us as one."
Osborne then repeated an announcement made by the prime minister on Monday that – in contrast to other government bodies, including the police – the UK's intelligence agencies would receive extra funding and an additional 1,900 staff to handle the threat of terrorism.
He then warned of the threat posed to the UK from cyberattackers – not just loss of data or internet service, he said, but potentially damage of infrastructure or even loss of life if hospitals or other critical infrastructure were attacked.
Osborne made no mention of China or Russia – traditionally seen by the UK's intelligence agencies as the primary cyberattackers against the US and UK – but did warn that ISIS "want" to be able to launch cyberattacks.
"Let's be clear: ISIL are already using the internet for hideous propaganda purposes, for radicalisation, for operational planning too," he said. "They have not so far been able to use it to kill people by attacking our infrastructure through cyberattack. They do not yet have that capability.
"But we know they want it, and we know they're doing their best to build it. So when we talk about tackling ISIL that means tackling their cyber threat, as well as the threat of their bombs, and their guns, and their knives."
Osborne said his national cyber plan would build "active defence", improve education of cyber issues, and simplify the "alphabet soup" of UK agencies tackling the problem.
Most significantly, he said the UK would build a deterrence strategy to scare off would-be attackers, including ISIS.
"Strong defences are necessary for our long-term security, but the capacity to attack is also a form of defence," he said. "We need to not only defend ourselves against attack, but dissuade people and states from targeting us in the first place."
He added: "Part of establishing deterrence will be making sure that whoever attacks us will know we are able to hit back."
Retaliating against cyberattacks is notoriously difficult and legally fraught, as attackers often mask their actions through other targets they have hacked – which can be anything from networks of home computers scattered across the world, meaning retaliation risks hitting home internet users in the UK.
At the highest end of sophistication is a national attacker compromising key servers of one country and using them to attack a third – in the hope of sparking a chain of retaliation between the two nations.
The UK rarely discusses any offensive cyber capabilities of its intelligence agencies, but some details of these longstanding capabilities emerged through documents leaked by Edward Snowden, while in 2011 then foreign secretary William Hague warned the UK would strike against would-be cyberattackers in an intervention similar to Osborne's this week.
Osborne also spoke of the importance of making sure intelligence agencies had the capability to access all the information they would wish to in order to thwart terror plots, speaking about new legislation the government announced last month.
"Through the investigatory powers bill the government and parliament will make sure the security agencies and the police have the powers they need to access vital intelligence about the intentions and the activities of those who wish us harm," he said.
The bill, the UK's most radical overhaul of surveillance laws in more than a decade, codifies and expands the surveillance powers of the UK's intelligence agencies, while reforming the oversight regime governing them.
In the wake of the Paris attacks some, including shadow home secretary Andy Burnham, appeared to call for the law's passage to be expedited, but in a Commons statement on Monday home secretary Theresa May rejected such calls, saying the bill needed enough time for proper discussion.
The decision was welcomed by experts from across the surveillance debate. Jamie Bartlett, a self-described "moderate" on surveillance from the think-tank Demos, said terrorism was often used to help surveillance legislation "sail through".
"There's been a feeling in the Home Office that if they say it [surveillance legislation] is about terrorism then it'll sail through the Commons," he said. "I'm not convinced the investigatory powers bill is all about stopping terrorist attacks. That's part of the argument in public, but part is helping to build prosecution cases in serious and organised crime. It's not always about foiling plots."
Bartlett said he was wary of bids to "future-proof" laws so MPs don't need to regularly consider the UK's surveillance framework.
"In something as fast-moving as this, you do need to frequently revisit the law," he said. "We've known about the risk of this type of threat for some time. ... The fact one has been successful shouldn't change that. It's so serious and there's been so much thought intro the processes that I think we should stick to that timetable."
Professor Anthony Glees said he thought "the case has been made" by the Paris attacker for more permissive communications interception, and the British public understand and support that "to have acceptable standards of national security some individual privacy must be sacrificed".
Glees agreed with May on the law's progress through parliament, however.
"I don't think expedition is necessary," he said. "Obviously we need a new law in place when the existing one lapses. But we should not be dealing with as the French are doing – as a state of national emergency. Sensible intelligence-led activity is simply appropriate to the IT age; it's fighting a 21st-century problem, jihadism, with a 21st-century remedy."
Heather Brooke, a transparency and FOI campaigner who sat on the board of one of three intelligence reviews that contributed evidence to the UK's new bill, warned against an "emotional reaction" in the wake of the Paris attack.
"This is similar to what happened after 9/11," said Brooke, who holds dual UK and US citizenship. "There was a terrorist attack, and during the emotional reaction laws were passed which constructed a surveillance state. And then they had the 9/11 Commission which found that wasn't the problem at all – they'd had the intelligence, but it was fragmented between the agencies.
"It can actually make it harder if you collect tonnes and tonnes of information. If you generate too many suspects, it's increasingly hard to tell which are genuinely of concern. In so many cases, that real intelligence comes from human sources, not from trawling WhatsApp."
In the wake of the Paris attack, some – including former CIA chief John Brennan – have warned that terrorists "going dark" in the wake of the Snowden revelations may have been a factor in the attacks, though one attacker was known to French police as an extremist, Turkish intelligence claim they twice warned France about another suspect, and Western intelligence agencies were monitoring a third suspect.