UK intelligence officials today reiterated previous calls for UK organisations to take rational, sensible steps to secure their infrastructure against possible intrusions from actors backed by the Russian state, but said they are still not aware of any imminent Russian cyber threat to critical national infrastructure (CNI) or other organisations.
This follows a massive escalation in the Ukraine crisis, which on Monday saw Russian leader Vladimir Putin recognise as independent states two regions of Ukraine that are under separatist control and ordered troops into the area – an act that has significantly increased the chance of war breaking out.
As the crisis has developed over the past few weeks, the security community has been at the forefront of warnings that Russian state advanced persistent threat (APT) groups would ramp up their attacks, but as yet, only organisations within Ukraine are known to have been hit.
“While we are tracking the threat closely, we are not aware of any current specific threats to UK organisations in relation to events in and around Ukraine,” a Western intelligence official said. “This is a moment of heightened international tension where we are asking people to pay particular attention to their cyber security, as we have for some time – the UK is a regular target of Russian cyber activity.”
Noting the dire consequences of the spillover from the 2017 NotPetya incident, the official added: “Organisations really do need to be prepared, frankly more than we think they necessarily currently are.”
Among the steps that security teams should consider are to focus on keeping their software and systems up to date, paying increased attention to logging, so they can see what is happening on the network, and shoring up identity and access management (IAM) defences.
So far, the intelligence community believes the attacks that have been linked to the Ukraine crisis are consistent with previous patterns of activity drawn from a standard Russian playbook similar to that used against other targets of Putin’s aggression, such as Georgia.
Also, there is no indication yet of any novel malwares, zero-days or other novel forms of tradecraft being deployed, although Computer Weekly understands that if the authorities were to become aware of anything new, they would likely take steps to publicise it very quickly. This reflects the current Western intelligence strategy of being more transparent than usual with regard to disclosing Russian activity.
Nor are there thought to be any immediate plans for the UK’s recently established National Cyber Force (NCF) to conduct any offensive cyber attacks against targets within Russia or Ukraine, although speaking in the House of Commons, defence secretary Ben Wallace said earlier this week that the new unit could be pushed into service.
“I cannot comment on the operations that it will undertake, but I am a soldier, and I was always taught that the best part of defence is offence,” said Wallace, responding to an MP’s question.
Were the UK to conduct offensive cyber operations against Russia, officials are clear that the NCF – under whose remit such an operation would fall – would be at pains not to escalate, but to use cyber attacks as a form of deterrent, which is in line with government ambitions for the UK to be perceived as a “responsible cyber power”.