Russia’s cyber strategy has focused primarily on supporting its military operations in Ukraine rather than expanding its attacks against the West. Despite increasing military support from Western nations, such as the US and UK providing long-range missiles to Ukraine, Russia has not escalated its cyber warfare against these countries.
Paul Chichester, the director of operations at the National Cyber Security Centre (NCSC), emphasized that while Russian cyber operations have been ongoing, they are primarily aimed at bolstering Russia’s battlefield efforts in Ukraine, not targeting the West in response to military aid.
Before the war, there were significant predictions that Russia would launch aggressive cyber attacks against both Ukraine and its Western allies. Ciaran Martin, former CEO of NCSC, noted that while Russia had indeed targeted Ukraine with cyber attacks, their impact has been debatable.
More importantly, the expected surge of cyber attacks against Western countries has not materialized. According to Martin, these predictions have proven to be largely inaccurate, as Russia has not carried out major cyber offensives against the countries supporting Ukraine.
The NCSC has also been monitoring a different cyber threat involving Chinese hackers, known as Salt Typhoon. This hacking group has been targeting US telecoms networks, including major providers such as AT&T and Verizon.
These attacks have exposed sensitive data, including personal information of millions of individuals, and have specifically targeted senior US political figures. While the threat is largely focused on the US, British intelligence is keeping a close eye on potential impacts on the UK, though Chichester stated there is no immediate evidence of similar attacks in the UK.
In response to rising cyber threats, the UK has introduced new regulations to improve the security of electronic devices and telecom infrastructure. The Product Security and Telecoms Infrastructure Act, which came into effect this year, mandates that manufacturers protect their devices from cyber vulnerabilities.
Chichester noted that these regulations, alongside ongoing efforts by telecoms regulators like Ofcom, are designed to mitigate risks from attacks like Salt Typhoon, improving the resilience of UK networks against such threats.
The UK is also working proactively with telecoms companies to address network vulnerabilities. Martin highlighted that while UK telecoms companies and the NCSC are aware of potential weaknesses, the challenge lies in how quickly these vulnerabilities can be addressed.
Chichester explained that by implementing specific security measures and separating operational and management infrastructures, telecoms companies can reduce the risk of exploitation by attackers. These strategies aim to build resilience, even if the exact methods of attack cannot be predicted.
Attribution of cyber attacks to specific nation-state actors remains a contentious issue. Both Chichester and Martin agree on the importance of publicly attributing cyber attacks when the identity of the attacker is known. Chichester stressed that making public attributions helps organizations understand the nature of the threat and prompts them to take necessary actions.
Moreover, public attribution can be a powerful tool for increasing the political cost of cyber attacks, even if it doesn’t prevent them entirely. Martin emphasized that when attribution is accompanied by legal action, such as court indictments naming responsible individuals, it enhances the credibility and impact of the attribution.