Leaders of national cyber security agencies addressed CYBERUK 2022 today, telling of the most remarkable learnings from the war between Russia and Ukraine, with one fearing that it could inform a blueprint for cyber warfare in the future.
“We all understood that [the war in Ukraine] was going to be the first exercise and integration of cyber [attacks] with kinetic effects,” said Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC). “Our concern was that others would be watching this playbook for the purpose of learning from its highs and lows, and fine-tuning that."
Asked what he would take away from observing the war in Ukraine from the perspective of cyber warfare strategy, Paul Chichester, director of operations at the UK’s National Cyber Security Centre (NCSC), said the key theme is resilience and getting the basics right.
“Resilience is the answer, and you can see, the Russians have been making the Ukrainians match fit for the last six years,” he said. “So through that lens, if you look at the amazing work the Ukrainians have done and the support they've had, I think that's played into it as well.
“If you really focus on the basics, and you focus on the resilience side, and you build your defences, and you focus more on yourself and less than your adversary, actually, that plays much to your favour, when perhaps you find yourself faced with that conflict. I think, very much, resilience is the line that we would draw from this.”
GCHQ director Sir Jeremy Fleming opened proceedings with a speech partially themed around the conflict in Ukraine and said the so-called cyber war that the industry expected to break out was somewhat “overblown”.
However, Sir Jeremy said there was still abroad range of activity that has taken place in the region and Ukraine’s cyber security capabilities were highly effective in stifling Russia’s attempts in cyber space.
Security awareness training strategies for account takeover protection
Why you need an inside-the-perimeter strategy for internal threats
The NCSC “has seen what looks like” activity that has spilt over into other countries as Russian operatives continue to target those who oppose its actions.
Later in the day, news broke that the UK officially attributed the cyber attacks on Ukraine in the early stages of the invasion - the attacks on government websites and on Viasat - to Russia.
Lindy Cameron, CEO at the NCSC, told members of the press that this is a prime example of the spillover from cyber attacks Sir Jeremy alluded to earlier in the day.
Fears of spillover effects of cyber attacks were first voiced by the NCSC earlier this year. There is a historical precedent for Russian-linked cyber attacks directed at Ukraine impacting the wider Western world.
The NotPetya attack in 2017, for example, crippled systems not only in Ukraine but wider into the West and even some reported cases in Russia too.
Cameron also said the level of spillover is not as significant as that seen in the 2017 malware attacks.
“This is the clearest example we've seen so far of [spillover] happening and therefore reinforcing our messages about the importance of raising resilience,” she said.
The unprecedented rise in hacktivism was another notable takeaway for the experts addressing delegates, with both Cameron and Juhan Lepassaar, executive director at ENISA, saying the activity by the likes of the IT Army of Ukraine was “a concern”.
Given that hacktivism is still hacking - a crime - Cameron said “we would like to see people sticking to the rules, but it’s understandable."
