Russian government-backed cyber aggression is heightening concerns from the west following a spate of high-profile incidents, prompting threats of countermeasures from the likes of Nato, the EU and UK.
“Cyber threats to the security of our alliance are becoming more frequent, more complex and more destructive,” Jens Stoltenberg, Nato’s secretary-general, wrote this month, warning that such threats emanated “from state and non-state actors, from close to home and the other side of the world”. The sole “state actor” named by Mr Stoltenberg was Russia.
Concerns over online aggression were fuelled in July when investigative journalists and other experts probing Russian intelligence activities had their email accounts attacked. Although ultimately unsuccessful, the attempted hack of Swiss-based ProtonMail accounts — used to share sensitive information related to probes of Moscow’s GRU military intelligence directorate — refocused global attention on Russian cyber aggression.
“We face a determined, aggressive Russia, seeking traditional political advantage by new, high-tech means,” Ciaran Martin, chief executive of the UK’s National Cyber Security Centre (NCSC), said last month. Mr Martin added that cyber threats from China, Iran and North Korea “have been a constant over the past few years”.
UK authorities last year exposed “a campaign by the GRU . . . of indiscriminate and reckless cyber attacks targeting political institutions, businesses, media and sport”, affecting a large number of countries, including Russia, according to the Foreign Office and the NCSC.
Mike Beck, global head of threat analysis at cyber group Darktrace, says Russia’s cyber policy has switched, from information gathering to offensives and disrupting important industries.
“When the International Olympic Committee looked at evidence of Russian doping, the Russian state response was to hack the World Anti-Doping Agency and release information on other countries’ athletes,” says Mr Beck.
To counter the heightened cyber threats, the UK’s ministry of defence in August announced the creation of a new army unit to focus on “intelligence, counter-intelligence, information operations, electronic warfare, cyber and unconventional warfare”.
The EU said in June that it would conduct war-games to prepare for any cyber attacks, signalling the bloc’s determination to increase co-operation against Russian and Chinese meddling. This would involve finance and home affairs ministries simulating everything from fake news to data theft to hacking into the operational technology of critical national infrastructure.
Nato’s Mr Stoltenberg noted that a serious cyber incident from a hostile state could prompt swift retaliatory action under the alliance’s Article 5 collective defence commitment, where an attack against one ally is treated as an attack against all members. The article has been invoked only once, after the terrorist attacks on the US in 2001 which led to Nato supporting the invasion of Afghanistan.
Other moves to counter aggression include the EU’s cyber sanctions regime — signed off in May — which issues penalties including travel bans and asset freezes against individuals found to have been involved in cyber incidents.
Russia, however, seems unperturbed by such developments and possible penalties, denying involvement.
Russia’s ministry of foreign affairs dismissed the UK’s creation of a new army cyber unit, noting that the threats were “imaginary” and said the move demonstrated “the UK’s anti-Russian policy”.
Andrei Krutskikh, international cyber security adviser to Russian president Vladimir Putin, in June told the UN’s Open-ended Working Group on Cyber Security: “The greatest danger is that incidents online can lead to a full-scale war offline. The doctrine of so-called preventive cyber strikes promoted by a number of countries poses a real threat to international peace and security.”
Robert Hannigan, chairman of cyber security group BlueVoyant and a former director of GCHQ, the UK’s electronic surveillance agency, says Russian denials of foreign cyber attacks are disingenuous.
“For years UK policy was not to attribute anything to any state — Russia, China, North Korea or whoever,” says Mr Hannigan. “That was a mistake. Policy changed around 2017-18 when there were big ransomware attacks. After that the government decided it was time to call out Russia’s behaviour.
“It is true that every sophisticated nation has been involved in espionage over the years. People thought it was entirely normal for the Russians to be spying on political parties during the US presidential campaign in 2016. What was different was that they decided to publish all those emails and actively intervene in the election. It was the weaponisation of that information that made it different.”
Get alerts on Cyber warfare when a new story is published