The Parliament's Intelligence and Security Committee (ISC) today released its much-anticipated report on Russian activities targeting the UK, stating that Russia has consistently been using disinformation as a means to influence elections, create an atmosphere of distrust, and to promote its foreign policy objectives.
The committee took cognizance of GCHQ's assessment of Russia's intent, stating that Russia is a highly capable cyber actor with a proven capability to carry out operations which can deliver a range of impacts across any sector, including many nations' Critical National Infrastructure (CNI) as well as political institutions.
GCHQ told the Committee that there is “a quite considerable balance of intelligence now which shows the links between serious and organised crime groups and Russian state activity” and that there is a symbiotic relationship between organised crime groups, Russian intelligence, and the Russian state.
"Russia’s cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security," the committee's report read.
ISC recommended that the government must develop and sharpen its Offensive Cyber capability, must identify and lay blame on the perpetrators of cyber attacks (attribution), and that incident response capabilities of the government against the Russian cyber threat must be coordinated with various departments complementing each other.
"Accountability is an issue in particular – whilst the Foreign Secretary has responsibility for the NCSC, which is responsible for incident response, the Home Secretary leads on the response to major cyber incidents. Indeed, there are a number of other Ministers with some form of responsibility for cyber – the Defence Secretary has overall responsibility for Offensive Cyber as a ‘warfighting tool’ and for the National Offensive Cyber Programme, while the Secretary of State for the Department for Digital, Culture, Media and Sport (DCMS) leads on digital matters, with the Chancellor of the Duchy of Lancaster being responsible for the National Cyber Security Strategy and the National Cyber Security Programme. It makes for an unnecessarily complicated wiring diagram of responsibilities;
this should be kept under review by the National Security Council (NSC)," it noted.
The UK must develop an international approach to attribute malicious cyber activity by Russia
However, ISC complimented the government for taking a more assertive approach against the Russian cyber threat in the form of publicly blaming Russia for carrying out disinformation campaigns and cyber operations targeting UK organisations- such as in the aftermath of the Salisbury incident.
It also noted that the Ministry of Defence and GCHQ are now serious about developing the UK's offensive cyber capability with clear lines of accountability. GCHQ is now planning to broaden its recruitment base, with a shift towards recruiting on aptitude rather than on pre-existing skills.
At the same time, Defence Intelligence is also working towards ensuring that military personnel remain in cyber roles for longer than the current one to two years so as to preserve and enhance corporate knowledge and experience in cyber affairs. Alongside these steps, ISC also called for the UK to leverage its diplomatic relationships to develop a common international approach when it comes to the attribution of malicious cyber activity by Russia and others.
"It is clear there is now a pressing requirement for the introduction of a doctrine, or set of protocols, to ensure that there is a common approach to Offensive Cyber. While the UN has agreed that international law, and in particular the UN Charter, applies in cyberspace, there is still a need for a greater global understanding of how this should work in practice.
"It is imperative that there are now tangible developments in this area in light of the increasing threat from Russia (and others, including China, Iran and the Democratic People’s Republic of Korea). Achieving a consensus on this common approach will be a challenging process, but as a leading proponent of the Rules-Based International Order it is essential that the UK helps to promote and shape Rules of Engagement, working with our allies," the committee added.
"In light of the information uncovered by the Russia report, UK enterprises and governmental agencies should ensure that their existing security practices are enforced to the letter. State-sponsored cyber-attacks are typically very well-resourced and can be planned in advance for months before they are executed. Education of staff is critical, as humans are often the weakest link in any security chain," said Michael Barragry, operations lead at Edgescan.
"As far as tackling disinformation is concerned, unfortunately, there is a high dependency on the big tech platforms here. Articles can be shared and spread easily across social media, and can be given fake boosts in visibility with bot-farms of likes and upvotes. The lines between protecting the population and censorship can become quite blurred," he added.
According to Tony Cole, CTO at Attivo Networks, it's been clear for a number of years that the Russians have every intention to continue their efforts to undermine the fabric of Western society. They do this by focusing on a non-stop flow of disinformation campaigns in their targeted countries to sow disinformation to undermine free society foundations and especially hamper free and fair elections.
"Countries should have a structure in place to strike back in a fair and meaningful manner through offensive cyber actions. This structure should be focused inside government and not allow individual companies to retaliate when impacted by Russian campaigns (or any other country). Calling out Russia publicly has had little effect on them outside of sanctions and even the latter doesn’t seem to curtail this activity. Hitting them in cyberspace where it’s impactful to their society and could help counter Putin’s government is where attention is needed.
"Organisations attempting to thwart activity from Russia and other nation-states need to step up their game where they detect malicious activity inside their enterprises in quick fashion. Public Service Announcements across media and social media could also help educate the public and help counter disinformation campaigns from foreign sources. It is quite clear that significant action must be taken before foreign efforts to undermine western society have a long-term effect,” he added.
Army chief to call for additional defence spending to tackle Russia’s cyber warfare
MoD raises first Cyber Regiment to secure defence networks from cyber threats