Russian state-sponsored groups likely to target UK

The attempted murder of former Russian spy Sergei Skripal and his daughter in Salisbury on 4 March has been widely attributed to Russia – not least by the UK government.

Confirming that the nerve agent used was Novichok, which was developed by the Soviet Union, British Prime Minister Theresa May announced to Parliament on 12 March that the attack constituted “an unlawful use of force by the Russian state against the United Kingdom”, claiming that it was either sanctioned by the Russian state or that Moscow had somehow lost control of its chemical weapon. She went on to demand an explanation from the Kremlin by midnight today (13 March).

Russia, for its part, has predictably denied any knowledge of the attack, dismissing the UK’s accusations as “a fairytale”. It seems unlikely, then, that any admission of guilt or apology will be forthcoming.

The UK government is now believed to be preparing to retaliate against the attempted assassination. The measures that can be realistically taken have already led to a high level of debate, with suggestions ranging from demanding NATO support in reacting to an attack against a member state through to withdrawing the England team from this summer’s Russia-based World Cup. It is worth noting that the government’s response to the murder by polonium of Alexander Litvinenko in 2006 was generally viewed as inadequate, at best.

Following May’s statement in the Commons, several commentators raised the possibility of launching offensive cyber attacks against Russia. While there is no question of the ability of the UK to inflict significant damage on Russian infrastructure, the real danger here lies in retaliatory attacks, which would likely target critical infrastructure in the UK.

Offensive cyber warfare is nothing new for Moscow. As far back as 2007, in response to disputes involving a WWII statue in Tallinn, a large-scale attack was launched against Estonia; in 2008 Georgia was targeted, again for political reasons.
In 2015, during the conflict over Crimea, Ukrainian energy supplier UkrEnergo was hit by a huge outage that left 230,000 people without power; the attack, using BlackEnergy malware, was blamed on the Russian government. Further attacks on infrastructure in Ukraine took place in December 2016, when a power station was hit. This time it was believed the attacks had been launched in response to news that the Ukrainian parliament had been considering nationalising the energy companies, which are partly owned by Russian oligarchs. This offered yet another example of Moscow using cyber warfare techniques for the achievement of its political goals.

Most recently, Russia has been accused of carrying out a range of propaganda attacks aimed at influencing election results in the US, the UK and in several other European countries.

The attacks on the UK which might now be launched - whether pre-empting or responding to threats or actions carried out by the British government - are likely to be targeted very specifically at critical infrastructure such as telecommunications, transportation and power in the first instance, with the financial sector also at high risk.

With the threat of highly damaging cyber attacks on the UK a real possibility, companies are advised to ensure their daily monitoring includes ensuring that they have an effective patch strategy in place, and that they utilise threat intelligence to keep them informed of the latest issues.