Russia is currently channeling its cyber efforts primarily toward Ukraine, not launching significant attacks on Western nations despite increased military support for Ukraine from the US and the UK. Paul Chichester, the director of operations at the National Cyber Security Centre (NCSC), noted that Russia’s cyber operations have remained high since the start of the Ukraine conflict, mainly to bolster its military efforts in Ukraine, rather than to retaliate against Western countries.
Ciaran Martin, a former NCSC CEO and current director at the SANS Institute, highlighted that early predictions of a major cyber offensive against the West have not come true. He pointed out that while Russia has indeed targeted Ukraine with cyber capabilities, the effectiveness of these attacks is debatable. The anticipated aggressive cyber strikes against Ukraine’s Western allies simply haven’t materialized.
Shifting focus, the NCSC has been closely monitoring Chinese cyber operations, particularly one known as Salt Typhoon. This campaign has compromised major US telecom networks and put the personal data of millions at risk. Reportedly in operation for about two years, it has allowed hackers to access unencrypted communications and target sensitive information of key US officials. Chichester acknowledged that while the current threat appears more concentrated in the US, the UK is vigilant and responsive.
This year, the UK introduced the Product Security and Telecoms Infrastructure Act, imposing legal responsibilities on electronics manufacturers to enhance protection against cyber threats. Chichester emphasized that this legislation, alongside upcoming telecom security regulations, aims to minimize vulnerabilities that attackers might exploit.
Martin believes UK telecom companies and the NCSC recognize existing weaknesses in their networks. He remains optimistic about the UK’s ability to counter operations like Salt Typhoon, citing certain advantages unique to the country.
Chichester remarked that much of the tactics seen in attacks like Salt Typhoon had already been anticipated by government and industry. He explained that separating the operational and management infrastructure of telecom companies could significantly reduce risks, making it harder for attackers to succeed.
Collaboration between the UK government and telecom companies is fostering the development of robust security measures. They maintain an ongoing dialogue to identify effective strategies and technologies to thwart potential cyber attacks.
Regarding the attribution of cyber attacks to nation-states, Martin argues that disclosing the identities of known perpetrators is crucial unless there are compelling reasons not to do so. Chichester agreed, suggesting that making the attacker known helps organizations understand what they’re up against. He emphasized the importance of storytelling in communicating the cyber threat, stating that identifying attackers makes the situation more tangible for defenders.
The NCSC believes that public attribution serves multiple purposes, including fostering international coalitions and raising the stakes for those engaging in cyber attacks. While public indictments may not deter states from hacking, they still hold significant value. Martin added that when these actions are coupled with specifics about individuals responsible, they carry substantial credibility.