WWW.COMPUTERWEEKLY.COM
Russia focuses cyber attacks on Ukraine rather than West despite rising tension
Russia is focusing its cyber attacks against Ukraine, rather than stepping up its attacks against the West in response to decisions by the US and the UK to allow Ukraine to use long-range missiles on Russian territory.In an interview with Computer Weekly, Paul Chichester, the director of operations of the National Cyber Security Centre (NCSC), part of the Government Communications Headquarters (GCHQ), said that Russia had not used cyber attacks to respond tactically against increasing military support for Ukraine.Russian cyber operations have been at a high level since the start of the Ukraine conflict, but Russias primary purpose remains to support military operations on the Ukraine battlefield, he said.Former NCSC CEO and founder Ciaran Martin, now a director of security skills and training body the SANS Institute, said initial predictions that the Ukraine war would lead to a concerted cyber campaign against the West had not materialised.Going into the war, there were two big predictions, he told Computer Weekly. One was that Russia would use heavy cyber effects against Ukraine. They have tried that, but the impact can be debated.But the other assumption was they would try much more aggressive cyber blips, if you like, against Western allies of Ukraine, added Martin.But no serious scholar of cyber security thinks theyve done [that]. Its observably untrue.Salt TyphoonThe NCSC said its keeping a watching brief on attacks by Chinese hacking operation Salt Typhoon, which has hit US telecoms networks, including AT&T, Verizon and Lumen Technologies, placing the personal information of millions of people at risk.The attack, which has reportedly been underway for at least two years, has given Chinese hackers access to unencrypted messages and voice calls, and has enabled them to target the personal information of senior political figures in the US.Chichester said the British intelligence services were trying to assess the impact of the threat on the UK.Were still learning what that threat is, he said. It appears to be very focused on the US at the moment, but that doesnt mean were complacent. We will continue to look at the UK angles to that and respond to them as and when they occur.The UKs introduction of the Product Security and Telecoms Infrastructure Act 2012, which came into force this year, placed legal duties on manufacturers of electronic and home devices to protect consumers and businesses from cyber attacks.Chichester said that the act, together with telecoms security regulations that are being phased in over the next couple of years, aim to design-out vulnerabilities that could be exploited by attacks like Salt Typhoon.I think that the UK has been considering these kinds of vulnerabilities for some significant time, and has brought forward legislation and regulations with [telecoms regulator] Ofcom and others to absolutely try and increase resilience against those kinds of attacks, he said. We all know that defenders make mistakes, and thats all an attacker sometimes needs. But genuinely a lot of the things that are being required of operators in the UK are things that I know the US are looking at, and other countries are as well.Read more about Salt TyphoonChinese hacking of US telecom networks raises questions about the exploitation by hostile hacking groups of government backdoors to provide lawful access to telecoms services.Following the widespread Salt Typhoon hacks of US telecoms operators including AT&T and Verizon, CISA and partner agencies have launched refreshed security guidance for network engineers and defenders alike.Martin said that UK telecoms companies and the NCSC were aware of weaknesses and vulnerabilities in the telecoms network, and it was a question of how quickly they can be rectified before they can be exploited by threat actors.I think there are certain advantages that allow the UK to try to manage Salt Typhoon-style operations which arent available to allied countries, he said.Chichester said that much of the tradecraft used by cyber security attackers in Salt Typhoon and other attacks had been anticipated by government and industry ahead of time.Although its not possible to know every attack plan, simple strategies such as telcos separating operational and management infrastructure will reduce the risks.Just putting certain requirements and security around the administration of those networks cuts off a lot of vectors, he said. You might not know how the adversary is going to do it, but if you architect it in a certain way, then thats what gives you resilience.The UK government is working with telcos collaboratively to develop security regulations and technologies to block a variety of potential attacks, said Chichester.This has led to a back and forth between the NCSC and telcos, to see what might work, and what security measures are possible.One long-running debate is whether governments are right to attribute hacking attacks to the nation state responsible. Former NCSC CEO Martin said that where the identity of a nation-state hacker was known, it should be disclosed unless there were good reasons not to do so.Chichester said that identifying an attacker publicly can make it easier to get the message across to companies that they need to take action.At the end of the day, if you want to communicate to people, weve got to make it about people, either the adversary or the victim, he said. Youve got to tell a story. I think [naming an attacker] is a really powerful communications tool that we would like to use where we can. And so I think it helps defenders.It helps you kind of think and visualise, because, you know, as an organisation, OK, do I care about Russia, China or Iran? added Chichester.The cyber security director said the NCSC and the UK government publicly attributed cyber attacks for a variety of reasons, including to build coalitions and increase the political cost of cyber attacks.I dont think anybody genuinely thinks that attributions or public indictments or sanctions will ever prevent a state from doing this, but that is not what its about, he said.But when an attribution is accompanied by a court indictment naming individuals responsible for a hacking operation, that can be a powerful tool, said Martin. That does give you credibility, he added. It really does.
0 Comments
0 Shares
22 Views