Last week the National Cyber Security Centre (NCSC) issued an unprecedented alert regarding malicious cyber activity conducted by the Russian government. This marked a significant milestone in the international fight against the cyber threat that our country, and in particular our Critical National Infrastructure, faces. The alert was particularly noteworthy for 3 reasons:
- The alert was written and issued in full partnership with colleagues in the United States from both the Federal Bureau of Investigation and the Department of Homeland Security. This is the first time this has happened; whilst there has long since been excellent cooperation across the pond (this is one area where the ‘special relationship’ is alive and well) there has never before been such a clear demonstration of the strength and depth of the partnership. Such a unified approach will ensure resilience capability develops at pace whilst also sending a powerful message to our adversaries.
- The alert speaks clearly and with certainty about attribution. It unequivocally calls out Russian intent to exploit our cyber infrastructure and records it plainly in the public record. This level of certainty will be rooted in robust intelligence and it is reasonable to surmise that clear evidence of Russian intent and activity exists. Until very recently this level of intelligence and its associated analysis would be heavily classified and distribution would be limited. Releasing such intelligence product into the public domain is a game changer. To my mind the fact that this can now happen is one of the biggest successes of the NCSC.
- The technical note actually offers simple and practical guidance that can be implemented by organisations of all sizes. It explains Russian tactics and techniques, offers tips on how to identify compromises and suggests mitigation actions. In short it is a useful guide to those at the coalface working in cyber defence. Similar notes in the past have often been overly generic and bland to the point of uselessness.
It is difficult to overstate how important and welcome this more open and more technically useful approach is. The cyber world is becoming more collaborative and more open – this trajectory must be maintained if we are going to overmatch the threat and generate genuine resilience.
Getting this right is nationally important. We are beginning to talk openly and in detail about the threat to our Critical National Infrastructure, indeed the Joint Technical Report released last week explicitly spoke about Russian prepositioning on Critical National Infrastructure targets.
This is an extremely positive development; the first step to addressing a problem is to be honest about its existence. With aligned leadership at the national level on both sides of the Atlantic it is really encouraging to see that process beginning.