According to the Chancellor of the Duchy of Lancaster, Oliver Dowden, Russia-aligned cyber groups sympathetic to the invasion of Ukraine have been attempting to disrupt or destroy the UK’s infrastructure. In a keynote speech at the National Cyber Security Centre’s annual event, Dowden warned that the groups, which he likened to the Russian paramilitary organisation, the Wagner group, have turned their attention to the UK and its allies after initially focusing on Ukraine and the surrounding region. Unlike previous attacks that aimed to profit or spy, these ideologically motivated groups are seeking to disrupt or destroy critical national infrastructure and are “more opportunistic” and “less likely to show restraint” than state-controlled actors. Dowden stressed that the government does not think the groups have the capability to cause widespread damage to UK infrastructure at this point.
Dowden also revealed that he will set cyber resilience targets for all critical national infrastructure sectors to achieve by 2025 and is creating new laws to include private sector businesses working in critical national infrastructure in the scope of cyber resilience regulations.
The most acute state cyber threats still come from China, Iran, and North Korea, according to Dowden. He referred to the “very visible” Chinese spy balloon spotted earlier this year in US airspace and warned that a combination of criminals, spooks, hacktivists, and cyber soldiers covertly breach digital defenses daily. The CEO of NCSC, Lindy Cameron, who spoke at the same event as Dowden, encouraged organisations to take seriously China’s goal of dominating cyberspace. Cameron stated that China is aiming for global technological supremacy, and the UK must consider whether China’s technology will enable us to secure ourselves adequately and maintain cybersecurity in the future.
The UK government revealed analysis of its latest cyber security breaches survey, indicating that nearly a third of businesses were attacked in the past year, with costs averaging £1,100 per business or almost £5,000 for medium and large businesses. Nearly a quarter of charities were also attacked, incurring average damaged costs of £530. The majority of the attacks were relatively unsophisticated and could be prevented by improving cyber hygiene, such as enacting password policies, using network firewalls, restricting admin rights, and updating software. The NCSC plans to launch a new scheme to help businesses with basic cyber security, and the government will roll out its GovAssure initiative across all departments, which will undergo yearly checkups of their cyber health.