UK Defending Ukraine From Russian Cyberattacks

The British government has officially acknowledged that it has been actively helping Ukraine protect its critical national infrastructure from Russian cyberattacks.

The government confirmed the UK’s ‘Ukraine Cyber Programme’ has operated in partnership with industry, and aims to prevent “Russian malign actors from accessing vital networks and providing forensic capabilities to the Ukrainian authorities.”

The UK’s £6.35 million programme was “mobilised shortly after Putin’s invasion in February to protect against increased Russian cyber attacks. The programme has not been made public until now to protect its operational security,” it said.

UK cyber protection

The UK cyber assistance was revealed by Foreign Secretary James Cleverly, who confirmed the UK has also been “utilising the expertise of world-leading cyber security providers.”

To date, the UK’s Ukraine Cyber Programme has:

• Provided incident response support to Government of Ukraine entities, protecting them against destructive cyber attacks, including malware such as Industroyer2. This is preventing malicious actors from accessing vital information relevant to the war effort.
• Limited attacker access to vital networks and supported Ukraine to harden their critical infrastructure against future attacks.
• Delivered frontline cyber security hardware and software including: firewalls to prevent attacks taking hold; DDoS protection to ensure Ukrainian citizens can continue to access vital information; and forensic capabilities to enable Ukrainian analysts to fully understand system compromises.

“Russia’s attack on Ukraine is not limited to its horrific land invasion. It has also persistently attempted to invade Ukraine’s cyberspace, threatening critical information, services and infrastructure,” noted James Cleverly.

“The UK’s support to Ukraine is not limited to military aid – we are drawing on Britain’s world-leading expertise to support Ukraine’s cyber defences,” said the Foreign Secretary. “Together, we will ensure that the Kremlin is defeated in every sphere: on land, in the air and in cyber space.”

The NCSC is proud to have played a part in supporting Ukraine’s cyber defenders,” added Lindy Cameron, CEO of the National Cyber Security Centre. “They have mounted an impressive defence against Russian aggression in cyberspace, just as they have done on the physical battlefield.”

“The threat remains real and the UK’s support package is undoubtedly bolstering Ukraine’s defences further, said Cameron.

Russian aggression

The UK said the tempo of Russian cyber attacks against Ukraine had increased significantly following its illegal invasion in February 2022, as it sought to undermine Ukraine’s sovereignty and strategic advantage in the war.

The UK also highlighted Russia’s long history of hostile and destabilising activity against Ukraine, which includes:

• Shutting off part of Ukraine’s electricity grid in December 2015, leaving 230,000 people without power for up to 6 hours.
• Destructive cyber attacks in 2017 targeting Ukraine’s finance and energy sectors and government services, leading to knock-on effects on other European partners.
• Kyiv metro and Odessa airport disrupted by ransomware that encrypted hard drives.
• Distributed Denial of Service (DDoS) attacks on 15-16 February 2022, which the UK’s National Cyber Security Centre (NCSC) judge were the work of Russia’s GRU military intelligence agency
• A series of cyber attacks since the invasion, including against commercial operators such as Viasat in March which had a serious impact on access to internet and other services across both Ukraine and other parts of Europe.

Offensive operations

The UK’s admission of aiding Ukraine in the cyberspace, comes after the US government in June this year admitted that American military hackers had conducted ‘a series of operations’ in support of Ukraine.

A senior US General (the head of US Cyber Command General Paul Nakasone), said that US military hackers had conducted offensive operations in support of Ukraine.

“We’ve conducted a series of operations across the full spectrum; offensive, defensive, [and] information operations,” General Nakasone told Sky News.

The General declined to describe those operations.

Prior to its invasion, Russia engaged in its usual practice of hybrid or asymmetric warfare, and launched  an assortment of cyberattacks to destabilise communications and spread confusion whilst its troops invaded the region.

But such was the global outrage at Russia’s overt aggression, that hacking groups such as Anonymous fought back and conducting numerous cyberattacks against Russian targets, including Russian state TV channels.

And General Nakasone confirmed Microsoft’s conclusion in April this year, that Russia’s cyberattacks against Ukraine have been much greater than first thought.

General Nakasone disagreed with some commentators who suggested Russian cyber operations against Ukraine had been overblown, and he praised the Kyiv government and defenders for their resilience.

Slovakia-based cybersecurity specialist ESET and the Ukraine Computer Emergency Response Team (CERT-UA) confirmed in April that Russian military hackers from the GRU had tried and failed to (cyber)attack Ukraine’s energy infrastructure.

In May US and UK intelligence officials confirmed that Russia was responsible for the cyberattack on the US-based Viasat communication systems, which began an hour before Russia illegally invaded Ukraine on 24 February 2022.

US/UK position

After Russia-linked hackers conducted a number of high profile cyberattacks against US targets in recent years, President Joe Biden raised the cyberattack issue with Vladimir Putin in June 2021, and warned him that certain critical US infrastructure should be “off-limits” to cyberattacks.

Indeed, President Biden warned Putin of ‘retaliation’ and an ‘aggressive response’ if Russia attacks a list of 16 ‘critical’ industries in America.

Then in July 2021 President Biden underscored how serious the US is taking cyberattacks, when he admitted they could cause a ‘real shooting war’ with a ‘major power’.

Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyberattack from a hostile state.

In May this year, the UK’s then Attorney General Suella Braverman (now Home Secretary) confirmed the UK could legally launch cyberattacks against hostile nations.

It came after the UK government confirmed in April 2018 that it had carried out a cyberattack on the ISIL or Islamic State terrorist group.

And in October 2021 the UK revealed the headquarters of the National Cyber Force (NCF) in Samlesbury, Lancashire.

The NCF combines personnel from intelligence, cyber and security agency GCHQ, the MoD, the Secret Intelligence Service (MI6) and the Defence Science and Technology Laboratory (DSTL), under one unified command for the first time.

Its remit is to carry out offensive cyber operations, which “can disrupt hostile state activities, terrorists and criminals threatening the UK’s national security – from countering terror plots to conducting military operations.”