Public Services > Central Government

Critical national infrastructure at risk of Russian cyber attack

David Bicknell Published 16 April 2018

Weekend military strikes in Syria have raised fears of a retaliatory cyber-attack, just a week after the government promised extra funding to beef up cyber security defences and cyber skills


Less than a week after Home Secretary Amber Rudd promoted the expertise of Britain’s cyber security services and committed millions of extra pounds in security funding, the country’s critical national infrastructure will now be under severe scrutiny for signs of cyber breaches.

It follows last weekend’s military strikes in Syria which, to some, offers the prospect of a retaliatory cyber-attack either by or perhaps covertly endorsed by Russia.

Foreign secretary Boris Johnson warned in a television interview at the weekend that, "You have to take every possible precaution, and when you look at what Russia has done, not just in this country, in Salisbury, attacks on TV stations, on the democratic processes, on critical national infrastructure – of course we have to be very, very cautious indeed."

Speaking at last week’s CYBERUK event , Rudd promised the government would be giving over £9m to enhance the UK’s specialist cyber capabilities, including work to combat criminals who ‘continually exploit the anonymity of the Dark Web.' 

She also pointed to the future running of the UK’s first live national cybercrime exercise to test the response of the security and intelligence agencies, police and first responders, in the event of a large scale cyber incident, the launch of a new £13.5m Cyber Innovation Centre in London to help secure the UK’s position as a global leader in the growing cybersecurity sector, and an investment of £50m over the next year to bolster cyber capabilities within law enforcement at a national, regional and local level.

The conference also saw the government launch new cyber-attack categorisation designed to improve response to security incidents. 

Category 1 denotes a national cyber emergency, which causes sustained disruption of UK essential services or affects UK national security, leading to severe economic or social consequences or to loss of life.

Category 2 is a highly significant incident, a cyber-attack which has a serious impact on central government, UK essential services, a large proportion of the UK population, or the UK economy.

Category 3 is a significant incident, an attack which has a serious impact on a large organisation or on wider / local government, or which poses a considerable risk to central government or UK essential services. There are three other lower categories of attack.

Meanwhile in her speech, Rudd also pledged over £5m would be invested in local and regional policing to set-up dedicated cybercrime units in every police force in England and Wales as well as £3m to continue the CyberAware campaign to educate the public and businesses on how to take simple steps to protect against cybercrime.

The threat of Russian action comes less than a month before the year’s anniversary of the WannaCry attack on May 12 2017 which, though not targeted at the NHS, caused severe disruption. Over a third of England’s NHS trusts were disrupted, with over 6,900 NHS appointments cancelled.

Jeremy Fleming, director of GCHQ, speaking at the CYBERUK event last week said, “For decades, we have collected intelligence on Russian state capabilities, on their intent and on their posture. And for over twenty years, we’ve monitored and countered the growing cyber threat they pose to the UK and our allies.

“And it looks like our expertise on Russia will be in increasing demand. The Russian Government is widely using its cyber capability.

“We’ll continue to expose Russia’s unacceptable cyber behaviour, so they’re held accountable for what they do, and to help Government and industry protect themselves

For the last year, a succession of inquiries have examined just how the WannaCry ransomware attack affected the NHS and has started to put steps in place to prevent a recurrence. Government has made consistent noises about how much investment it was putting into cyber security, culminating in last week’s well-intentioned Rudd announcements. Concerns about cyber skills remain – witness Rudd’s call for those who have cyber skills to offer their help as volunteers.

She said, “…if you have cyber skills, then my plea is that you’re generous with them. There’s valuable technical cyber expertise in the private sector which can be harnessed by law enforcement in the fight against cybercrime.

“My department has worked with the police to increase the number of skilled volunteers – cyber specials, and cyber volunteers – who lend their time and expertise to the National Crime Agency or their local police force. I want to see more of the home-grown expertise which we are rightly proud of, in use. And I encourage all of you who have the skills, to get involved.”

But now the rubber meets the road. The government and the National Cyber Security Centre have talked a good game over cyber security and emphasised how much has been spent and what skills are needed. Rudd described how, back in 2016, the UK had launched its five-year National Cyber Security Strategy, supported by £1.9 billion of investment.

But talk is cheap and Theresa May’s actions at the weekend, whether justified or not, now risk a response from a Russian cyber bear on the loose.

It may not happen. But even if all seems quiet for the next few weeks, that doesn’t mean no attacks have taken place. The mark of a ‘successful’ attack is often that no-one knows about it and it is malignly foraging away unseen. All quiet may also mean news of an attack has been suppressed. After all, who would want to explain that after the millions being spent, and all the soul searching over the lessons learned from WannaCry, that critical national infrastructure is vulnerable to attack, let alone that attack may have been successful?

That said, on the margins of the NCSC event last week, the word is not so much if an attack will be launched, but when.

Earlier this year, Ciaran Martin, the head of the UK’s National Cyber Security Centre, also warned as much, raising the prospect of disruption to British elections and critical infrastructure.

In remarks underlining newly released figures showing the number of cyber-attacks on the UK in the last 15 months, Martin said the UK had been fortunate to avoid a so-called Category 1, broadly defined as an attack that might cripple infrastructure such as energy supplies and the financial services sector.

In spite of its impact, WannaCry was classified as only a C2 attack rather than C1, partly because there was no risk to life.

Figures for cyber-attacks recorded since the NCSC opened show there were 34 C2 attacks through to December last year, with WannaCry the most disruptive. There were 762 slightly less serious C3 attacks.

Last week the security company ThreatQuotient launched a tool, ThreatQ Investigations that provides a cyber ‘situation-room’ akin to those pictures seen in World War II films where ships, forces etc are moved on points around a central board in the middle of the room. 

The concept of a cyber situation-room, designed to allow real-time visualisation of an investigation as it unfolds within a shared environment, is one that in the near future may well turn out to be a necessity to counter concerted cyber attacks.

The idea of the cyber ‘situation room’ is likely to be an interesting topic for discussion at this week’s giant RSA Security Conference in San Francisco, which starts today. The hope will be that it won’t be needed in anger in the UK over the coming weeks. The perceived potential cyber threat and current state of readiness may, however, suggest otherwise.


We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.