“Try as they might, Russian cyberattacks simply have not had the intended impact,” said Lindy Cameron, CEO of the National Cyber Security Centre (NCSC) – the cyber arm of GCHQ – speaking at Chatham House in London. “But if the Ukrainian cyber defence teaches us a wider lesson – for military theory and beyond – it is that, in cybersecurity, the defender has significant agency. In many ways you can choose how vulnerable you can be to attacks.” Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats In the run-up to and since the invasion of Ukraine, the country has been hit by a series of cyberattacks that have been attributed to Russia. These include distributed denial of service (DDoS) attacks against the Ukranian government and financial sector, as well as wiper malware campaigns designed to destroy systems by rendering them unusable. These weren’t the first offensive cyberattacks linked to the Russian state that have targeted Ukraine; attacks previously caused power outages in the winters of 2015 and 2016. Then, in 2017, Russia launched the NotPetya wiper malware attack against Ukraine, but the impact spread further, causing billions of dollars of damage around the world. Since the invasion, Cameron said, “what we have seen is a very significant conflict in cyberspace – probably the most sustained and intensive cyber campaign on record.” But she also pointed to the lack of success of these campaigns, thanks to the efforts of Ukrainian cyber defenders and their allies.  “This activity has provided us with the clearest demonstration that a strong and effective cyber defence can be mounted, even against an adversary as well prepared and resourced as the Russian Federation.” Cameron argued that not only does this provide lessons for what countries and their governments can do to protect against cyberattacks, but there are also lessons for organisations on how to protect against incidents, be they nation-state backed campaigns, ransomware attacks or other malicious cyber operations. “Central to this is a commitment to long-term resilience,” said Cameron. “Building resilience means we don’t necessarily need to know where or how the threat will manifest itself next. Instead, we know that most threats will be unable to breach our defences. And when they do, we can recover quickly and fully.” The NCSC has previously suggested that organisations should be operating at a heightened threat level, and has made recommendations that should be followed to help protect against cyberattacks, or collateral damage as a result of wide-scale cyber events.  Also: White House warns: Do these 8 things now to boost your security ahead of potential Russian cyberattacks These recommendations, which Cameron reiterated at Chatham House, include verifying that all software is up to date with the latest security patches, checking that backups are working properly, and having an incident response plan in place – because cyberattacks continue to represent a major threat.  “There may be organisations that are beginning to think ‘is this still necessary?’ as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic ‘yes’,” Cameron said.  “UK organisations – and their network defenders – should be prepared for this period of elevated alert to be with us for the long haul. Across the UK, we need to focus on building long-term resilience. Just as the Ukrainian defenders have done,” she added. 

MORE ON CYBERSECURITY

Ukraine stopped Russian hackers who were trying to attack its power gridIt’s time to stop hoping that cybersecurity problems will just go awayUsing Russian tech? It’s time to look at the risks again, says cybersecurity chiefUkraine is building an ‘IT army’ of volunteers, something that’s never been tried beforeEndless cyber-threat pressure could leave security staff burnt out. Here’s what you need to change