The ongoing situation in Ukraine could have a pronounced impact on UK technology infrastructure, with Russia thought to be preparing cyber attacks on the west.
Though the physical fighting has dominated news outlets in recent days, an altogether different army is thought to be mobilising behind the scenes, preparing to bring down IT networks and infrastructure across the globe, not least in the UK.
Now, GCHQ and the Home Secretary have advised business to take pre-emptive measures to protect themselves against a potential attack.
Head of GCHQ’s National Cyber Security Centre, Lindy Cameron, said that the cyber threat was now “heightened” and reiterated the warning that “cyber attacks do not respect geographic boundaries.”
GCHQ itself has already taken action, with its director, Jeremy Fleming, briefing the heads of critical national infrastructure across the UK (including utility, communications and food companies) in a bid to strengthen their cyber defences.
Attacks are already thought to have hit targets in Ukraine, among them a DDoS (Distributed Denial of Service) attack on two banks – which the Foreign Office said had almost certainly emerged out of Russia’s military intelligence service, the GRU.
The Harvard Business Review says Russia’s cyber capability is “considerable”, and could be deployed in retaliation for sanctions from the west following its invasion into Ukraine.
Organisations that are worried about the impact this could have on their operations are advised to review and exercise their business continuity plans. The first exercise would be to determine how business could continue if systems went wholly offline.
Similarly, businesses should examine their supply chain – not just to see where potential weaknesses might be exploited, but also to identify anywhere that has a reliance on Ukrainian code or data, as this would be the most immediate target for Russia.
Finally, businesses should empower staff members to identify and report any attacks or attempted entries as soon as they are discovered. Reporting on attacks quickly will mitigate the damage and help prevent other agencies from becoming the next victims.