The failure of Russian cyberattacks against Ukraine is the most important lesson for the NCSC

According to its CEO, the failure of Russian cyberattacks on Ukraine to achieve the intended impact was an important lesson for the UK’s National Cyber ​​Security Council (NCSC).

But speaking at the Chatham House Security and Defense Conference in 2022, NCSC CEO Lindy Cameron warned against complacency as Russia could change its approach and take more risks with cyberattacks, which could affect the UK.

She said Ukrainian cyber defenses, IT security industry support and international collaboration have so far prevented Russian cyber attacks from having the destabilizing impact predicted during the Russian invasion of Ukraine.

“In many ways, the most important lesson to be learned from the invasion is not the Russian attacks – which were very large and, in many cases, very sophisticated – but Russia’s lack of success,” he said. she said at the conference.

Discussing Russia’s online disinformation campaign, designed to sow confusion and chaos, and its cyberattacks, which attempt to undermine trust in Ukraine’s leadership, Cameron said: “Both of these efforts have largely failed, thanks to the efforts of Ukrainian and Western digital expertise within governments. and the private sector.

“Despite their best efforts, the Russian cyberattacks simply did not have the expected impact. »

She said three things could be attributed to the “unexpected” lack of success – “impressive” Ukrainian cyber defenses, “incredible” support from the cybersecurity industry, and “impressive collaboration” between the US, EU, NATO, UK and others. .

“Just as we have seen inspiring and heroic defense of the Ukrainian military on the battlefield, we have seen incredibly impressive defensive cyber operations by Ukrainian cybersecurity practitioners. Many commentators have suggested that these are the most effective defensive cyber activity undertaken under sustained pressure in history,” Cameron added.

She said the constant cyberattacks against Ukraine, emanating from Russia, over the past decade had primed the country’s cyber defenses. “In many ways, Russia has made Ukraine fit for the past 10 years by constantly attacking them,” Cameron said.

“We haven’t seen ‘cyber Armageddon’, but that’s no surprise to cyber professionals, who weren’t expecting it. What we have seen is a massive conflict in cyberspace – possibly the most sustained and intensive cyber campaign on record.

This year, in light of the situation in Ukraine, the NCSC advised UK organizations to take a more proactive approach to cybersecurity and operate at “an increased threat level”.

This, Cameron said, includes checking that all software is up to date, verifying backups and preparing a disaster plan.

Cameron warned against complacency. “There may be organizations that start to [wonder if this is] still necessary, because in the UK we have not had a major incident related to the war in Ukraine. My answer is a definite yes.

“There is still a real possibility that Russia will change its approach to cybersecurity and take more risks – which could have bigger impacts in the UK.”

Read Cameron’s full speech here.

Comments are closed.