So, what do we expect?
The increasing digital connectivity between all manner of modern systems – be it internet services we have come to rely on so much (such as online banking and email communications), ordinary home devices (from phones to tablets), and critical infrastructure (such as transport and health) – means that a cyber attack could create serious, prolonged and multiple points of disruption for us.
Potential disruption to critical infrastructure is the most concerning and could directly affect lives.
Apart from “cyber operations” which would seek to cause technological interference, a further threat comes from what we might call “information operations”. In this category are attempts to: manipulate social media feeds, plant fake news stories, blast TV and radio channels with propaganda and undermine the state or authentic sources of media.
A lot of this could be achieved by stealth, with stories manipulated in a pinpoint, targeted fashion, at critical political junctures.
While this is the immediate context, however, the recent crisis in relations with Russia has been ongoing for a while now and one expects our digital defenders to have had some preparation in place.
What then could Britain do to minimise disruption?
Everyone from GCHQ and the MoD to ISPs and telecommunication providers, and from managed security service providers to major private sector operators (such as banks), are expected to have measures in place that:
- Escalate monitoring of sensitive and more exposed parts of their digital assets to pick up any threatening behaviour
- Pre-emptively cut down on non-critical interfaces or functionality that could be exploited
- Step up intelligence gathering from wider sources to inform assessment of expected threats
Some of the above aligns with the Active Cyber Defence agenda that the UK’s current National Cyber Security Strategy (2016-2021) promotes. But a key reflection to draw here is that there is a severe need for an early warning system that can actively feed on intelligence sources and systematically – possibly in some automated fashion – carry out the above measures to reduce our risk of disruption in light of such attacks.
What are Britain’s options in retaliation?
After the recent incident in Salisbury Theresa May indicated that a cyber attack could be one option for retaliation in face of such a threat.
The prime minister recently told MPs that “extensive measures” could be unleashed against Russia if the country failed to offer up a clear explanation about the events surrounding the suspected poisoning of the Skripals. Besides the sanctions and political manoeuvring which has seen 23 Russian diplomats expelled from the UK – there are still other options on the table.
The Conservative MP, Mark Harper, asked Theresa May on 12 March: “Will she confirm that, if Her Majesty’s government conclude that there was unlawful use of force by the Russian state, we possess a considerable range of offensive cyber-capabilities that we will not hesitate to deploy against that state, if it is necessary to keep our country safe?”
In response, May said, “We, of course, will look at responses across a number of areas of activity, should it be… that we conclude that this action does amount to an unlawful use of force by the Russian state here in the UK.”
A state-sponsored cyber attack by the UK could lead to severe consequences for Russia’s digital infrastructure, which underpins its machinery allegedly generating propaganda and disinformation.
Given Russia’s history of information warfare, such a vocal threat from May’s government doesn’t come as a complete surprise. For over a decade now, Putin’s regime has been associated with an increasing weaponisation of the web: from a full-blown botnet attack on Estonia’s digital infrastructure in 2007 to NotPetya, a major malware attack that hit the globe just last year with the largest number of incidents being reported in Ukraine.
Britain’s possible cyber options are as follows: Russia’s state-supported media outlets and information portals are an obvious first target. They have been known to spread hate and propaganda on social networks and provoke civil society into malicious online campaigns. Any such effort to nefariously propagate and magnify malign influence in cyberspace should be weakened. Any Russian asset used to carry out intelligence, espionage and cyber warfare operations – from government websites to internet connectivity infrastructure – could also be deemed a legitimate target.
Various parts of the dark web could also be potential targets for the UK. It has been linked to Russian mafia and organised gangs, many of which allegedly operate thriving criminal syndicates and are said to have the backing of oligarchs who profit from cyber crime, drug smuggling and human trafficking.
But challenges remain around the international laws that govern any declared targeted response, and talks on the need for cyber security coordination on a global scale are only just emerging.
The Talinn Manual – a non-binding consensus of legal experts on cyber operations – merely suggests that targets should “cause the least danger to civilian lives and to civilian objects”. It has been left open to wide interpretation, meaning any choice of a target, such as Russia, is problematic in a world where telecommunications and internet infrastructure is increasingly under joint public and private ownership.
The politicisation and weaponisation of cyberspace has been inevitable. While a concerted national strategy to ensure resilience and active defence on “cyber borders” is underway in the UK, we cannot escape the fact that our lives are now so dependent on digital systems of all kinds that a successful cyberattack could pose a significant risk of disruption and damage. Do we continue down this path, responding helplessly in the face of every such crisis? Or, do we radically alter the way technology is designed and deployed to make it “defensible”?
I think the choice is ours.
Prof. Siraj Ahmed Shaikh is a Professor of Systems Security at the Institute of Future and Cities (FTC) at Coventry University. He is also Co-Founder and Chief Scientist at CyberOwl
An earlier version of this article appeared on the Conversation
Register for free to continue reading
Registration is a free and easy way to support our truly independent journalism
By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists
Already have an account? sign in
Join our new commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies