NCSC: UK Organizations Can Learn from Ukraine’s Impressive Cyber Defenses

  • The Russia–Ukraine conflict has facilitated the “most sustained and intensive cyber campaign on record,” according to the National Cyber Security Centre (NCSC)’s CEO, Lindy Cameron, speaking in a keynote address during the Chatham House security and defence conference 2022.

    Cameron noted that both Ukraine and Russia have undertaken significant cyber operations in conjunction with their military efforts. In particular, Russia has launched “a series of major cyber-attacks in support of their illegal invasion in February.”

    These include multiple DDoS and Wiper malware campaigns against the Ukrainian government and critical services. Additionally, there have been significant ‘spillover’ incidents, such as the attack on commercial communications firm Viasat in February 2022, affecting thousands of personal and commercial internet users across Europe.

    Encouragingly though, Russia’s cyber activities have not been successful to date, stated Cameron. “Try as they might, Russian cyber-attacks simply have not had the intended impact,” she outlined, adding that this was the most important lesson to take from the invasion.

    Three factors were highlighted for Russia’s failures in the cyber domain: Ukraine’s robust cyber defenses, support from industry partners and collaboration between the UK, US, EU, NATO and others to thwart Russian attacks.

    Ukraine’s impressive cyber defenses in the conflict have partly been a result of Russia making them “match fit” over the last 10 years by “consistently attacking them.” The most infamous example of this was the NotPetya ransomware campaign in 2017, which infected Ukrainian government agencies and critical infrastructure firms.

    Cameron also highlighted the UK’s role in helping Ukraine defend itself against these threats, providing measures to enhance its incident response, forensics and assessment processes over several years. The UK has also “dedicated significant resources to enable others to better monitor and understand Russia’s cyber threats.”

    Overall, Ukraine’s successful cybersecurity practices demonstrate that “a strong and effective cyber defense can be mounted, even against an adversary as well prepared and resourced as the Russian Federation.”

    Cameron believes organizations in the UK can learn from Ukraine’s cyber defenses to protect themselves from attacks. The key is long-term resilience and the ability to recover quickly and fully from breaches.

    This is particularly relevant given Russia’s unpredictable reaction to recent battlefield conflicts. As such, “there is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.”

    Therefore, “UK organizations – and their network defenders – should be prepared for this period of elevated alert to be with us for the long haul” and focus on building long-term resilience.

    On September 27, the Ukrainian government warned that Russia is planning a major new cyber-attack campaign on the critical infrastructure of Ukraine and its allies as winter approaches.