Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - UK
The Guardian - UK
Technology
Dan Milmo Global technology editor

‘Russia can turn the lights off’: how the UK is preparing for cyberwar

Hooded hacker figure
Governments are advising citizens to use strong passwords to prepare them for cyber-threats. Photograph: Igor Stevanovic/Alamy

The Swedish government checklist for surviving a war would not have looked out of place decades ago: bottled water; sleeping bags; extra batteries; enough cash for a week; and non-perishable food such as rice and cereal.

Without being mentioned in name, Russia once more lurks in the background as it did during the cold war. But the nature of the threat it poses in the pamphlet, called “In case of crisis or war”, has changed.

Alongside raising the possibility of “an armed attack against Sweden”, the guide also mentions “cyber-attacks” and “disinformation campaigns”.

As well as coping with the threat of nuclear conflict or an armed border incursion, Europe must now contend with a very 21st-century foe: cyberwarfare.

Richard Horne, the head of the National Cyber Security Centre, will say on Tuesday that “the severity of the risk facing the UK” from countries like Russia and China “is being widely underestimated”.

Horne will make the warning as the NCSC reveals a significant increase in serious cyber-incidents over the past 12 months.

Last week a British minister outlined the potential consequences of Russia’s already active cyber-operations spilling into more serious areas. “Cyberwar can be destabilising and debilitating. With a cyberattack, Russia can turn the lights off for millions of people,” said Pat McFadden, the chancellor of the duchy of Lancaster.

The countries on the frontline of a potential conflict have all urged citizens to prepare for electricity cuts. The Swedish pamphlet, reissued this month, makes references to coping with power outages, as does a recent “emergency preparedness” guide from the Norwegian government. The Finnish advice refers to cyber-attacks causing a “long power outage” and Denmark refers to various crises, including a digital assault, causing “loss of utilities”.

Experts say the Russian cyber-threat should be taken seriously, even if a devastating attack on national infrastructure could invoke Nato’s mutual defence clause – which could make Moscow hesitate.

“I would take his warning seriously. I don’t think it’s hyperbole,” said Dan Marks, research fellow for energy security at the Royal United Services Institute (Rusi) thinktank. “Having said that, the UK grid is pretty resilient. There is potential for Russia to do damage and cause problems but there is resilience in the grid. It has been designed to cope with stresses and threats.”

Every major organisation in the UK should have a plan for a cyber-attack hitting key infrastructure, according to Ciaran Martin, the former head of the UK’s National Cyber Security Centre.

“Every organisation should have a plan on how to deal with the loss of a major infrastructure network. The difference between being 50% functional within 24 hours of an attack and being offline for a fortnight is huge,” he said.

McFadden’s speech referred to wider Russian cyber-interference in the UK, warning that Moscow has “targeted our media, our telecoms, our political and democratic institutions, and our energy infrastructure”.

Dan Black, a principal analyst in the cyber espionage team at Mandiant, a Google-owned cybersecurity firm, said Russia stepped up its cyber-aggression towards the UK and other Nato members once it became clear the war in Ukraine would become an attritional slog.

“That’s when you really started to see the dimensions of the cyber-conflict creep outside Ukraine and into wider Europe and into Nato countries,” he said.

Evidence of that creep was revealed in September when western intelligence agencies said a unit of Russia’s military intelligence service was carrying out a campaign of “malicious cyber-activity” against government and critical infrastructure organisations around the world.

It said Unit 29155 had targeted organisations to “collect information for espionage purposes, caused reputational harm by the theft and leaking of sensitive information, defaced victim websites and undertaken systematic sabotage caused by the destruction of data.”

The recently updated crisis guides understandably refer to stockpiling food and other essentials given the threat of attacks affecting utilities. But they also refer to warding off hackers and spotting online disinformation, which are modern tools of state actors seeking to cause disruption.

Russia is a hub for ransomware gangs, which hack and lock up the computer systems of targets ranging from schools and hospitals to private companies, and then demand payment to restore IT networks and return stolen data. Although the ransomware criminals are independent operations, some of them are known to have links to the Russian state, which tolerates their presence in the country.

The Swedish pamphlet recommends using strong passwords at home and at work, while Norway’s guidance urges citizens to “check information sources, and consider the credibility of information you pass on to others”.

The UK government, too, recommends using strong passwords in its guide to preparing for emergencies.

“The UK has robust plans in place for a range of potential emergencies, that have been developed, refined and tested over many years. Advice on steps individuals, households and communities can take to prepare for emergencies can be found on gov.uk/prepare,” said a UK government spokesperson.

The onus for combatting a Russian cyberthreat should be on the government and owners of key infrastructure, according to Jamie MacColl, a research fellow in cyber-threats at Rusi. But he adds that the coronavirus pandemic represented a wasted opportunity for the UK to be better prepared for external shocks in the future, even if the prospect of armed conflict, not cyber-attacks, is the more likely reason why people will need to stockpile food, water and cash.

“We have just carried on as if there is not a major war in continental Europe,” he said.

The key lesson from the Baltic and Scandinavian states, according to MacColl, is to be resilient.

“One of the aims of Russian activity below the threshold of war, like cyber-attacks, is to spread fear, panic and discord. The best response to that is to be psychologically resilient and not go out into the street and buy all the toilet roll in Sainsbury’s.”

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.