Above the parapet: UK doubles down on cyber support to Ukraine

The UK Government recently revealed a significant increase in cyber capabilities delivered to Ukraine. The current £6.4 million budget will more than double to £16 million, including options for another £9 million of funding from other allies.

The Ukraine Cyber Program involves direct GCHQ support in hardening Ukraine’s cyber security posture and staying ahead of the evolving Russian cyber offensive. The support focuses on protecting the country’s critical national infrastructure, no doubt influenced by previous cyber-attacks Ukraine has endured against its energy supply.

The UK has opposed Russia long before the 2022 invasion. Strained relations from the Litvinenko and Skripal poisonings, and harsh sanctions imposed following the 2014 annexation of Crimea had already effectively set the tone for the present support of Ukraine.

However, over time this antagonism has naturally heightened the UK’s profile as a target for Russian operations, particularly those aimed at deterring any further support. These would highly likely manifest as either deniable or non-attributable operations set below the threshold of triggering NATO article V – making cyber-attacks a viable option.

Despite the shoring-up of Ukrainian defences, UK public institutions are a target-rich environment for Russian cyber operations – particularly the NHS.

Alarmingly, attacks against the NHS have happened before: in the months following the 2022 invasion a record-high number of attempted cyber-attacks were recorded in four out of five NHS trusts. The 111 service was even temporarily taken offline after an attack against Advanced (an external service provider to the NHS) in August 2022. Legacy IT infrastructure, convoluted dependencies on private companies, and a treasure trove of valuable health and personal data makes the NHS a near-perfect target for attackers.

As the NHS modernises and digitizes over time, new risks will also be introduced through emerging technologies - such as robotic surgery assistance. Compared to most victims they also face significant ethical and social pressure to pay any ransoms given, due to the possible threat to life against patients.

Additionally, the NHS is just as critical politically as it is socially – doubling the impact of any significant cyber incident. Severe disruption to the NHS or comparable institution as a direct consequence of opposing Russia has the potential to generate cracks in the UK’s resolve.

Such an incident may even have the potential to dissuade the government from supporting Ukraine entirely, comparable to Spain’s withdrawal from Iraq following the 2004 Madrid bombings. This potential opportunity to turn a digital operation into a battlefield advantage will no doubt be considered by the Russian Intelligence Services.

Overall, the UK’s continued resistance to Russian cyber aggression, combined with the wide-ranging cyber maturity of critical national infrastructure raises both the likelihood and impact of a significant Russian cyber operation.

Although continued support to Ukraine remains vital for their success, it must be acknowledged that the act of providing it raises the UK’s profile ‘above the parapet’, increasing the importance of comprehensive cyber risk mitigation for organisations and businesses alike.

‍