View all newsletters
Sign up to our newsletters

Support 110 years of independent journalism.

Lindy Cameron: Ukraine’s cyber-defences have been exemplary

While Russia’s brutal war has sought to redraw the physical map, its consequences have been felt in cyberspace.

By Lindy Cameron

It has never been more important to defend our digital lives and secure our most critical systems and services. The UK faces a range of evolving and diversifying threats, from the ever-present ransomware threat and the scourge of online scams to the cybersecurity risks that came with the return of war to Europe.

The cybersecurity landscape has experienced profound change over the past 12 months and the threats, risks and vulnerabilities we collectively face require a whole-of-society response to keep the UK safe online.

At the National Cyber Security Centre (NCSC), we have been part of a huge effort to bolster our national resilience at every level, working with allies and partners in government and the private sector. We have reflected on some of the recent successes and challenges in our latest Annual Review. It is worth considering what we can learn from the past year so we can effectively tackle the emerging and persistent threats that lie ahead.

One of cybersecurity’s most significant challenges came from the invasion of Ukraine. While Russia’s brutal and destructive war has sought to redraw the physical map, its consequences have been felt globally, including in cyberspace.

As a part of GCHQ, the NCSC has unique capabilities to monitor cybersecurity threats, and from the very start of 2022 we warned of heightened cyber-risks as a result of Russian hostility. We responded by publishing expert guidance to help organisations bolster their defences, and have worked closely with partners to ensure that critical infrastructure, businesses and the whole of society are as resilient as possible.

Building resilience is vital for preventing attacks during periods of heightened threat and for raising the bar for other threats. This is a key lesson we can take away from the conflict in Ukraine: that with strong cyber-defences in place, the defender has significant agency. Ukraine’s defences have been exemplary and I’m proud the NCSC has supported them, in conjunction with the Foreign, Commonwealth and Development Office.

While the threat from Russia has been particularly blatant this year, it’s important not to forget the other threats we face, some of which are, unfortunately, all too familiar. Ransomware remains one of the most acute hazards for UK businesses and organisations and we have seen the real-world consequences that attacks can have: hitting businesses’ operations, finances and reputations, and leading to widespread disruption for customers. The NCSC has published guidance to help organisations take the necessary measures to protect themselves and we continue to urge CEOs to take the issue seriously and not delegate it to technical experts.

We have also seen low-sophistication cybercrime continue to hit the public, with commodity attacks such as phishing and malware – in the 12 months to March, 2.7 million cyber-enabled frauds were recorded. The NCSC, working with law enforcement, is more resolute than ever in thwarting cybercriminals. And it is heartening to see a growing awareness of how we can all play a part in this.

[See also: Can the Ukraine war now end only with Russia’s defeat?]

In the 12 months to September there were 6.5 million reports of suspicious emails made to the NCSC by the British public – a 20 per cent increase on the year before, and this is a trend we are keen to see continue. It has made a demonstrable contribution to improving our collective resilience.

Over the past year I’m pleased to say the NCSC has helped to stop hundreds of thousands of attacks upstream while bolstering preparedness and helping institutions and organisations better understand the nature of threats, risks and vulnerabilities downstream.

We have seen more organisations sign up to our pioneering Active Cyber Defence services, such as Early Warning, which had a 90 per cent increase in uptake in the 12 months up to September, and Exercise in a Box, where there was a 42 per cent increase. Meanwhile, our Cyber Aware campaign is a great place for individuals and smaller firms to learn practical steps to improve their cyber-hygiene.

By following our advice in using three random words to create a strong password and turning on two-step verification to secure online accounts, people can protect themselves from the most common attacks. As people’s thoughts turn to online shopping ahead of Christmas, now is a good time to be considering this.

However, with an evolving threat landscape, there is always more we can be doing to stay ahead of future threats. In our Annual Review, we consider the challenges on the horizon – in particular, the growing commercial availability of malicious cyber-tools and the risk of them falling into the wrong hands, being used with greater frequency and with less predictability.

As a responsible and democratic cyber-power, the UK is at the forefront of understanding and responding to this increasing threat and calling it out where we see it. There is growing competition for technological advantage between states, which is creating an increasingly fragmented ecosystem that brings risks for interoperability, and could undermine the free and open values that underpin our technologies.

This contrasts with the positive insight that NCSC experts provide in support of the UK’s values-driven approach to developing capabilities and innovations. And finally, while Russia remains a persistent cybersecurity threat to the UK, the scale and pace of China’s technical development is still likely to be the single biggest factor affecting our cybersecurity in the years to come.

At the NCSC, we are addressing these challenges now to ensure the UK can continue as a global cyber-power in the future. Our blueprint for doing so is set out in the National Cyber Strategy, which recognises that a thriving cyber-skills and growth ecosystem is vital for maintaining this advantage, and we champion the diversity of talent at its heart.

Initiatives such as CyberFirst have engaged thousands of young people from all across the country in the past year, while our NCSC for Startups programme has supported businesses that generate hundreds of millions of pounds in investment. This is a source of great optimism for me and my team as we look ahead to 2023. But cybersecurity is a team sport and it is only through mobilising the whole of society that we can achieve our goal of making the UK a safe place to live and work online.

[See also: NHS Digital’s Mike Fell: “Cybersecurity can sound bizarre, but getting it wrong puts patients at risk”]

Content from our partners
Future proofing the NHS
Where do we get the money to fix the world's biggest problems? – with ONE
Labour's health reforms can put patients first

Topics in this article : , , , ,
Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via Our Thursday ideas newsletter, delving into philosophy, criticism, and intellectual history. The best way to sign up for The Salvo is via Stay up to date with NS events, subscription offers & updates. Weekly analysis of the shift to a new economy from the New Statesman's Spotlight on Policy team. The best way to sign up for The Green Transition is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.