Photographee.eu - Fotolia

NCSC to educate UK politicians on the cyber threat

The National Cyber Security Centre is to deliver tailored seminars for politicians on how to protect their email communications and voters’ data to defend against cyber threats to the political system

The National Cyber Security Centre (NCSC) is to run special seminars designed to educate UK politicians on cyber threats to democracy.

There have been growing concerns in political circles about cyber threats after a US intelligence report concluded that Russia had orchestrated cyber attacks against Hilary Clinton and the Democratic National Committee to influence the outcome of the US presidential election.

In February 2017, UK defence secretary Michael Fallon said there had been a “concerning step-change in Russian behaviour” in the past year, citing cyber attacks on Bulgaria in October 2016, on the US presidential election, and parliamentary elections in Montenegro in October 2016.

“Meanwhile, the head of the German BfV intelligence agency warned that the Kremlin is ‘seeking to influence public opinion and decision-making processes’ ahead of this year’s German elections,” Fallon said in a speech at St Andrews University.

Members of Parliament (MPs) also called on the Cabinet Office to clarify its role in protecting data within central government and to improve co-ordination of cyber defence efforts across the public sector. SNP Westminster leader Angus Robertson questioned whether the government was doing enough to protect UK democracy against online threats.

At the time, the prime minister Theresa May reportedly said it was up to individual political parties to protect themselves against cyber attacks, but now the NCSC is taking action.

NCSC chief executive Ciaran Martin has now written to political parties warning them of the “potential for hostile action against the UK political system,” according to the Sunday Times.

He warned that databases of voters’ views and personal information, as well as internal emails, could be at risk, promising seminars to educate politicians on the threat

“You will be aware of the coverage of events in the United States, Germany and elsewhere reminding us of the potential for hostile action against the UK political system,” wrote Martin.

“This is not just about the network security of political parties’ own systems. Attacks against our democratic processes go beyond this and can include attacks on parliament, constituency offices, thinktanks and pressure groups and individuals’ email accounts.”

Read more about cyber war

  • Terror groups are more likely than nation states to unleash cyber weapons and critical infrastructure is the most likely target, warns Kaspersky Lab chief.
  • Veteran investigative reporter Ted Koppel says a cyber attack on the US power grid is likely, but preparations for such an event are not up to scratch.
  • There is a lot of “fog” surrounding cyber weapons and cyber war because there is no way of knowing the true capability of any country, says security expert Mikko Hypponen.
  • Armed forces minister Nick Harvey has revealed the UK is working on a cyber weapon programme with offensive capabilities to counter cyber warfare threats to national security.

In a statement, Martin said protecting the UK’s political system from hostile cyber activity is one of the NCSC’s priorities. “We have sign-posted parties to existing guidance and will deliver tailored seminars on cyber security measures.

“The seminars will build on our existing advice and will provide an overview of threats, case studies on recent cyber-incidents, practical steps to reduce the risk and advice on incident management.”

Foreign secretary Boris Johnson told Peston on Sunday that while there is “plenty of evidence” that Russia has the ability to disrupt British politics with cyber attacks, there is “no evidence” the Russians are involved in trying to undermine the UK’s democratic processes at the moment.

“We don’t have that evidence. But what we do have is plenty of evidence that the Russians are capable of doing that,” he said.

Peter Carlisle, vice-president for Europe, Middle East and Africa at Thales e-Security, said protecting the integrity of elections is important for maintaining public trust in political processes and ensuring voter data remains secure.

“That’s why encryption technologies should be used to secure all aspects of the political process, whether that’s registration, canvass data, membership lists or the electoral roll,” he said.

Goverment faces cyber skills ‘struggle’

According to a Public Accounts Committee (PAC) report on protecting government information published in February 2017, GCHQ dealt with 200 national cyber security incidents that threatened UK national security every month in 2015, up from 100 a month in 2014.

The report warned that use of the internet for cyber crime is evolving fast and the government faces a “real struggle” to find enough public sector employees with the skills to match the pace of change.

A spokesman for the NCSC said in the time the organisation had been operational, it had “transformed how the UK deals with cyber security”.

He said it has provided “real-time cyber threat information to 3,000 organisations from more than 20 different industries, offering incident management handling and fostering technical innovation”.

Read more on Security policy and user awareness