tThe Swedish government’s checklist for surviving a war wouldn’t have seemed out of place decades ago: bottled water; sleeping bags; additional batteries; enough cash for a week; and non-perishable foods such as rice and cereals.
Without mentioning its name, Russia is once again lurking in the background, as it did during the Cold War. But the nature of the threat it poses in the brochurecalled “In case of crisis or war”, has changed.
In addition to raising the possibility of “an armed attack against Sweden,” the guide also mentions “cyber attacks” and “disinformation campaigns.”
In addition to facing the threat of nuclear conflict or an armed incursion on its borders, Europe must now confront a 21st century enemy: cyberwarfare.
Richard Horne, director of the National Cyber Security Centre, will say on Tuesday that “the severity of the risk the UK faces” from countries such as Russia and China “is being widely underestimated”.
Horne will make the warning as the NCSC reveals a significant increase in serious cyber incidents over the past 12 months.
Last week, a British minister outlined the possible consequences of Russia’s already active cyber operations extending into more serious areas. “Cyber warfare can be destabilizing and debilitating. With a cyberattack, Russia can turn off the lights for millions of people,” said Pat McFadden, chancellor of the Duchy of Lancaster.
All countries on the front lines of a potential conflict have urged citizens to prepare for power outages. The Swedish brochure, reissued this month, makes references to how to deal with power outages, as does a recent “emergency preparedness” guide from the Norwegian government. The Finnish council refers to cyber attacks that cause a “long power outage” and Denmark refers to several crises, including a digital attack, which caused “loss of public services.”
Experts say the Russian cyber threat must be taken seriously, even if a devastating attack on national infrastructure could invoke NATO’s mutual defense clause, which could give Moscow pause.
“I would take your warning seriously. I don’t think it’s hyperbole,” said Dan Marks, an energy security researcher at the Royal United Services Institute (Rusi) think tank. “That said, the UK network is quite resilient. There is the potential for Russia to cause damage and problems, but the network is resilient. “It has been designed to deal with stress and threats.”
Every major UK organization should have a plan for a cyberattack affecting key infrastructure, according to Ciaran Martin, former director of the UK’s National Cyber Security Centre.
“Every organization should have a plan for how to deal with the loss of a major infrastructure network. The difference between being 50% functional within 24 hours of an attack and being offline for fifteen days is enormous,” he said.
McFadden’s speech referred to wider Russian cyber interference in the UK, warning that Moscow has “targeted our media, our telecommunications, our political and democratic institutions and our energy infrastructure”.
Dan Black, head of the cyberespionage analysis team at Mandiant, a Google-owned cybersecurity company, said Russia escalated its cyberaggression toward the United Kingdom and other NATO members once it became clear that the war in Ukraine would become a wear effort. .
“That’s when we really started to see the dimensions of the cyber conflict spreading out of Ukraine and into all of Europe and NATO countries,” he said.
Evidence of that progress was revealed in September when Western intelligence agencies said a unit of Russia’s military intelligence service was conducting a campaign of “malicious cyberactivity” against governments and critical infrastructure organizations around the world.
He said Unit 29155 had targeted organizations to “gather information for espionage purposes, caused reputational damage through the theft and leak of confidential information, defaced victim websites and carried out systematic sabotage caused by the destruction of data”.
It is understandable that the recently updated crisis guidance refers to the storage of food and other essential items, given the threat of attacks affecting public services. But they are also about protecting against hackers and detecting online disinformation, which are modern tools of state actors seeking to cause disruption.
Russia is a hub for ransomware gangs, who hack and crash the computer systems of targets ranging from schools and hospitals to private companies, then demand payment to restore IT networks and return stolen data. Although ransomware criminals are independent operations, some of them are known to have ties to the Russian state, which tolerates their presence in the country.
The Swedish brochure recommends the use of strong passwords at home and at work, while the Norwegian guide urges citizens to “check sources of information and consider the credibility of information passed on to others.”
The UK government also recommends using secure passwords in your guide to preparing for emergencies.
“The UK has robust plans for a range of potential emergencies, which have been developed, refined and tested over many years. You can find advice on steps that individuals, households and communities can take to prepare for emergencies at gov.uk/prepare“said a UK government spokesperson.
The responsibility for combating a Russian cyber threat should fall to the government and owners of key infrastructure, according to Jamie MacColl, cyber threat researcher at Rusi. But he adds that the coronavirus pandemic represented a missed opportunity for the UK to be better prepared for external crises in the future, even if the prospect of armed conflict, rather than cyberattacks, is the most likely reason why the People will need to store food. , water and cash.
“We have acted as if there was no major war in continental Europe,” he said.
The key lesson from the Baltic and Scandinavian states, according to MacColl, is to be resilient.
“One of the goals of Russian activity below the threshold of war, such as cyberattacks, is to sow fear, panic and discord. The best response to this is to be psychologically resilient and not go out and buy all the toilet paper in Sainsbury’s.”