13. GCHQ assesses that Russia is a highly capable cyber actor with a proven capability to carry out operations which can deliver a range of impacts across any sector:
- Since 2014, Russia has carried out malicious cyber activity in order to assert itself aggressively in a number of spheres, including attempting to influence the democratic elections of other countries – for example, it has been widely reported that the Russians were behind the cyber-enabled 'hack and leak' operation to compromise the accounts of members of the French political party En Marche! in the run-up to the 2017 French elections.[1]
- Russia has also undertaken cyber pre-positioning[2] activity on other nations' Critical National Infrastructure (CNI).[3] The National Cyber Security Centre (NCSC) has advised that there is *** Russian cyber intrusion into the UK's CNI – particularly marked in the *** sectors.
- GCHQ has also advised that Russian GRU[4] actors have orchestrated phishing[5] attempts against Government departments – to take one example, there were attempts against ***,[6] the Foreign and Commonwealth Office (FCO) and the Defence Science and Technology Laboratory (DSTL) during the early stages of the investigation into the Salisbury attacks.[7]
14. Russia has sought to employ organised crime groups to supplement its cyber skills: SIS has observed that "this comes to the very muddy nexus between business and corruption and state power in Russia".[8] GCHQ told the Committee that there is "a quite considerable balance of intelligence now which shows the links between serious and organised crime groups and Russian state activity" and that "we've seen more evidence of *** serious and organised crime *** being connected at high levels of Russian state and Russian intelligence", in what it described as a "symbiotic relationship".[9]
15. Russia's cyber capability, when combined with its willingness to deploy it in a malicious capacity, is a matter of grave concern, and poses an immediate and urgent threat to our national security.
5
- ↑ 'Hack and leak' refers to the obtaining of private information by hacking, and making it public.
- ↑ Pre-positioning in the context of cyber activity is the process of exploring and securing an entry point in a network that now, or in the future, could be used to disruptive effect. It is not always immediately apparent whether the intrusion is for espionage purposes or pre-positioning.
- ↑ Critical National Infrastructure (CNI) comprises the facilities, systems, sites, information, people, networks and processes necessary for a country to function and upon which daily life depends. In the UK, there are 13 CNI sectors: Chemicals, Civil Nuclear, Communications, Defence, Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water.
- ↑ The GRU is the Main Intelligence Directorate of the General Staff of the Russian Armed Forces.
- ↑ Phishing—the fraudulent practice of sending emails purporting to be from reputable organisations in order to reveal personal information, such as passwords and credit card numbers.
- ↑ ***
- ↑ GCHQ, Quarterly Report to the ISC, July–September 2018.
- ↑ Oral evidence – SIS, *** February 2019.
- ↑ Oral evidence – GCHQ, *** February 2019.
