The long-awaited Russia report, which explores how Moscow has used digital and intelligence capabilities to meddle in UK electoral matters, has called the UK’s development of offensive cyber capabilities “essential” to combat the issue.
Noting that Russia has carried out sustained “malicious cyber activity in order to assert itself aggressively in a number of spheres, including attempting to influence the democratic elections of other countries”, the report noted that the UK has not only “begun to take a more assertive approach” by calling out Russia publicly for its role in cyberattacks, but that it was now developing offensive cyber capabilities to launch its own attacks in response.
However, the report argues that the UK should not make these efforts alone, but encourage other countries to join in laying the finger of blame at Russia.
Noting that “not everyone is keen to adopt this new approach and to ‘call out’ Russia on malicious cyberactivity”, it urged the UK government to “leverage its diplomatic relationships to develop a common international approach” in attributing cyberattacks to Russia.
Russia report calls for international agreement on offensive cyber efforts
Furthermore, it argued that this commonality should extend to offensive cybersecurity, with the establishment of a legal framework to launch offensive cyberattacks to curtail state-backed efforts such as those taken by Russia, as well as other nations known to back offensive cybersecurity groups, including North Korea, China and Iran.
“It is clear there is now a pressing requirement for the introduction of a doctrine, or set of protocols, to ensure that there is a common approach to Offensive Cyber,” the report states.
“While the UN has agreed that international law, and in particular the UN Charter, applies in cyberspace, there is still a need for a greater global understanding of how this should work in practice.”
Noting that this has been first recommended several years ago, the report argued that “tangible developments in this area” were now “imperative” given the “increasing threat for Russia”.
Commenting on the report, Cath Goulding, CISO at Nominet, highlighted how the report acknowledged the risks state-backed cyberattacks pose.
“Today’s ISC report confirms the high risk that all governments face from foreign adversaries in the cyber space, in particular when it comes to efforts to influence elections, spread disinformation, and attacks against critical national infrastructure,” said Goulding.
“It is the ISC’s assessment that the UK Government is ‘still playing catch-up’ to these threats and, undoubtedly, this report will prompt government agencies around the world to consider how their country and its citizens could be targeted as well.”
The report is the result of an 18-month effort by a cross-party committee, which heard evidence from key experts working in British intelligence and independently in a series of secret sessions.
It was initially intended to be published in October 2019, however Boris Johnson blocked its publication for nine months by refusing to clear it for release.