UK spent £6.4m on secret cyber package for Ukraine

The UK government has lifted the lid on a previously top secret cyber programme that has been supporting Ukrainian government agencies and critical national infrastructure (CNI) operators from Russia cyber attacks for months.

The Ukraine Cyber Programme was swiftly mobilised in the days after Russian forces invaded Ukraine on 24 February 2022, in response to an “increasing tempo of Russian cyber activity”.

As reported by Computer Weekly at the time, this activity included waves of distributed denial of service (DDoS) attacks and the use of data wiper malwares.

Backed by a funding package of £6.35m, the programme’s existence has been protected until now to maintain its operational security.

Its work has included incident response support and forensics, protecting organisations against destructive cyber attacks, preventing malicious actors from accessing information relevant to Ukraine’s war effort, limiting access to vital networks, and support in hardening critical infrastructure and networks.

“Russia’s attack on Ukraine is not limited to its horrific land invasion. It has also persistently attempted to invade Ukraine’s cyber space, threatening critical information, services and infrastructure,” said foreign secretary James Cleverly.

“The UK’s support to Ukraine is not limited to military aid – we are drawing on Britain’s world-leading expertise to support Ukraine’s cyber defences. Together, we will ensure that the Kremlin is defeated in every sphere: on land, in the air and in cyber space.”

Lindy Cameron, CEO of the National Cyber Security Centre (NCSC), added: “The NCSC is proud to have played a part in supporting Ukraine’s cyber defenders. They have mounted an impressive defence against Russian aggression in cyberspace, just as they have done on the physical battlefield. The threat remains real and the UK’s support package is undoubtedly bolstering Ukraine’s defences further.”

Andy Barratt, UK managing director of cyber consultancy and cloud security specialist Coalfire, commented: “The UK has some of the most advanced cyber intelligence capabilities on the planet so it shouldn’t be a surprise that we are deploying them in support of Ukraine.

“It’s also one of the more cost-effective ways of lending our weight to the conflict. Rockets, tanks and missiles are a massive drain on public funds so the £6m the government has invested in supporting Ukraine’s cyber offensive will go a lot further than it would in financing conventional warfare.”

However, he warned, while lending the UK’s advanced cyber capabilities to Ukraine might make sense from a military perspective, it could potentially lead to fall-out and collateral damage for people and businesses in the UK.

“Businesses linked to the war effort – logistics companies working for the MoD, for example – could potentially become viable targets for Russian cyber attacks. But perhaps even more concerning are the opportunities our involvement in the war opens up for cyber criminals.

“Sophisticated criminals will pay close attention to the attack vectors deployed by or against Russia and look to replicate them. It’s often surprising how quickly cyber criminals are able to reverse engineer the cyber techniques the UK, and other nation-states, use. If we’re deploying highly advanced cyber tactics against Russia, it is likely only a matter of time before we see criminals using ‘copycat’ attacks against businesses here in the UK,” he said.