UK's GCHQ
UK's GCHQ

Offensive cyber-attacks against Russia are reported to be among options under consideration by the UK if it is dissatisfied with Russia's explanation by midnight today of the use in this country of Novichok, a class of nerve agent developed in the Soviet Union in the 1970s and only produced in Russia.


Either Russia has lost control of its nerve agents, or, suggests  UK Prime Minister Teresa May, there has been, “an unlawful use of force by the Russian state against the United Kingdom.”


Talking on BBC TV News at Ten last night, diplomatic correspondent James Landale explained to viewers that potential responses  included, “Possibly even conducting offensive cyber-operations against Russia,” adding that, “none of these have been ruled out.” In addition he suggested that responses could also include expulsion of many Russia diplomats, a clampdown on Russian TV station RT, and seizing of UK assets of Russians guilty of human rights abuses.


Earlier yesterday in Parliament, May said that Russia was "highly likely" to be responsible for the attempted murder of former Russian military intelligence double agent Sergei Skripal and his daughter Yulia in Salisbury on March 4.

 

Talking to CNN, Russian Foreign Ministry spokeswoman Maria Zakharova described May's comments as “a circus show” and “fairy tales” - though Russian media have been trying to have it both ways, now dismissing Russian involvement as fake news, while previously revelling in the suggestion that Russian traitors get their just deserts.


Just last week (8 March), at the opening of a new cyber-defence school in the UK, the government issued a statement noting, "the UK faces a deliberate attempt to destabilise secured peace and prosperity," and took the opportunity to restate the new UK doctrine that, "offensive cyber can be used to deal with serious threats to the UK.....to meet these threats head-on."  

 

It has been suggested that Amber Rudd, the home secretary, may have hinted at covert retaliation last week, saying: “You may not hear about it all but when we do see that there is action to be taken we will take it.” The deployment of malware is a likely option, a senior Whitehall source said yesterday. “Offensive cyber would be something in the arsenal. It would be considered or even likely [selected].”

Commenting on the issue in an email to SC Media UK, Lee Munson, security researcher at Comparitech.com said: "Home Secretary Amber Rudd's comments, suggesting the UK is preparing for a cyber-attack against Russia in the wake of the spy-poisoning scandal, are either borne out of political positioning and bluster, or act as a further demonstration that someone who knows little about the basics of encryption is woefully out of her depth where technology is concerned.

"Personally, I think it must be the former, as surely no nation state would be so stupid that it would publicise an attack in advance, let alone comment on the manner in which it would likely be effected.

"Not only could such a move be potentially perceived as an act of war, it would also invite retaliation from a nation that is likely far more equipped to disrupt the UK than the other way around. So, all things considered, we best hope the UK government is as assured of the attribution behind this poisoning case as Russia will be if any offensive cyber moves are made against it in the coming months."

Speaking on BBC Radio 4 on 14 March, former GCHQ director Robert Peter Hannigan agreed that use of cyber- attacks by the UK government against Russia was actually very unlikely, both because it would invite retaliation and escalation, but also because, while Russia had been willing to cause power loss to civilians in Ukraine, the UK operated to a "different set of standards" and would not conduct such operations, though he implied that it had the ability to do so.

The UK government will be seeking to coordinate any response, including diplomatic, with both Nato and the EU, but while some countries such as the US and France also acknowledge that they have offensive cyber-capabilities, at this stage the Whitehouse appears unwilling to directly criticise Russia, let alone agree to join any action against the country (despite other senior republicans condemning the move). Following. a call between May and French president Macron yesterday, the UK government issued a statement saying that President Macron had condemned the attack and offered his solidarity with the UK. They are reported to have agreed that the French and British governments should coordinate closely as the investigation developed and following Russia's response.

 

Tuesday 13 March Peter Wilson, permanent representative of the UK to the Organisation for the Prohibition of Chemical Weapons issued a statement saying: "If the norm against chemical weapons use continues to be eroded, if we don't stand up to enforce the fundamental tenets of the Convention, what has happened in the United Kingdom could happen in any one of our countries. Indeed, in the last 13 months alone, chemical weapons attacks have taken place in Syria, in Iraq, in Malaysia and now in the United Kingdom.

"Those who have used chemical weapons cannot be immune from the consequences of their actions. We must all do all that we can to bring perpetrators of chemical weapons attacks to justice, whoever they are, and wherever they may be."

Within the cyber-security industry it is widely acknowledged that Russian military and intelligence, via attack groups Fancy Bear and Cozy Bear, conducts offensive use of cyber, and via Dark Energy/Black Energy, brought down power stations in Ukraine, while it is assumed that the Stuxnet cyber-attack that closed the Natanz Iranian nuclear power station was the work of the US/Israel.

 

However when UK's chancellor of the exchequer George Osborne in November 2015 announced that, “We reserve the right to respond to a cyber-attack in any way that we choose,” it was based on the idea that we may respond to cyber-attacks with both cyber and/or kinetic attack, whereas an openly acknowledged cyber-retaliation for a physical-world attack would be an entirely new development in hybrid warfare were it to happen. However, it is believed that there have been unacknowledged cyber-attacks resulting from physical world activities, such as the hacking of the World Anti-Doping agency and leaking of drug test results following Russia being banned from the Olympics.