Theresa May’s snap election elevates concerns over Russian cyber-security threat
With yesterday’s surprise announcement that the UK will stage another general election in June, the government’s cyber-security apparatus will be on high alert for the risk of foreign intervention.
Political parties were offered assistance by GCHQ’s National Cyber Security Centre (NCSC) in March – with the authorities warning that “events in the United States, Germany and elsewhere act as a reminder of the potential for hostile action against the UK political system”.
Defence Secretary Sir Michael Fallon has previously accused Russia of using “cyber weaponry” to “disable democratic machinery”.
Cyber-security expert Ewan Lawson said there was a risk that vulnerabilities in the defences of parties and other democratic institutions could be targeted.
Lawson, senior research fellow at defence think tank the Royal United Services Institute, told the Press Association: “Cyber security broadly will be an issue in the sense that the way that the Russian activity, or Russian-sponsored activity, seems to have operated is using vulnerabilities to obtain data, which is then released through a variety of agencies in order to embarrass or weaken the position of certain political candidates and, generally, to undermine confidence in the system.
“I don’t think it would be unrealistic to assume we would be likely to see something similar here.
“Organisations like political parties and think tanks, particularly linked to political parties, quite often don’t have particularly robust cyber security simply because they are not-for-profit and don’t have a lot of money to throw at the problem.
“So I think we could reasonably expect to see data theft, data breaches and then if there is anything considered to be embarrassing or awkward that could be released.”
Lawson said the authorities will “absolutely be on high alert” and there could be “some degree of conditioning of public expectation” about the risk of leaks.
Security officials have offered parties support including seminars on the “cyber threat picture” and advice on risk mitigation.
The NCSC said the offer to help was not just about the network security of political party systems.
It said that threats against the UK’s democratic processes “can include attacks on Parliament, constituency offices, think tanks and pressure groups, and individuals’ email accounts”.
In a speech in February, the Defence Secretary highlighted Moscow’s alleged involvement in a series of cyber incidents.
Fallon said 2016 had seen a “step change” in Russian behaviour – including the US election hack and an “attempted coup” in Montenegro.
Earlier this month a cross-party Commons committee warned the crash of a key voter registration website in the run-up to the EU referendum may have been the result of a foreign cyber attack.
The Commons Public Administration and Constitutional Affairs Committee said it was deeply concerned about the allegations of foreign interference in last year’s Brexit vote.
While the committee did not identify who may have been responsible, it noted that both Russia and China use an approach to cyber attacks based on an understanding of mass psychology and of how to exploit individuals.
The government insisted that the collapse of the website was due to demand rather than any outside interference.
Yesterday it emerged that one in five British businesses had been subject to a cyber attack in the last year alone.