GCHQ tells businesses to bolster security over Russian cyberattack fears

An aerial image of the Government Communications Headquarters (GCHQ) in Cheltenham, Gloucestershire. GCHQ is one of the three UK Intelligence Agencies and forms a crucial part of the UK’s National Intelligence and Security machinery. The National Security Strategy sets out the challenges of a changing and uncertain world and places cyber attack in the top tier of risks, alongside international terrorism, a major industrial accident or natural disaster, and international military crisis. GCHQ, in concert with Security Service (also known as MI5) and the Secret Intelligence Service (also known as MI6) play a key role across all of these areas and more. Their work drives the UK Government’s response to world events and enables strategic goals overseas. This image is available for high resolution download at www.defenceimages.mod.uk subject to the terms and conditions of the Open Government License at www.nationalarchives.gov.uk/doc/open-government-licence/. Search for image number 45154332.jpg ------------------------------------------------------- Photographer: GCHQ/Crown Copyright Image 45154332.jpg from www.defenceimages.mod.uk For latest news visit www.mod.uk Follow us: www.facebook.com/defenceimages www.twitter.com/defenceimages

UK firms are being urged to check their cyber defences by spy agency GCHQ amid concerns over potential Russian cyber attacks linked to growing tensions with Ukraine.

The National Cyber Security Centre (NCSC), which is part of the UK’s signals intelligence body GCHQ, updated its guidance to UK firms and groups on Friday, and said it is investigating the recent reports of “malicious cyber incidents in Ukraine”.

“While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient,” the NCSC’s director of operations, Paul Chichester, said.

The warning follows a series of cyber attacks in Ukraine, suspected to have involved Russia, which Moscow denies.

“Over several years, we have observed a pattern of malicious Russian behaviour in cyber space. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before,” Chichester added.

The guidance, which is primarily aimed at larger organisations, comes after the NCSC warned businesses in the UK’s critical national infrastructure – such as energy, water supply, transportation and telecommunications – about specific vulnerabilities Russian hackers have been known to exploit.

The updated guidance encourages organisations to reduce the risk of falling victim to a cyber attack by taking “actionable” steps, which include patching systems; improving access controls and enabling multi-factor authentication; implementing an effective incident response plan; checking that backups and restoration mechanisms are working; ensuring that online defences are working as expected, and keeping up to date with the latest threat and mitigation information.

Those organisations who do fall victim to a cyber attack are asked to report it to the NCSC’s incident management team.