The UK’s National Cyber Security Center (NCSC, part of GCHQ) has written to the British political parties to warn about “the potential for hostile action against the UK political system.” Without confirming that the main threat is from Russia, the letter makes it clear that the primary threat is considered to be that country.
In a similar vein, the British Foreign Secretary Boris Johnson said on national television Sunday, “We have no evidence the Russians are actually involved in trying to undermine our democratic processes at the moment. We don’t actually have that evidence. But what we do have is plenty of evidence that the Russians are capable of doing that.”
He added, “There is no doubt that they have been up to all sorts of dirty tricks – bringing down French TV stations; you have seen what happened in the United States where there is no question at all they were involved in the hacking of the Democratic National Convention.”
In October 2016, the US government accused Russia of being behind cyberattacks against American political organizations. In December 2016, Germany accused Russia of waging hybrid political warfare. “Such cyber-attacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them,” said Chancellor Angela Merkel. Earlier this month the French government abandoned plans for expatriate electronic voting in the April/May presidential election after the National Cybersecurity Agency warned of an “extremely high risk” of cyberattacks.
In his letter to the British political parties, NCSC chief executive Ciaran Martin wrote, “You will be aware of the coverage of events in the United States, Germany and elsewhere reminding us of the potential for hostile action against the UK political system. This is not just about the network security of political parties’ own systems. Attacks against our democratic processes go beyond this and can include attacks on parliament, constituency offices, thinktanks and pressure groups and individuals’ email accounts.”
In a separate statement, he explained, “Protecting the UK’s political system from hostile cyber-activity is one of our operational priorities, so we have signposted parties to existing guidance and will deliver tailored seminars on cyber-security measures. The seminars will build on our existing advice and will provide an overview of threats, case studies on recent cyber-incidents, practical steps to reduce the risk and advice on incident management.”