NCSC issues urgent cyber guidelines to organisations over Ukraine situation 

The National Cyber Security Centre has issued urgent guidance to organisations to bolster their cyber defences in response to the geopolitical instability in and around Ukraine.

The monitoring agency – part of GCHQ – is calling on UK organisations to update their online security in view of recent reports of malicious cyber incidents in the region which fit with previous patterns of Russian behaviour, including in the damaging NotPetya incident in 2017.

The NCSC is investigating those reports, which are also similar to the cyberattacks allegedly conducted by the Russian military’s GRU unit against Georgia in October 2019.  The UK Government has publicly attributed responsibility for both these attacks to the Russian Government.   

NCSC said it is not aware of any current specific threats to UK organisations in relation to events in and around Ukraine, however they are recommending the following ‘actionable steps’ to be taken to reduce the risk of falling victim to an attack, including:

• patching systems; 
• improving access controls and enabling multi-factor authentication; 
• implementing an effective incident response plan; 
• checking that backups and restore mechanisms are working; 
• ensuring that online defences are working as expected, and; 
• keeping up to date with the latest threat and mitigation information. 

Paul Chichester, NCSC director of operations, said: “The NCSC is committed to raising awareness of evolving cyber threats and presenting actionable steps to mitigate them. While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient. 

“Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.”

The guidance, which is primarily aimed at larger organisations, also advises organisations which fall victim to a cyberattack to report the incident to the NCSC’s 24/7 incident management team.