Informative Research, Study Guides, Projects, Research of Earth science

Information for scientific research for high school classes

Typology: Study Guides, Projects, Research

2019/2020

Uploaded on 01/27/2020

ROBAYET
ROBAYET 🇺🇸

1 document

1 / 17

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Library Briefing
Cyber Security in the United Kingdom
Debate on 18 October 2018
Summary
This House of Lords Library Briefing has been prepared in advance of the debate
due to take place on 18 October 2018 in the House of Lords on the motion
moved by Viscount Waverley (Crossbench), “that this House takes note of the
scale and complexity of cyber threats facing the United Kingdom and the case for
innovative approaches across Her Majesty’s Government and beyond”.
In the UK, cyber is categorised as a high priority risk to national security. Cyber
threats come both from nation states and from criminal individuals or groups. The
Government states that the lines between different threat actors continue to blur
as individuals and groups learn from, hire and work with one another. Cyber
threats to the UK include cyber terrorism; fraud and serious organised crime;
espionage; and disruption of critical national infrastructure (CNI).
In November 2016, the Government published its five-year National Cyber Security
Strategy, and made a commitment to invest £1.9 billion in cyber security. The
strategy set out the Government’s implementation plan under three objectives: to
defend the UK from cyber-attacks; to deter potential attackers; and to develop an
innovative cyber security industry underpinned by leading scientific research and
development. Cyber security of the UK’s CNI was listed as a priority. In 2016, the
Government also created the National Cyber Security Centre. It supports the
most critical organisations in the UK, the wider public sector, and industry.
The UK has committed to work in close collaboration with its international allies,
including its partners in NATO and as a member of the EU, to improve
international cyber security. In May 2018, the UK implemented the EU Networks
and Information Security Directive and placed legal obligations on operators of UK
critical services to improve cyber-security. The Government has said that after the
UK’s exit from the EU it wants to protect its cyber cooperation with the EU.
This briefing focuses on the UK Government’s response to the global cyber threat
in the context of its strategies on national security and on national cyber security.
It includes an overview of the Government’s policy to improve the resilience of the
UK’s CNI to cyber-attack, and measures to address the shortage in cyber security
skills in that area. The last section briefly discusses NATO’s and the EU’s cyber
security initiatives and the recent allegations against the Russian intelligence
service.
Table of Contents
1. Cyber Threats in the
UK
2. National Security
Strategy
3. National Cyber
Security
4. Critical National
Infrastructure and Cyber
Security
5. UK and its Global
Partners
Sarah Tudor
11 October 2018
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff

Partial preview of the text

Download Informative Research and more Study Guides, Projects, Research Earth science in PDF only on Docsity!

Library Briefing

Cyber Security in the United Kingdom

Debate on 18 October 2018

Summary

This House of Lords Library Briefing has been prepared in advance of the debate due to take place on 18 October 2018 in the House of Lords on the motion moved by Viscount Waverley (Crossbench), “that this House takes note of the scale and complexity of cyber threats facing the United Kingdom and the case for innovative approaches across Her Majesty’s Government and beyond”.

In the UK, cyber is categorised as a high priority risk to national security. Cyber threats come both from nation states and from criminal individuals or groups. The Government states that the lines between different threat actors continue to blur as individuals and groups learn from, hire and work with one another. Cyber threats to the UK include cyber terrorism; fraud and serious organised crime; espionage; and disruption of critical national infrastructure (CNI).

In November 2016, the Government published its five-year National Cyber Security Strategy , and made a commitment to invest £1.9 billion in cyber security. The strategy set out the Government’s implementation plan under three objectives: to defend the UK from cyber-attacks; to deter potential attackers; and to develop an innovative cyber security industry underpinned by leading scientific research and development. Cyber security of the UK’s CNI was listed as a priority. In 2016, the Government also created the National Cyber Security Centre. It supports the most critical organisations in the UK, the wider public sector, and industry.

The UK has committed to work in close collaboration with its international allies, including its partners in NATO and as a member of the EU, to improve international cyber security. In May 2018, the UK implemented the EU Networks and Information Security Directive and placed legal obligations on operators of UK critical services to improve cyber-security. The Government has said that after the UK’s exit from the EU it wants to protect its cyber cooperation with the EU.

This briefing focuses on the UK Government’s response to the global cyber threat in the context of its strategies on national security and on national cyber security. It includes an overview of the Government’s policy to improve the resilience of the UK’s CNI to cyber-attack, and measures to address the shortage in cyber security skills in that area. The last section briefly discusses NATO’s and the EU’s cyber security initiatives and the recent allegations against the Russian intelligence service.

Table of Contents

  1. Cyber Threats in the UK
  2. National Security Strategy
  3. National Cyber Security
  4. Critical National Infrastructure and Cyber Security
  5. UK and its Global Partners

Sarah Tudor 11 October 2018

Table of Contents

  1. Cyber Threats in the UK 1
  2. National Security Strategy 2
  3. National Cyber Security 4 3.1 Responsibility for Cyber Security........................................................................................... 4 3.2 National Cyber Security Policy ............................................................................................... 5
  4. Critical National Infrastructure and Cyber Security 8 4.1 Cyber Security of the UK Infrastructure Policy ................................................................. 9 4.2 Inquiry on Cyber Security and Critical National Infrastructure ................................... 10
  5. UK and its Global Partners 12 5.1 NATO ......................................................................................................................................... 12 5.2 Partnership with the EU Following the UK’s Withdrawal ............................................. 13 5.3 Recent Developments............................................................................................................. 14

____________________________________________________________________________

A full list of Lords Library briefings is available on the research briefings page on the internet. The Library publishes briefings for all major items of business debated in the House of Lords. The Library also publishes briefings on the House of Lords itself and other subjects that may be of interest to Members.

House of Lords Library briefings are compiled for the benefit of Members of the House of Lords and their personal staff, to provide impartial, authoritative, politically balanced briefing on subjects likely to be of interest to Members of the Lords. Authors are available to discuss the contents of the briefings with the Members and their staff but cannot advise members of the general public.

Any comments on Library briefings should be sent to the Head of Research Services, House of Lords Library, London SW1A 0PW or emailed to [email protected].

  • Distributed denial of service (DDoS) attacks: using large numbers of previously infected devices to overwhelm a target with internet traffic.

Between October 2016 and October 2017, the NCSC received 1,131 cyber incident reports, with 590 subsequently classed as significant.^7 More than 30 were assessed as being sufficiently serious to require a cross-government response process. Two notable incidents which occurred in this period were the WannaCry attack in May 2017, a global ransomware attack which affected a number of networks in the UK, including 45 NHS trust organisations; and the cyber-attack on the email accounts of UK MPs, peers, their staff and parliamentary officials in June 2017.^8

The UK Government has stated that despite greater awareness of cyber threats, most organisations and households across the UK have not “kept pace with the threat”, with attacks becoming more frequent and complex.^9 It has identified the UK’s CNI as a key target.

In response to the growing cyber threat, the Government has developed a national cyber security strategy and a series of initiatives. This briefing focuses on the UK Government’s approach to cyber security.^10 The following sections examine the Government’s response to the cyber threat in the context of its National Security Strategy , and then provide a summary of its National Cyber Security Strategy. This includes an overview of programmes to improve the resilience of the UK’s CNI to cyber-attack, and in particular its measures to address the shortage in the cyber security skills base in that area. The last section briefly discusses NATO’s and the EU’s cyber security initiatives and the recent allegations against the Russian intelligence service.

2. National Security Strategy

The latest UK national security strategy was published in November 2015, as part of the National Security Strategy and Strategic Defence and Security Review 2015 (NSS and SDSR 2015).^11 It set out the UK’s planned strategy for the following five years. The impact of technology, and in particular cyber threats, was identified as one of four main challenges likely to drive UK

(^7) National Cyber Security Centre, Annual Report 2017 , 3 October 2017, p 10. (^8) ibid, pp 10–11. Further information on these attacks can be found in: National Cyber

Security Centre, Annual Report 2017 , 3 October 2017. (^9) HM Government, National Security Capability Review , March 2018, p 3. (^10) Examples of other approaches to cyber security can be found in the NATO Cooperative Cyber Defence Centre of Excellence’s (CCDCOE) briefing, Cyber Deterrence: A Comprehensive Approach? (April 2018); and the Parliamentary Office of Science and Technology’s briefings, Cyber Security of National Infrastructure (May 2017) and Cyber Security in the UK (September 2011). The CCDCOE has also published the national cyber security strategy documents of NATO nations and several other states (accessed 11 October 2018). (^11) HM Government, National Security Strategy and Strategic Defence and Security Review 2015:

A Secure and Prosperous United Kingdom , November 2015, Cm 9161.

security priorities over the subsequent decade.^12

The report stated that the “range of cyber actors threatening the UK” had grown; it identified an increasing number of states, with state-level resources, developing advanced capabilities potentially deployable in conflicts, including against critical national infrastructure (CNI) and government institutions, as well as a growing number of non-state actors, including terrorists and cyber criminals.^13

The strategy set out the Government’s plans to improve the UK’s cyber security in response to the growing threat. The measures included:

  • An investment of £1.9 billion in cyber security over the following five years.
  • The publication of a five-year national cyber security strategy.
  • The creation of a national cyber centre.^14
  • To build a new secure, cross-government network to improve joint working on sensitive cyber issues.
  • To ensure the armed forces had strong cyber defences and, in the event of a significant cyber incident in the UK, were ready to provide assistance.^15
  • To provide targeted training for those who wish to pursue careers in cyber security.^16

Regarding the implementation of the strategy, the paper highlighted the importance of the UK’s early warning systems and how the Government, particularly the National Security Council (NSC) and the Cabinet Office briefing rooms (COBR), respond to crises.^17

(^12) HM Government, National Security Strategy and Strategic Defence and Security Review 2015:

A Secure and Prosperous United Kingdom , November 2015, Cm 9161, p 15. The other three were: the increasing threat posed by terrorism, extremism and instability; the resurgence of state-based threats and intensifying wider state competition; and the erosion of the rules-based international order, making it harder to build consensus and tackle global threats. (^13) ibid, p 19. (^14) The National Cyber Security Centre opened in October 2016. (^15) HM Government, National Security Strategy and Strategic Defence and Security Review 2015:

A Secure and Prosperous United Kingdom , November 2015, Cm 9161, pp 40–1. (^16) ibid, p 78. (^17) ibid, pp 81–3. The NSC was established in 2010 to provide collective strategic leadership on national security and crisis situations. COBR is its operational arm and coordinates the Government response to a crisis.

learn lessons for the future”.^23 The NCSC is part of GCHQ.

3.2 National Cyber Security Policy

National Cyber Security Strategy 2016–

In November 2016, the Government published its five-year National Cyber Security Strategy.^24 It set out its vision for the UK to be “secure and resilient to cyber threats, prosperous and confident in the digital world” by 2021. It made a commitment to invest £1.9 billion in cyber security over the five-year period.^25

The strategy set out the Government’s implementation plan under three objectives:

  • to defend the UK from cyber-attacks;
  • to deter potential attackers; and
  • to develop an innovative cyber security industry underpinned by leading scientific research and development.^26

Cyber security of critical national infrastructure (CNI) was listed as a priority.

The strategy stated that to achieve these outcomes the UK Government intended to intervene more actively and with greater investment. The measures included:^27

  • Increased intelligence and law enforcement activity to identify, anticipate and disrupt cyber adversaries.
  • Investment in academic and industrial research and innovation.
  • Measures to raise public awareness of cyber security, to support cyber training in different formats and at all education levels and to develop the cyber security profession.
  • Development and deployment of technology in partnership with industry, including active cyber defence (ACD) measures.^28 The Government would draw on the expertise of NCSC as the national technical authority to respond to cyber threats to the UK at a macro level.

(^23) National Cyber Security Centre, ‘About the NCSC’, accessed 4 October 2018. (^24) HM Government, National Cyber Security Strategy 20162021 , November 2016. (^25) ibid, pp 9–10. (^26) ibid, p 9. (^27) ibid, pp 9–10. (^28) Active cyber defence (ACD) is the principle of implementing security measures to

strengthen a network or system to make it more robust against attack.

  • Working with communications service providers and industry to make the internet more secure to use.
  • More support for CNI operators, such as sharing threat intelligence and best practice and conducting joint exercises to test and develop their cyber resilience.
  • The potential for increased regulation.

National Security Capability Review

In July 2017, the Government launched the National Security Capability Review (NSCR) to ensure that the UK’s investment in national security capabilities was “as joined-up, effective and efficient as possible, to address current national security challenges”.^29 It was led by the National Security Advisor, Sir Mark Sedwill, and the Cabinet Office. On 28 March 2018, the National Security Capability Review was published and included a review of the National Cyber Security Strategy.^30

The NSCR made a commitment to continue to implement the National Cyber Security Strategy and to ensure “it ke[pt] pace with the threat”, including through the NCSC.^31 It also reviewed the Government’s progress achieving the objectives set out in the strategy. Its findings included:^32

  • ACD measures had blocked tens of millions of attacks every week and had reduced the average time a phishing site was online from 27 hours to one hour. Based on NCSC pilots to protect government networks it would be encouraging industry and international partners to implement similar measures.^33
  • Law enforcement capabilities had been strengthened. In the ten most serious cyber incidents investigated by the National Cyber Crime Unit between October 2016 and April 2017, suspects were identified in nine cases and arrests were made in seven. The National Crime Agency’s Dark Web Intelligence Unit had been fully staffed.
  • Within government a new secure shared central IT network was being developed.
  • Efforts were being made to “identify and inspire the next generation of cyber security professionals and entrepreneurs”. Cyber discovery, a four-year commitment to extra-curricular activity for students aged between 14- and 18-years old, had been launched.

(^29) Cabinet Office, ‘Strategic Defence and Security Review Implementation’, 20 July 2017. (^30) HM Government, National Security Capability Review , March 2018. (^31) ibid, p 21. (^32) ibid, pp 21– (^33) ibid, p 21.

whole economy and the whole of society”. The committee also heard evidence from Sir Mark Sedwill, the National Security Advisor, who agreed that the cyber threat cut across the national security and public safety agenda.

The committee argued that the importance of improving the resilience of the UK’s infrastructure, institutions and population had been demonstrated by a series of events, such as the global cyber-attack that affected large parts of the NHS.^38 Mr Sedwill acknowledged the importance of strengthening resilience to cyber-attack and propaganda. He stated that the Government was “conscious of the threat” to the UK’s CNI, and was working with CNI operators to address it.^39 However, he argued that there should be “confidence in our resilience against those threats”, because the attacks so far had “not really worked.^40

The committee welcomed the Government’s “apparent focus on building national resilience”, but urged the Government to increase public engagement.^41 The committee stated that the Government “must do all it can to inform the British public about the threats we face as a country” and to “empower them to contribute to the Government’s response when appropriate”. It called for the Government to set out its plans to develop community and societal resilience to the range of threats that may arise, and to set out its plans for future crisis management exercises.

4. Critical National Infrastructure and Cyber Security

The Government defines critical national infrastructure (CNI) as the assets, facilities, systems, networks or processes which, if lost or disrupted, would affect national security or the delivery of essential services.^42 The majority of the UK’s CNI is privately owned.^43 The Government monitors CNI cyber security by working with private operators through a variety of channels, including lead government departments and the National Cyber Security Centre (NCSC). In May 2018, the EU Networks and Information Security Directive (NIS directive) was transposed into UK national law. The Network and Information Systems Regulations (NIS regulations) established several competent authorities which are required to provide appropriate oversight and an enforcement regime for the regulations.^44

(^38) Joint Committee on the National Security Strategy, National Security Capability Review: A

Changing Security Environment , 23 March 2018, HL Paper 104 of session 2017–19, p 36. (^39) ibid, p 12. (^40) ibid, p 36. (^41) ibid, pp 36–7. (^42) CNI is categorised into 13 sectors: chemicals, civil nuclear, communications, defence,

emergency services, energy, finance, food, government, health, space, transport and water (Cabinet Office, Summary of the 2015–16 Sector Resilience Plan s, April 2016, p 3). (^43) Parliamentary Office of Science and Technology, Cyber Security of National Infrastructure ,

May 2017, p 2. (^44) UK Government website, ‘NIS Directive and NIS Regulations 2018’, 20 April 2018.

Further information on the directive can be found in Section 5 of this briefing.

4.1 Cyber Security of the UK Infrastructure Policy

The Government’s 2016 National Cyber Security Strategy stated that the cyber security of the UK’s CNI—from the physical infrastructure to the digital networks and data—was “critical”, because a successful attack “would have the severest impact on the country’s national security”.^45 Ensuring the CNI is secure and resilient against cyber-attack was set as a priority for the Government.^46 It made a commitment to:

  • Share threat information with industry that only the Government could obtain.
  • Produce advice and guidance on how to manage cyber risk, work collaboratively with industry and academia, and define what good cyber security looks like.
  • Stimulate the introduction of the high-end security needed to protect the CNI, such as training facilities, testing labs, security standards and consultancy services.
  • Conduct exercises with CNI companies to assist them in managing their cyber risks and vulnerabilities.^47

The NCSC warned that the technical barrier to launching successful attacks was decreasing, and that attacks continued to target the UK’s CNI.^48 Current government initiatives for cyber security of the UK’s infrastructure includes the NCSC’s cyber essentials scheme, which provides guidance to organisations on how to protect against low-level threats, and its ‘10 steps to cyber security’, which deals with more targeted attacks.^49 CNI operators are expected to implement advanced cyber security measures. These can include:

  • Encryption of sensitive data.
  • Network monitoring.
  • Penetration testing—conducting controlled cyber-attacks on systems.
  • Security by design, where systems are designed to perform narrowly defined actions and only accept instructions from verified sources. Networks can be designed to minimise the impact of any single failure.

(^45) HM Government, National Cyber Security Strategy 20162021 , November 2016, p 39. (^46) ibid, p 40. (^47) ibid, p 41. (^48) HM Government, National Security Capability Review , March 2018, p 21. (^49) National Cyber Security Centre, ‘Cyber Essentials’, accessed 4 October 2018; and

‘10 Steps to Cyber Security’, accessed 4 October 2018.

  • The Government should publish a framework setting out the different types of skills required.
  • The need for continuing professional development for teachers and lecturers to be addressed and to increase the existing education initiatives. It called on the Government to try and reach new groups of potential candidates and increase the number of women involved. As an example, it suggested a version of the cyberfirst girls competition to attract returning mothers to the cyber security profession.
  • Recruitment by the CNI sector should focus on aptitude, rather than high-level academic qualifications. The sector should also prioritise the reskilling of existing employees. The Government should give clear and targeted support.
  • The cyber security industry be professionalised through royal chartered status.
  • The publication of a standalone skills strategy to be made a priority.

In evidence submitted to the committee, the Chancellor of the Duchy of Lancaster and the Minister for the Cabinet Office, David Lidington, provided information on the Government’s plans to publish a cyber security skills strategy and on the existing cyber security skills education and training programmes.

Mr Lidington informed the committee that the Government intended to publish its cyber security skills strategy in December 2018, and that the Department for Digital, Culture, Media and Sport would be responsible for taking the strategy forward.^57 The strategy would set out how the Government planned to ensure that the UK had a sustained supply of cyber security talent with the requisite diversity of skills.

To build a long-term “pipeline of cyber security talent”, Mr Lidington said the Government was “nurturing the right level of aptitude and ambition in the next generation”.^58 For example, he highlighted the cyberfirst programmes. He stated that while the initiatives were relatively recent, and the data limited, the Government could point to some early successes. For instance, in 2017/18, the NCSC hosted 1,818 students, 45 computer science teachers and over 800 parents on cyberfirst summer courses and one day events, including a 44 percent female participation rate on the summer courses. Additionally, Mr Lidington stated that the Government was on target to have awarded 1,000 bursaries by 2020.

(^57) Joint Committee on the National Security Strategy, ‘Correspondence from David Lidington to the Chair 12 July 2018’, 17 July 2018. (^58) ibid.

To address the issue in the short-term, Mr Lidington stated that the existing workforce across Government and industry were being developed and retrained though schemes such as:^59

  • A cyber skills immediate impact fund: this was designed to help training providers and charities run initiatives to help boost the number and diversity of those entering the profession. This includes retraining adults with “aptitude and ambition”.
  • The cyber security postgraduate bursaries scheme pilot: this was designed to encourage adults to retrain to become cyber security professionals by taking a NCSC-certified master’s degree.

Mr Lidington also announced the Government’s intention to consult on proposals to develop a cyber security profession in the UK.

5. UK and its Global Partners

The Government stated in the National Security Capability Review (NSCR) that it would “champion coalitions of like-minded” governments and industry partners to “strengthen our cyber defences and collective security”.^60 It made a commitment to encourage collaboration between the EU and NATO, and to increase its investment in building the cyber defence capacity of its international partners.

5.1 NATO

The NATO alliance is founded on the principle of collective defence, meaning that if one NATO ally is attacked, then all NATO allies are attacked.^61 Cyber defence is an agreed component of collective defence. The UK Government reaffirmed its commitment to collective defence in the NSCR.^62

NATO has implemented several cyber security measures which include: 63

  • Affirming that international law applies in cyberspace.
  • Affirming its defensive mandate in July 2016. It recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea.

(^59) Joint Committee on the National Security Strategy, ‘Correspondence from David

Lidington to the Chair 12 July 2018’, 17 July 2018. (^60) HM Government, National Security Capability Review , March 2018, p 8. (^61) North Atlantic Treaty Organisation, ‘10 Things You Need to Know About NATO’,

27 February 2018. (^62) HM Government, National Security Capability Review , March 2018, p 8. (^63) North Atlantic Treaty Organisation, ‘Cyber Defence’, 16 July 2018.

The Government’s white paper on The Future Relationship between the United Kingdom and the European Union , published on 12 July 2018, highlighted that at the point of its exit from the EU the UK would be fully aligned with the EU’s NIS directive.^69 The UK’s NIS regulations 2018 implemented the directive and placed legal obligations on providers to protect UK critical services by improving cyber security.^70 The NIS regulations established a number of competent authorities to provide appropriate oversight and an enforcement regime for the regulations. For instance, Ofcom was made the competent authority for the UK’s digital infrastructure.^71 The National Cyber Security Centre (NCSC) is the CSIRT under the NIS regulations.^72

Michel Barnier, the European Commission’s chief negotiator for article 50 negotiations with the UK, has stated that in the areas of justice, freedom and security the EU will need to cooperate strongly with the UK.^73 However, he highlighted that once the UK leaves the EU, it will be a third country, and will have left the EU’s “ecosystem” based on “common rules and safeguards, shared decisions, joint supervision and implementation and a common court of justice”. He stated the UK will therefore need to “build a new relationship” with the EU.^74

5.3 Recent Developments

On 4 October 2018, the UK, Dutch and US governments made a series of coordinated statements alleging that members of the Russian intelligence service, the GRU, had committed a number of global cyber-attacks.^75

The National Cyber Security Centre (NCSC) stated it had identified that cyber actors widely known to have been conducting “indiscriminate and reckless cyber-attacks” around the world “were, in fact, the GRU”.^76 Targets included firms in Russia and Ukraine; the US Democratic Party; and a small TV network in the UK. It also alleged that in March 2018, the GRU attempted to compromise the UK Foreign and Commonwealth Office (FCO) computer systems through a spear-phishing attack. The Netherlands

(^69) HM Government, The Future Relationship between the United Kingdom and the European

Union , July 2019, Cm 9593, pp 70–1. (^70) UK Government website, ‘NIS Directive and NIS Regulations 2018’, 20 April 2018. (^71) A list of the competent authorities can be found in: Department for Digital, Culture,

Media and Sport, Security of Network and Information Systems: Guidance for Competent Authorities , April 2018. (^72) Further information about the NIS regulations 2018 can be found at: UK Government

website, ‘NIS Directive and NIS Regulations 2018’, 20 April 2018. (^73) European Commission, ‘Speech by Michel Barnier at the European Union Agency for

Fundamental Rights’, 19 June 2018. (^74) Further information about the EU’s proposals on future EU-UK security cooperation can

be found in: House of Commons Home Affairs Committee, UK-EU Security Cooperation after Brexit: Follow-up Report , 24 July 2018, HC 1356 of session 2017–19. (^75) BBC News, ‘Russia Cyber-plots: US, UK and Netherlands Allege Hacking’,

4 October 2018. (^76) National Cyber Security Centre, ‘Reckless Campaign of Cyber-attacks by Russian Military

Intelligence Service Exposed’, 4 October 2018.

announced that it had expelled four Russians accused of plotting to hack the Organisation for the Prohibition of Chemical Weapons (OPCW) in April 2018.^77 At the time, the OPCW had been probing the chemical attack on a Russian ex-spy in the UK. The US Department of Justice said its anti- doping agency, football's governing body FIFA and the US nuclear energy company, Westinghouse, had been targeted. In addition, the Canadian government said “with high confidence” that breaches at its centre for ethics in sports and at the Montreal-based World Anti-Doping Agency were carried out by Russian intelligence. As a result of the findings, the US indicted seven people, four of whom were the men expelled from the Netherlands, while the other three were among those charged in July 2018 with hacking Democratic officials during the 2016 US elections.

In a joint statement, the UK Prime Minister, Theresa May, and the Prime Minister of the Netherlands, Mark Rutte, said the alleged plot against the OPCW demonstrated “the GRU’s disregard for global values and rules that keep us all safe”.^78 The European Union, in a joint statement by the President of the European Council, Donald Tusk, President of the European Commission, Jean-Claude Juncker and High Representative of the Union for Foreign Affairs and Security Policy, Federica Mogherini, said they “deplor[ed] such actions, which undermine international law and international institutions”.^79 They stated that the EU would continue to strengthen the “resilience” of its institutions and those of its member states, and also “international partners and organisations in the digital domain”. The UK Secretary of State for Foreign and Commonwealth Affairs, Jeremy Hunt, has said Russia could face sanctions.^80

In response to the allegations, the Russian government said that these announcements were “yet another stage-managed propaganda campaign”.^81

(^77) BBC News, ‘Russia Cyber-plots: US, UK and Netherlands Allege Hacking’,

4 October 2018. (^78) Prime Minister’s Office, ‘Joint Statement from Prime Minister May and Prime Minister

Rutte’, 4 October 2018. (^79) Council of the European Union, ‘Joint Statement by Presidents Tusk and Juncker and High

Representative Mogherini on Russian Cyber-attacks’, 4 October 2018. (^80) Pippa Crerar, Jon Henley and Patrick Wintour, ‘Russia Accused of Cyber-attack on Chemical Weapons Watchdog’, Guardian , 4 October 2018; and BBC News, ‘Russia Cyber-plots: US, UK and Netherlands Allege Hacking’, 4 October 2018. (^81) BBC News, ‘Russia Cyber-plots: US, UK and Netherlands Allege Hacking’,

4 October 2018.