UK government confirms its intel agency is helping to defend Ukraine

The British government has publicly confirmed for the first time that experts at its intelligence and security agency GCHQ have been contributing to Ukraine’s defense against Russian cyberattacks.

Announced alongside the annual review for the National Cyber Security Centre (NCSC) — a part of GCHQ — the Foreign Office said it had provided a £6.35 million (about $7.3 million) support package known as the Ukraine Cyber Programme in the days following the invasion back in February.

“The programme has not been made public until now to protect its operational security,” the government said in a statement on Tuesday.

The programme has involved providing incident response support to the Ukrainian government, including protection against the Industroyer2 malware, as well as delivering hardware and software and limiting “attacker access to vital networks.”

U.S. Cyber Command had previously confirmed that its staff was deployed in Ukraine before the invasion to provide similar assistance. Gen. Paul Nakasone testified in April that the United States had “provided remote analytic support to Ukraine and conducted network defense activities aligned to critical networks from outside Ukraine.”

On Tuesday, U.K. Foreign Secretary James Cleverly said “Russia’s attack on Ukraine is not limited to its horrific land invasion. It has also persistently attempted to invade Ukraine’s cyberspace, threatening critical information, services and infrastructure.”

He said Britain was drawing on its “world-leading expertise to support Ukraine’s cyber defenses. Together, we will ensure that the Kremlin is defeated in every sphere: on land, in the air and in cyber space.”

As part of the launch for the agency’s annual review on Tuesday morning, Lindy Cameron, NCSC’s chief executive, said Russia’s invasion of Ukraine had resulted in “the most profound change in the cyber security landscape over the past 12 months.”

“I am proud of the role the NCSC played, in conjunction with the [Foreign Office], in supporting the Ukrainian authorities’ staunch cyber defence in the face of Russian hostility. These efforts were shown to have been highly successful in protecting the Ukrainians against Russian cyber attacks and raising their general cyber resilience,” she added.

Liz Truss’s phone

The launch event for the Annual Review itself was smaller than had been planned, according to multiple members of the NCSC’s team at the event, because of a recent report alleging Liz Truss’s personal phone had been hacked while she was the Foreign Secretary.

Attackers stole “up to a year’s worth of messages” as reported by the Mail on Sunday, among them “highly sensitive discussions with senior international foreign ministers about the war in Ukraine, including detailed discussions about arms shipments.”

No other media outlet has been able to confirm that story, and the government has not responded to demands for an investigation into its veracity, how the information was leaked, and the suggestion that it was intentionally covered up.

NCSC’s Cameron said she would not comment on the specifics of the case when asked about it by journalists.

“I’m not going to go into the details of that individual case, but what I’m really proud of is the work that we do to help to prepare ministers and the politicians more generally,” she said.

Asked whether the advice to ministers had changed at all following the alleged hack of Truss’ phone, Cameron said the agency had “issued pretty consistent advice to MPs [and] politicians” and added: “We’re really proud at NCSC of the way we engage with customers to find out what’s landing and to try and improve the way that that advice is able to be applied.”

Ian Levy, the agency’s departing technical director, said: “Nothing fundamental has changed in the advice we’ve given in the last couple of years, because nothing fundamental has changed in either the technology or the threat that that attracts.”