View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Policy
July 21, 2020

Russia Report: Committee Warns of Fragmented “Cyber” Responsibilities Across HMG, Says Russian Influence is Entrenched

"A complicated wiring diagram of responsibilities"

By CBR Staff Writer

Russian influence at the highest spheres of the UK is now entrenched, Parliament’s Intelligence and Security Committee warned today in its long-awaited Russia Report, while counter-intelligence and cyber defense activities are fragmented across the UK.

Covert activities against Russia, meanwhile, are hampered by “ubiquitous” encryption which makes gather signals intelligence (SIGINT) increasingly difficult, and the rise of “smart cities” which inhibit classic human intelligence (HUMINT) the report notes.

“Relationships should be carefully scrutinised”

“Several members of the Russian elite who are closely linked to Putin are identified
as being involved with charitable and/or political organisations in the UK, having donated to political parties, with a public profile which positions them to assist Russian influence operations. It is notable that a number of Members of the House of Lords have business interests linked to Russia, or work directly for major Russian companies linked to the Russian state – these relationships should be carefully scrutinised, given the potential for the Russian state to exploit them,” the report warns.

The Committee blames the UK’s 1994 investor visa scheme, saying it offered “ideal mechanisms by which illicit finance could be recycled through what has been referred to as the London ‘laundromat’. The money was also invested in extending patronage and building influence across a wide sphere of the British establishment.”

Fragmented Agency Approach to Countering Russian Cyber Threat?

“There are a number of agencies and organisations across the Intelligence Community which have a role in countering the Russian cyber threat, and it was not immediately apparent how these various agencies and organisations are co-ordinated and indeed complement each other,” the Intelligence and Security Committee warns.

Spelling out a fragmented inter-agency set of responsibilities, the Committee urged the government to ensure the next iteration of the National Cyber Security Strategy addresses this need for “greater cohesion”. Accountability is also an issue:

See also: Parliament Tears Into National Cyber Security Programme

“The Foreign Secretary has responsibility for the NCSC, which is responsible for incident response, the Home Secretary leads on the response to major cyber incidents. Indeed, there are a number of other Ministers with some form of responsibility for cyber”, notes the Committee in the 55-page Russia Report, which was published today after Boris Johnson’s government failed to place its preferred candidate as committee chair.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“The Defence Secretary has overall responsibility for Offensive Cyber as a ‘warfighting tool’ and for the National Offensive Cyber Programme, while the Secretary of State for the Department for Digital, Culture, Media and Sport (DCMS) leads on digital matters, with the Chancellor of the Duchy of Lancaster being responsible for the National Cyber Security Strategy and the National Cyber Security Programme.

“It makes for an unnecessarily complicated wiring diagram of responsibilities;
this should be kept under review by the National Security Council (NSC).”]

Policy responsibility for Hostile State Activity, meanwhile, sits in the National Security
Secretariat in the Cabinet Office: “This appears unusual: the Home Office might seem a more natural home for it, as it would allow the Office for Security and Counter-Terrorism’s (OSCT) experience on counter-terrorism matters to be brought to bear against the hostile state threat”, the Committee notes, saying this should be reviewed.

Nobody Owns Push-Back Against Disinfo Campaigns

Describing Russia as an “accomplished adversary with well-resourced and world-class offensive and defensive intelligence capabilities”, the report emphasises that there is no clear ownership of who tackles disinformation campaigns by Russia and other actors.

“The [intelligence] Agencies… do not view themselves as holding primary responsibility for the active defence of the UK’s democratic processes from hostile foreign interference, and indeed during the course of our Inquiry appeared determined to distance themselves from any suggestion that they might have a prominent role in relation to the democratic process itself,” the report notes.

The Department for Digital, Culture, Media and Sport (DCMS) holds primary responsibility for disinformation campaigns, and that the Electoral Commission has responsibility for the overall security of democratic processes.

“However, DCMS told us that its function is largely confined to the broad HMG policy regarding the use of disinformation rather than an assessment of, or operations against, hostile state campaigns. It has been surprisingly difficult to establish who has responsibility for what” the report concludes. “Overall, the issue of defending the UK’s democratic processes and discourse has appeared to be something of a ‘hot potato’, with no one organisation recognising itself as having an overall lead.”

See also: EXCLUSIVE: GCHQ, NSA Still Using Punched Paper Tape to Produce Crypto Keys

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.