In this analysis published by NATO Review, Risk Ledger's CEO Haydn Brooks explains why attacks on the digital supply chains of Britain and its NATO allies are on the rise, and what a more coordinated approach to supply chain security across the Alliance could look like.
In his first press conference following the elections, the United Kingdom’s new Prime Minister Sir Keir Starmer stressed the UK’s “unshakable” commitment to NATO and that his government’s “first duty” must be security and defence. As part of this commitment, a significant focus should be placed on securing Britain’s and other NATO Allies’ digital supply chains against stepped up cyber attacks by threat actors determined to breach our critical national infrastructure.
Just one week after his election, Prime Minister Starmer attended his first NATO summit, which took place in Washington D.C. in July. At the summit, he emphasised Britain’s “unwavering commitment” to the Alliance and announced that the UK would conduct a Strategic Defence Review and raise its defence spending to 2.5% of GDP. Also in July, Starmer’s government set out its plan to introduce a new Cyber Security and Resilience Bill, which is widely regarded as a UK equivalent to the new EU Network and Information Systems Directive 2 (NIS2) that will take effect from 18 October 2024.
Starmer’s election as Britain’s new PM and the NATO summit both took place at a time of rapidly rising geopolitical tensions, with Russia and China in particular increasingly moving beyond engaging in economic and regional proxy conflicts with the West, and targeting NATO Allies more directly through cyber attacks. These attacks are no longer limited to cyber espionage campaigns either. They are increasingly aimed more directly at disrupting and harming our economies, or designed as stealth operations to infiltrate, and then lay dormant, in our critical national infrastructure or even national security institutions, waiting to be triggered in the event of escalating tension.
As the US Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned earlier this year in a joint advisory, the People’s Republic of China’s (PRCs) “state-sponsored cyber actors are seeking to pre-position themselves on information technology (IT) networks for disruptive cyberattacks against US critical infrastructure in the event of a major crisis or conflict with the United States.” This was followed by a threat alert from the UK National Cyber Security Centre (NCSC), also highlighting the escalated threat emanating from cyber attacks by state-sponsored threat actors against UK Critical National Infrastructure.
While media attention has focused on state-sponsored disinformation campaigns and the targeting of our democratic institutions, attacks against digital supply chains – comprised of all external suppliers, partners, and service providers to our governments and operators of critical national infrastructure – pose a less visible but very significant threat.
You can read the full article on NATO Review.
This article was co-authored with Chris Luenen, Deputy Director & Head of Geopolitics at the Global Policy Institute (GPI London).
This article was first published by © NATO Review
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
