SCOTLAND is shoring up its defences against cyber attacks after UK and US intelligence agencies warned state-sponsored Russian hackers are targeting networks.

A “technical alert” issued this week by the UK’s National Cyber Security Centre (NCSC) and the FBI said Russians are using compromised internet routers to conduct “spoofing man-in-the-middle attacks” to support spying, steal intellectual property and “potentially lay a foundation for future offensive operations”.

The Scottish Government has already bolstered public sector defences following a cyber attack which affected the NHS last year, and officials are now working on an action plan for the private sector and charities.

Police Scotland’s Cybercrime Unit warned that cyber threats are now a “daily occurrence” and said it is working with the NCSC to respond. The Ministry of Defence said security is “constantly” under review at sites in Scotland such as the Clyde naval base at Faslane, where the UK’s Trident nuclear submarines operate from. Security at Scotland’s nuclear power stations, which are run by EDF Energy, no longer relies on internet-connected software in order to operate, according to a spokeswoman for the French-owned firm.

Last year Scotland’s NHS was held to ransom by hackers who targeted computers and demanded sums of the cryptocurrency Bitcoin. North Korea was blamed for the attack, which was named "Wannacry", however one expert said it can be difficult to ascertain where attacks originate from.

Dr Matthew Collinson, a computing science lecturer at the University of Aberdeen, said: “There is always the attribution problem. It is very difficult to ascertain where the attack originated. It could be routed through a third party.”

Collinson said Russia is likely to be spying on Scotland using “tools placed on a network”, but he added that it is unlikely the Russians will use their capability to “switch off critical national infrastructure” because it would be “an act of war”.

He added: “There is a big suite of plans being pushed through by the Scottish Government which is very relevant and should help in the future in terms resilience, but if you’re dealing with a sophisticated adversary like Russia they could still do some damage somewhere.”

Kami Vaniea, a lecturer in cyber security and privacy at the University of Edinburgh's School of Informatics, was more optimistic about the country’s defences. She said: “The security community in the UK has made heavy use of the publicity around attacks such as Wannacry to make security a larger priority across all sectors, and launching the NCSC has put the UK in a far better position to defend against cyber-attack.”

A Scottish Government spokesman said: “Following the Wannacry attacks in May 2017 we, in partnership with the National Cyber Resilience Leaders Board, developed an action plan on cyber resilience for the public sector … and we are currently developing action plans for private and third sector organisations.”

Detective Chief Inspector Brian Stuart, of Police Scotland's Cybercrime Unit, added: “Cyber threats are a global phenomenon and a daily occurrence. The resilience and cooperation of the public and private sector is crucial in keeping our communities safe. In the event of any cyber incident it is imperative that this is reported to Police Scotland using the 101 number.”

An MoD spokesman said: “We do not comment on specific security issues, but constantly review our arrangements to ensure that our people are as well prepared as possible.”

SCOTTISH HEALTH BOARD SPENT OVER £100,000 ON DEFENCES AFTER ATTACKS

NHS Lanarkshire was forced to spend more than £100,000 to bolster its cyber defences after last year’s attacks, which also affected 10 other health boards in Scotland.

Around 500 patient appointments and procedures were cancelled after May’s Wannacry attack which affected 1,338 PCs, and a further 184 appointments were cancelled in a second attack named BitPaymer in August.

It is not known where the attacks originated but Donald Wilson, NHS Lanarkshire general manager for eHealth/ICT, said both attacks were Windows-based, encrypted users files and requested bitcoin.

Wilson said: “The Wannacry malware exploited a Microsoft Windows vulnerability. At the time of the attack the Microsoft patch [a technical fix] was not fully deployed across all Windows devices. The likely source of the BitPaymer attack was an unsolicited spam email.”

Wilson said NHS Lanarkshire has appointed three additional cyber security specialists following a review.

“We spent £50,000 on additional security products and £60,000 on professional services to implement the new products,” he added. “A range of improvements have been successfully implemented over the past 12 months which has greatly reduced the likelihood of a further malware attack.”