UK Government Announces New National Cyber Force

UK Government Announces New National Cyber Force

Recently, the UK government announced its plans to take more offensive steps in its approach to cybersecurity. The announcement is further evidence of a gradually emerging trend exhibited by nation states: an increasing openness about their offensive cyber operations. This behaviour is likely to become the norm as many of the motivators for such an offensive stance — hybrid warfare, cyber espionage, and disinformation campaigns –only continue to grow.

What Will the Force Entail?

On Thursday 19th November 2020, the UK Prime Minister announced a new partnership: the National Cyber Force (NCF). This new body is the result of cooperation between the Ministry of Defence and Government and Communications Headquarters (GCHQ). MI6 and the Defence, Science and Technology Laboratory will also contribute. 

The four organisations will collaborate under one unified command for the first time. The Ministry of Defence’s official tagline for the NCF is, “A Defence and Intelligence Partnership”, to emphasize the fact that there is no other organization like it anywhere else on the globe, to date. 

In development for over two years, with reports of its creation first surfacing in September 2018, this specialist cyber unit is set to multiply tenfold the number of government employees in offensive cyber and cyber-crime roles over the next ten years. These individuals are to be drawn from security services, the military, and industry. 

The Guiding Objectives of the Taskforce

The principal objective of the NCF will be to degrade, disrupt and even destroy communications systems of those that pose a security threat. The Force will monitor both local and global cybersecurity threats. The organisation’s remit will also encompass the support of ongoing military operations

The organization, reportedly secretly launched in April 2020, has the goal of disrupting the operations of national security threats. For example, via hacking enemy weapons systems and disrupting hostile states’ servers

Another reported tactic the NCF will use is to take a behavioural science approach in an attempt to communicate with attackers to deterand steer them away from their planned attacks. These tactics are in contrast to the pre-existing, more defensive, bodies such as the National Cyber Security Centre (NCSC), whose main function is to help the public sector, businesses and the public to respond to, and recover from, cyber incidents.

 

The Wider Context

 

The shift from a more defensive, to an explicitly offensive stance emerges against the backdrop of a comprehensive and lengthy government review into foreign, defence and security policies. Indeed, the Force was officially made public during a pledge made by Prime Minister Boris Johnson to invest a further £16.5 million in defence between now and 2024, the largest injection of defence investment since the Cold War.

This injection will raise defence spending to 2.2% of GDP, exceeding the UK’s NATO pledge. Along with the NCF launch announcement, preliminary details about a new agency dedicated to developing Artificial Intelligence and a new “Space Command” were released.

The Minister of Defence, Ben Wallace, has previously warned that threats to national security have diversified noticeably, and that cyber and space are the future contested spaces. Further explanations for the launching of this initiative come from steps taken by other foreign powers in their approach to cyber threats. 

For example, China now possesses a new strategic support force designed to achieve dominance in space and cyber, and the US former National Security Adviser, John Bolton, acknowledged in 2019 a broadening of offensive operations.

Moreover, Brexit, and increasing threats of hybrid warfare are additional factors influencing the creation of this Force. As many as 60 countries have developed offensive cyber abilities. COVID-19 has also opened up multiple new venues for cyber hostility — the spread of misinformation about the virus being a notable example.

Offensive strategies have certainly not been absent from the British government’s approach to cybersecurity. In 2014, it established a joint GCHQ-MI6 partnership – the National Offensive Cyber Programme (now replaced by the NCF), operationalised in 2016 and 2018 to conduct cyber operations against ISIS.

Despite this, UK parliamentarians have previously called out the government for insufficient action regarding cybersecurity. The Joint Committee on the National Security Strategy in July 2018 accused them of not doing enough to protect critical infrastructure, arguing that a strategy for developing cyber skills was desperately needed.

Looking to the Future

Much of the detail about the Force’s activities is under lock and key. This secrecy is already sparking discussion about the ethical implications of covert offensive cyber. Such ethical boundaries are difficult to set when secrecy is so crucial to the success of the operation.

All operations will have to be approved by the Defence or Foreign minister, scrutinised by Parliament’s Intelligence and Security Committee, and governed by the Investigatory Powers Act and the Intelligence Services Act. However, the foremost intention is for operations to remain largely clandestine. 

As with defence of any other realm, close integration and cooperation between offensive and defensive operations are crucial. Fortunately, the organisational make-up of the NCF looks set to allow for this, GCHQ bearing responsibility for running both the NCSC and NCF.

The NCSC has, for the most part, been successful in bringing UK cyber activities into the spotlight,  and increasing public understanding of and engagement with it. Only time will tell if the NCF has the same effect. 

Investment in Britain’s offensive capabilities is not supported by all, however. Former NCSC Chief, Ciaran Martin, days before the NCF was made public, contended that,In all my operational experience, I saw absolutely nothing to suggest that the existence of Western cyber capabilities, or our willingness to use them deter attackers. . . A more secure digital environment is the best guarantor of safety and security for Western countries in the digital age. We weaponise the Internet at our peril.”

All eyes will now be on the next big announcement set to be made by the Ministry of Defence – publishing of their Integrated Review of Security, Defence, Foreign Policy and Development in early 2021 – as this is likely to explain in greater depth key details surrounding the NCF’s operations. Other countries following suit, in both increasing their offensive capabilities, and their openness about these, is a definite possibility. 

 

About Author