Britain has set up its long awaited National Cyber Force capable of carrying out offensive missions against targets including hostile states, terrorist groups, organised crime networks and international paedophile rings.
The organisation, which brings together a number of security and intelligence agencies, is meant to provide the most advanced technological assistance to operations ranging from Special Forces in combat on the ground to countering the use of the internet for child sexual abuse.
The need for such a centralised force has become acutely necessary, say intelligence and defence officials, with a huge rise in threats in the cyber domain.
There has been a rising tempo of attacks just in the last six months aimed at strategic infrastructure, and Covid-19 related fields including attempts to hack into vaccine research, and spreading misinformation about the pandemic.
The military, too, has been subjected to sustained attacks, facing attacks more than 180 a month, or 60 a day, in what General Sir Patrick Sanders, the chief of UK’s Strategic Command and the most senior commander on cyber, called a modern day “blitz”.
GCHQ, the National Cyber Security Centre ( NSCS) , MI6, Defence Science and Technology Laboratory (DSTL) and the UK military will be brought under the same command for the first time in the National Cyber Force.
It is expected to start with around 3,000 personnel, with a significant number coming from the military : but will expand with a number of bases around the country.
The Cyber Force will work with fellow member states of the “Five Eyes Alliance” of the US, Canada, Australia and New Zealand, other Western allies and will offer its capabilities, if required, to Nato.
Members of Nato can call on others in the Alliance under Article 5 of the treaty if under attack. Although that is yet to be activated by a member state, the UK has provided technical help to a number of allies facing Russian cyber aggression.
Offensive operations by the Cyber Force will have to be signed off by the Foreign Secretary, responsible for MI6 and GCHQ, and the Defence Secretary, with the same role with the military and DSTL and its activities will be scrutinised by the Commons Intelligence and Security Committee (ISC). Officials insist legal and ethical standards will be adhered to.
The first concerted offensive cyber carried out by the UK was against the Islamic State during missions in Iraq and Syria two years ago by the intelligence agencies and the military. The National Cyber Force will aim to continue disrupting jihadist planning and recruitment, but the activities of hostile states have increasingly come into focus with Russia accused of interfering in Western elections and referendums and the Chinese stepping up commercial espionage.
Whitehall officials do not want to comment publicly about foreign states being targeted. But Mark Sedwill, the former Cabinet Secretary and National Security Advisor, recently confirmed that the UK had carried out offensive operations in Russia.
Jeremy Fleming, the GCHQ Director, said “The National Cyber Force builds out from that position of defensive strength. It brings together intelligence and defence capabilities to transform the UK’s ability to contest adversaries in cyber space, to protect the country, its people and our way of life.
“Working in close partnership with law enforcement and international partners, the National Cyber Force operates in a legal, ethical and proportionate way to help defend the nation and counter the full range of national security threats.”
General Sir Patrick Sanders said: “The formation of the National Cyber Force to defend the UK in cyberspace marks a milestone and the imperative is vital because cyberspace is the most contested domain where our adversaries and our allies will meet over the next decade and beyond.”
Defence Secretary Ben Wallace stated that the Cyber Force will “ give the UK a world class ability to conduct cyber operations”. Foreign Secretary Dominic Raad said: “The UK’s new National Cyber Force is a world-leading force for good, capable of conducting targeted, responsible cyber operations to protect our national security. From defending against terrorism, to countering hostile state activity to tackling the scourge of online child abuse, the National Cyber Force brings together critical capabilities from across government…”
Not all in the security sphere, however, agree with the focus on offensive cyber.
Ciaran Martin, until recently the chief of the National Cyber Security Centre ( NCSC) speaking at King’s College, London, last week said: “In all my operational experience, I saw absolutely nothing to suggest that the existence of Western cyber capabilities, or our willingness to used them deter attackers.
“The case for cyber restraint is a hard-headed one. A more secure digital environment is the best guarantor of safety and security for Western countries in the digital age. We weaponise the Internet at our peril. We militarise the Internet at our peril.”
