BBC News

UK's National Cyber Force comes out of the shadows

By Gordon Corera
Security correspondent

Published
image copyrightGetty Images

The National Cyber Force's existence has been publicly confirmed after months of speculation and a decade after the UK first began offensive cyber-operations.

It will counter threats from terrorists, criminals and hostile states.

MI6 officers will work alongside both the cyber-spy agency GCHQ and the military as part of a new unified command.

It has been up and running since April.

But it was only formally made public by the prime minister on Thursday.

The aim is that when UK armed forces go into combat, cyber-operations will be closely integrated with the traditional military.

One possible scenario would see operators hacking into enemy air defences to protect RAF missions.

But the force is not just about a high-end military capability.

It has been designed to operate day-to-day against wider threats.

Surprise and ambiguity

The NCF's operational mission is to degrade, disrupt and even destroy communications systems used by people posing a threat to the UK.

This might involve interfering with a suspect's mobile phone to prevent them communicating with their contacts.

Or it could see a cyber-crime group's computer servers being disrupted to prevent a threat like 2017's WannaCry attack, which took down parts of the NHS and other organisations by scrambling their data.

Surprise and ambiguity can be advantageous, so officials are cautious about providing too many details.

But one tactic will be to communicate with attackers to undermine their morale and dissuade them.

Battlefield support

The new operational command has been running since April, with its head briefed every week about ongoing operations for roughly 45 minutes .

The NCF is recruiting through existing members of the armed forces and from GCHQ, MI6 and also the Defence Science and Technology Laboratory.

MI6 officers might be involved if activity is taking place overseas or to work on the human aspect of an operation.

The ambition is to grow the force to about 3,000 in the next decade.

The UK has been developing cyber-capabilities that can have a real-world impact for well over a decade. They were first used in Afghanistan and then against the Islamic State group in Iraq and Syria.

In 2018, GCHQ Director Jeremy Fleming talked of "a major offensive cyber-campaign" against IS, which suppressed its propaganda, hindered its ability to co-ordinate attacks, and protected coalition forces on the battlefield.

Officials will not say if the capability has been used against other states. But there have been reports of operations targeting Russia in the wake of the Skripal poisoning in 2018 and Covid-19 misinformation more recently.

Blurred line

The birth of Cyber Force has not been entirely smooth.

There was a long and difficult battle between GCHQ and the Ministry of Defence over authority.

It has been agreed that the foreign secretary and defence secretary will have a role in signing off different types of operations.

Other countries have deployed their own cyber-capabilities.

  • Defence funding boost 'extends British influence'
  • 'Don't weaponise the net' warns former cyber-chief
  • UK cyber-threat agency confronts Covid-19 attacks

Russia has been accused of carrying out a type of hybrid warfare using a range of tools, including cyber-attacks and information operations below the threshold of traditional armed conflict. In doing so it has blurred the old dividing line between war and peace.

Western nations have been slow to respond and reorganise themselves. But they are now seeking to fight on this new terrain with new weapons.

The US's Cyber Command is led by General Paul Nakasone. He has been operating under a strategy of "persistent engagement" and "defend forward", which involves battling with foreign actors in cyber-space.

They include Russia's Internet Research Agency, which targeted the US 2016 election.

Ethical choices

The UK believes that in many areas it can match Russian capabilities, but act as a more "responsible" cyber-power.

That means being subject to external oversight as well as ministerial authorisation for more risky or novel operations.

But it may be tricky to set the ethical boundaries for how far the UK is willing to go.

The debate over when and how to go on the offensive with cyber-weapons has often lacked nuance. Those involved hope the public announcement will lead to a more informed debate.

The creation of the National Cyber Security Centre (NCSC) in 2016 as a public, defensive arm of GCHQ did help increase public engagement and understanding.

Its former head Ciaran Martin recently revealed that when he started, understanding was so low that a senior figure in government asked him where the "red button" was to launch attacks.

That button may not literally exist, but it is now public that the National Cyber Force is the place where it would be.

Related Topics

  • Ministry of Defence
  • Cyber-attacks
  • Military
  • GCHQ

More on this story

  • Defence funding boost 'extends British influence', says PM