From defensive to offensive: the UK boosts its cyber units

The UK Ministry of Defence has announced additional funding for the British Army to stand up new cyber operations centres across the UK. Grant Turnbull looks at the threats these new units will be up against and how the army can play its part in strengthening the UK’s defensive and offensive cyber capabilities.

// Image: Crown Copyright / MOD

It seems that not a week goes by without a story on how hackers have breached a corporation's defences to steal data, or that an organisation has had its IT systems brought to a standstill by cyber criminals seeking financial gain. Security forces, including the military, are also having to contend with the significant threat posed by state-based, or state-funded, groups that have the skill and expertise to threaten critical national infrastructure, causing a threat to wider national security.

As we connect more computers, machines and devices to the internet - commonly referred to as the Internet of Things - we can only expect the cyber threat to grow as hackers find more ways to infiltrate networked systems.

Preparing for a connected battlespace

Militaries around the world are looking to enhance connectivity on the battlefield, which could present similar vulnerabilities. Vehicles and soldiers are becoming more digitised with a raft of computer technologies that emphasise interconnectedness and data generation/sharing. As much as this digitisation will represent a capability enhancement, it will also increasingly represent a digital vulnerability for armed forces if they are not properly prepared for both defensive and offensive cyber operations.

“We are operating in an unpredictable environment where we will see increasingly sophisticated attacks using rapidly evolving technologies,” explains Elliot Rose, head of cyber security at PA Consulting. “Some of these attacks will be much more nuanced than previously and, as the Bank of England has recently highlighted, could include attempts to corrupt information in key organisations to disrupt the UK economy.”

He adds: “These types of attacks need the armed forces to work closely with industry to defeat them by using intelligence and surveillance to spot them and then taking action to prevent further damage. While maintaining defensive strategies and actions is vital, the armed forces should also use offensive cyber techniques to uncover and disable advanced adversaries and stop and prevent attacks before they happen.”

Adapting to the technology revolution

In June, speaking at the Royal United Service Institute’s Land Warfare Conference, the head of the army, Mark Carleton-Smith, noted that it was “indisputably the case” that a technical revolution was underway, and that a response by the British Army needed to be equally revolutionary.

“Secure borders, or living on an island, are no guarantees against the corrosive and intrusive effects of disinformation, subversion and cyber,” he explained.

In May, then Defence Secretary Penny Mordaunt announced at the NATO Cyber Defence Pledge Conference in London that the UK MOD was committing £22m in funding for the British Army to set up new cyber operations centres across the country. The centres “will draw together cyber capability from a range of sources – including both national intelligence and open source data – to give the army the competitive edge across all environments”, said the MOD.

“The new centres form part of a wider £1.9bn investment into the UK’s National Cyber Security Strategy.”

The centres will likely draw heavily on 77 Brigade - a combined reserve and active unit that specialises in information warfare - as well as have contact with joint and other national security organisations. “These new cyber centres will allow the Army and Defence to transform the way we use data, at speed, so that we can compete with our adversaries in a way fit for the 21st Century,” said Major General Tom Copinger-Symes, General Officer Commanding Force Troops Command.

The details of where each cyber centre will be located has yet to be determined, but operations are expected to begin next year.

The new centres form part of a wider £1.9bn investment into the UK’s National Cyber Security Strategy, which has included the standing up of a new National Cyber Security Centre (NCSC), as well as the development of military-focused cyber capabilities by the MOD.

Defensive and offensive capabilities

It is unclear, and will likely remain so for operational reasons, how much focus will be placed on defensive and offensive operations - the latter is particularly secretive. While offensive cybersecurity strategies will not eliminate all cyberattacks, they are “extremely valuable in reducing their likelihood”, according to Rose.

He adds: “An adversarial approach focused on seeking out the perpetrators and attempting to disable or at least disrupt their operations needs to be central to the government’s strategy. That needs to be accompanied by work to build an international consensus and partnerships to prevent UK being viewed as a rogue cyber state.”

“We need to learn from others, such as Israel where government funds and develops the most talented people from an early age.”

For experts such as Rose, the key for the new British Army centres will be close partnerships with the private sector to ensure that the armed forces are properly prepared for the threat they face.

“Collaboration with the private sector is critical so the centres can leverage its capabilities and get a real understanding of the threats to the UK economy,” says Rose. “As with the NCSC100 initiative, the centres should have a policy of secondment both ways with industry. The range of potential attackers, from nation states, hacktivists, criminals or extremists, mean organisations can no longer operate alone and the centres must be fully integrated with government, intelligence agencies, as well as the private sector.”

As well as shoring up defence in the immediate future, Rose explained that the government and the armed forces must invest in training the next generation of cyber experts.

“We need people with a deep understanding of their operating environment, an ability to ask the right questions, and the right methodologies,” he says. “We need to learn from others, such as Israel where government funds and develops the most talented people from an early age. They gain a couple of years of return and then embrace the fact that these people will eventually move to the private sector.”