National Cyber Force: defending the cyber domain

The UK is creating a National Cyber Force drawing its personnel from the Ministry of Defence and security services including GCHQ and MI6. Harry Lye explores the role defence will play in the future of cyber operations.

UK Prime Minister Boris Johnson announced the creation of a National Cyber Force (NCF) last month. Speaking to the House of Commons via video-link, he said: “I can announce that we have established a National Cyber Force, combining our intelligence agencies and service personnel, which is already operating in cyberspace against terrorism, organised crime and hostile state activity.”

Capable of undertaking offensive and defensive cyber operations, the National Cyber Force draws its personnel from Government Communications Headquarters (GCHQ), the Ministry of Defence (MOD) and MI6, the Secret Intelligence Service (SIS). Adding to the MOD’s contribution is the UK’s Defence Science Technology Laboratory (Dstl), which will provide advanced technological know-how.

While the realm of cyberspace can seem far away from traditional defence power such as tanks, boots on the ground and fighter jets, cyber is increasingly becoming a realm of concern for armed forces globally as they become more reliant of, and more vulnerable to, threats in the domain.

In the UK, the formation of the NCF formalises an existing partnership between GCHQ and the MOD, which have long been working together on offensive operations designed to disrupt the so-called Islamic State’s online propaganda networks.

Commenting on the announcement last month, Defence Secretary Ben Wallace said: “The National Cyber Force is a joint defence and GCHQ capability, giving the UK a world-class ability to conduct cyber operations. The NCF is bolstering our global presence in the cyber domain, and it is a clear example of how we are turning our ambitious agenda to modernise defence into a reality.”

Operational expertise and experience

According to the government, a key pillar of defence’s contribution to the National Cyber Force is the MOD’s ‘operational expertise’ along with the scientific and technical capabilities of Dstl.

Within the MOD, the UK Armed Forces’ cyber presence is led by UK Strategic Command (UKSTRATCOM). A spokesperson for the command told us: “The NCF is a partnership between defence and intelligence organisations. Each agency brings different skill sets to the force. Every single military operation has a cyber component. Defence brings the expertise and knowledge from operational experience to the new force.

“Alongside our operational expertise, we also are contributing our scientific and technical capabilities to complement GCHQ’s global intelligence capability and pioneering use of cyber techniques, the Secret Intelligence Services’ expertise in recruiting and running agents, alongside its ability to deliver clandestine operational technology.

“The threats we face today are more varied than ever, from state-based threats to organised crime to terrorist groups, so it’s important that our response comes from across government, to protect and enhance the UK’s position and reputation as a top tier cyber power.”

A uniquely British approach

Marcus Willett, who spent over three decades at GCHQ, was the agency’s first director of cyber, helped to design the UK’s first national cybersecurity strategy, and, with the MOD, ran the UK’s National Offensive Cyber Programme. Now a senior adviser for cyber to the International Institute for Strategic Studies, Willett told us that the National Cyber Force was a ‘uniquely British’ model for responding to threats in the domain.

“If you can afford to have two completely separate capabilities, you can see how that has some advantages,” Willett said. “If you can't afford to, then you can make the best of needing to develop those sorts of capabilities jointly, which is of course what UK cyber force is all about.”

Willett said that, for peacetime civilian requirements, involvement from the military had the benefit of increasing the mass the UK can bring to bear, both in terms of people and direct investment, allowing the UK to veer and haul the relevant cyber capabilities across its top priorities. This fusion of military and civil capabilities into one force is unique to the domain, with Willett likening it to the US setting up a force that combines the cyber capabilities of the CIA, NSA, FBI and its military Cyber Command.

The NCF plays to something called fusion doctrine, which is how the UK at the moment tries to run its public sector services across the board.

Willett added: “What that also means is that military operators operating in peacetime under very clear Foreign Office authorisations can get experience of the cut and thrust of real cyber operations, which helps them prepare for that moment when they are required to deliver a military effect.”

The formation of the force also plays into the UK’s existing ‘fusion doctrine’, launched as part of the 2018 National Security and Capability Review. The fusion doctrine was designed to improve national security and strategy by creating a whole-government approach to security.

Willett said: “The NCF plays to something called fusion doctrine, which is how the UK at the moment tries to run its public sector services across the board, not only intelligence and security, to make the most of collaboration between different departments and with the private sector."

He added that the fused model of operating was a good one to follow for any nation aspiring to generate a ‘whole of nation’ approach to cyber.

Merging cyber and defence

The formation of the force has prompted some concern over continuing a trend of the militarisation of cyberspace, which could cause collateral damage across the wider civilian side to cyberspace. Willett explained that the traditional domains of air, land, and sea all also have civilian dependencies that militaries have learned how to fight around.

The National Cyber Force allows for operators to learn how to work effectively in the margins of cyberspace without causing damage to its civilian use.

It’s not just about deterrence. It is being able to fight in cyberspace, if we have to, as we do in land, sea and air.

In the announcements, the government gave some examples of the capabilities of the new force, such as being able to interfere with terrorists' mobile phones to disrupt communications, prevent abuse on the internet by paedophiles and fraudsters, and being able to keep UK aircraft safe from hostile weapons systems.

While obviously important in itself, such work also generates a warfighting capability in cyber through hands-on experience of operations. Willett said: “There is much said about going after terrorists and serious and organised criminals in peacetime, but we shouldn’t forget that we are also developing a capability for warfighting. That's one of the reasons there's a National Cyber Force.

“Of course, you can argue about whether deterring people through cyber capabilities is effective or not. But it's not just about deterrence. It is being able to fight in cyberspace, if we have to, as we do in land, sea and air, and there is that dimension to the National Cyber Force which was slightly underplayed in all the announcements.”