The UK's new offensive cyber unit takes on organised crime and hostile states

National Cyber Force will be made up of intelligence, cyber and military experts and aims to disrupt activity by hostile states or criminals.
Written by Steve Ranger, Global News Director

A new offensive force made up of spies, cyber experts and the members of the military is already conducting cyber operations to disrupt hostile state activities, terrorists and criminals, the UK government has revealed.

The new group - known as the National Cyber Force - aims to tackle threats to the UK's national security such as countering terror plots, as well as supporting UK military operations.

Prime Minister Boris Johnson told parliament that the new force was already up and running: "I can announce that we have established a National Cyber Force, combining our intelligence agencies and service personnel, which is already operating in cyberspace against terrorism, organised crime and hostile state activity," he said.

SEE: What is cyberwar? Everything you need to know about the frightening future of digital conflict

The National Cyber Force draws together experts from intelligence agency GCHQ, the Ministry of Defence, the Defence Science and Technology Laboratory, and the Secret Intelligence Service – MI6 – which will provide its "expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology".

GCHQ said that examples of cyber operations could include interfering with a mobile phone to prevent a terrorist from being able to communicate with their contacts, helping to prevent the internet from being used as a platform for serious crimes, or keeping UK military aircraft safe from targeting by hostile weapons systems.

The NCF is separate to the NCSC, another part of GCHQ, which works on UK cybersecurity.

Director GCHQ Jeremy Fleming said the National Cyber Force "brings together intelligence and defence capabilities to transform the UK's ability to contest adversaries in cyber space, to protect the country, its people and our way of life."

GCHQ said the new force builds on the UK's current National Offensive Cyber Programme, including collaboration between GCHQ and the military to carry out cyber operations. The National Cyber Force has actually been floated a few times by the government already this year; back in 2018 it was reported that the new unit would be 2,000 strong and would have a budget of £250 million.

There has already been at least some use of cyberattacks or 'offensive cyber operations' by the UK: in 2016 the government said it had conducted cyber operations against Daesh, and in 2018 it was revealed the UK had used cyberattacks against ISIS propaganda networks. The UK has also offered its cyber capabilities to NATO.

The news about the National Cyber Force was part of a broader announcement of a defence review aimed at increasing the use of technology by the armed forces, creating a "single network" to overcome the enemy, the Prime Minister said.

"A soldier in hostile territory will be alerted to a distant ambush by sensors on satellites or drones, instantly transmitting a warning, using artificial intelligence to devise the optimal response, and offering an array of options, from summoning an air strike to ordering a swarm attack, by drones or paralysing the enemy with cyber weapons," Johnson said.

SEE: Ransomware victims aren't reporting attacks to police. That's causing a big problem

Such an emphasis on cyber operations is not without critics, however. As there are no clear rules about what is an appropriate response to a cyberattack, there are concerns that the increased use of offensive cyber-warfare capabilities could lead to rapid and hard-to-control escalation in times of conflict, because different nations may be playing by different rules.

And while some argue that advertising cyber capabilities can act as a deterrent to potential attackers, not all are convinced. In a recent speech Ciaran Martin, until recently the chief of NCSC, said: "In all my operational experience, I saw absolutely nothing to suggest that the existence of Western cyber capabilities, or our willingness to use them, deters attackers.

"We risk an acceptance that the acquisition and use of higher-end cyber capabilities are a priority, without testing the question about what this means for our own digital environment. We haven't had this fundamental debate because the national security community and the technological communities are not really talking to each other," he said. 

Editorial standards