The UK’s National Cyber Force (NCF) has been carrying out operations to sow distrust, weaken morale and undermine adversaries’ abilities to carry out activities, it has revealed.
The organisation – a partnership between the Ministry of Defence and GCHQ set up in 2020 – has published a report on its role – NCF: Responsible Cyber Power in Practice – as part of a commitment in the Government’s Integrated Review Refresh to be as transparent as possible about cyber capabilities.
It highlights the ‘doctrine of cognitive effective’, which can involve steps such as preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to use the internet to spread disinformation, often without realising they are experiencing the result of a cyber operation.
It maintains, however, that all of operations are conducted in a legal and ethical manner in line with domestic and international law.
While there are no details of individual operations, the document says they have been taking place on a daily basis, and the main objective is to change adversaries’ behaviour, often disrupting their activities, by exploiting their reliance on digital technology.
Operations are based on the principles of accountability, precision and calibration. The last involves assessing the impact of operations within a wider context, a dynamic process that responds to any changes in the operational environment.
There are three categories of operations: countering threats that use the internet across borders to do harm in the UK and elsewhere; countering threats that undermine the confidentiality, integrity and availability of data; and contributing to UK defence operations.
These have extended to actions to counter serious crime and to remove child sexual exploitation and abuse material from public spaces online.
The report says the next steps for NCF are to scale up its operations with more personnel and capabilities, extend its reach through investment in its technological capabilities, and integrate with other parts of government and a wider range of partners and allies. It is working with law enforcement, the intelligence and security community, policy departments and the private sector.
Its main challenges are in ensuring it has sufficient skills, that it keeps up with changes in cyber and digital technology, that it matches its resources to where the impact is greatest, and is able to measure the effects of its operations.
Contest and compete
Director GCHQ, Sir Jeremy Fleming, said: “In an increasingly volatile and interconnected world, to be a truly responsible cyber power, nations must be able to contest and compete with adversaries in cyberspace. In the UK, the National Cyber Force complements the UK’s world class cyber resilience to give the country operational cyber capabilities at the scale needed to protect our free, open, and peaceful society.
“Building upon two decades of experience, the dynamic new partnership has countered state threats, made key contributions to military operations, and disrupted terrorist cells and serious criminals including child sex offenders.
“With the threat growing and the stakes higher than ever before, we hope this document provides a benchmark for the UK’s approach and a basis for like-minded governments to come together internationally to establish a shared vision and values for the responsible use of cyber operations.”
Since it was set up NCF has been led by James Babbage, a GCHQ intelligence officer for nearly 30 years.