Credit: Pete Linforth/Pixabay

The government has, for the first time, released details of cyberattacks against hostile states and covert online influence activities undertaken by the UK’s dedicated National Cyber Force.

The creation of the force – the core remit of which is to lead the UK’s “offensive cyber” activities against the country’s adversaries, both nation states and terrorists – was first announced in November 2020. Its work, which also includes helping to tackle serious crime with a digital footprint, will be supported by £5bn of funding this decade.

This week, as part of a “commitment… to be as transparent as possible”, the government has published a report on the activity of the National Cyber Force (NCF). The force now “carries out cyber operations on a daily basis”, the government claimed, and is having success “using techniques that have the potential to sow distrust, decrease morale, and weaken our adversaries’ abilities to plan and conduct their activities effectively”.

According to the report, the NCF conducts operations in three main categories, including: combatting threats from hostile states, terrorists and criminals; combatting threats to the UK's systems, networks and data; and supporting wider defence and overseas policy objectives.

Activities conducted by the force include covert work “to influence hostile actors to change their behaviours, including engaging with them directly online”. 

“The intent is sometimes that adversaries do not realise that the effects they are experiencing are the result of a cyber operation,” the report added. “The ambiguity involved can help to amplify the cognitive effect.”

Related content

• Funding scheme aims to address military vulnerability to cyberattack
• Army restructure introduces cyber and electronic warfare division
• The fog of cyberwar

In addition to its work to influence hostile actors, the force also undertakes “dynamic, target operations” against “a range of priority targets”. Such operations are “highly tailored” to the adversary in question and may encompass “repeated targeting”.

“Our work can include covert operations against the IT networks or technology used by adversaries and employing techniques to make that technology function less effectively or cease to function altogether, the report said. “It might involve disrupting an adversary’s ability to use different forms of digital communications systems, so they are unable to contact each other at critical times. Or affecting systems an adversary depends on for access to data or to enable their decision making.”

The NCF sits jointly within the Ministry of Defence – and its tech research unit, the Defence Science and Technology Laboratory – GCHQ, and the Secret Intelligence Service, often referred to as MI6.

As well as stand-alone operations, the force’s work commonly forms part of wider “coordinated action” in concert with other military, defence, and intelligence agencies. It also has a remit to support the development of cyber skills across the landscape.

The report said: “Conducting operations in cyberspace is a critical part of driving the conditions and tempo of strategic activity; a key plank of the military’s approach to increased nation-state competition, and to warfighting, where that is necessary.”

Next steps
Over the coming months and years, the NCF – which is based in the Lancashire village of Samlesbury – has identified three priority areas for progress: scale; reach; and integration.

This will include “pursuing fast growth of personnel and capabilities”, as well as “significant investment… to keep pace with the changing nature of technology”. 

Alongside which will be greater efforts to “integrate effectively with other parts of government and with a wider range of partners and allies, [which] includes law enforcement, partners in the UK intelligence and security community, government policy departments, and a growing number of international allies… [and] we are [also[ working with the private sector, academia, think tanks and wider civil society”, according to the report.

The government claims that a national offensive capability has become necessary as “countries such as Russia and Iran routinely carry out cyber operations” intended to disrupt democratic procedures, the operations of the state, and national infrastructure of overseas enemies.

“Cyber operations offer particular advantages, depending on the circumstances,” the report said. “They provide an opportunity to reach adversaries irrespective of geography and without the need for individuals to be physically present. They can sometimes provide the only practical means of disrupting an adversary’s ability to exploit the internet and digital technology. They can be precisely targeted with specific effect and can avoid the challenges of using other, potentially physically destructive, interventions.”