Agency that carries out offensive cyber operations for the UK, reveals it is engaged against Russian, Chinese and other nation-state hackers
The UK’s National Cyber Force (NCF) has outlined how it conducts ‘responsible’ cyber operations to counter threats to the United Kingdom, three years after it was founded.
The UK’s offensive hacking unit in its first official policy paper, “Responsible Cyber Power in Practice”, said it carries out cyber operations on a daily basis to counter state threats, support military operations, and disrupt terrorists and serious crime.
It was back in February 2020 when the United Kingdom first mooted the specialist cyber force that would target terror groups and hostile nation states.
National Cyber Force
The British cyber force was only officially confirmed by the government in November 2020, when the National Cyber Force (NCF) – a partnership between the British military and GCHQ – was officially launched.
In October 2021 the government confirmed the headquarters of the National Cyber Force, was to be in Samlesbury, Lancashire.
Samlesbury is a village in the north west of England, located between Blackbrun and Preston, and the NCF centre is said to be based near the production facility of BAE Systems at a Second World War airfield (in Samlesbury).
The ‘NCF: Responsible Cyber Power in Practice’ policy document is part of the Government’s promise to be as transparent as possible about the NCF’s cyber capabilities and provide clarity on how the UK acts as a responsible and democratic cyber power.
The UK said it was reiterating its commitment to international stability and security, illustrating how states can act responsibly in cyberspace by demonstrating how the NCF’s operations are accountable, precise and calibrated.
This contrasts, the government said, with the reckless and indiscriminate activities of those who would do harm to the UK and its allies.
All of the NCF’s operations are conducted in a legal and ethical manner, in line with domestic and international law and our national values, the government added.
Central to the NCF’s approach is the ‘doctrine of cognitive effect’ – using techniques that have the potential to sow distrust, decrease morale, and weaken our adversaries’ abilities to plan and conduct their activities effectively.
This can include preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to use the internet to spread disinformation by affecting their perception of the operating environment.
The NCF’s work is covert and the government said it therefore does not reveal details of individual operations.
Indeed the intent is sometimes that adversaries do not realise that the effects they are experiencing are the result of a cyber operation.
That said, the government has disclosed that over the last three years the NCF has delivered operations to:
- protect military deployments overseas;
- disrupt terrorist groups;
- counter sophisticated, stealthy and continuous cyber threats;
- counter state disinformation campaigns;
- reduce the threat of external interference in democratic elections; and
- remove child sexual abuse material from public spaces online.
“In an increasingly volatile and interconnected world, to be a truly responsible cyber power, nations must be able to contest and compete with adversaries in cyberspace,” noted director GCHQ, Sir Jeremy Fleming.
“In the UK, the National Cyber Force complements the UK’s world class cyber resilience to give the country operational cyber capabilities at the scale needed to protect our free, open, and peaceful society,” said Fleming.
“Building upon two decades of experience, the dynamic new partnership has countered state threats, made key contributions to military operations, and disrupted terrorist cells and serious criminals including child sex offenders,” said Fleming.
“With the threat growing and the stakes higher than ever before, we hope this document provides a benchmark for the UK’s approach and a basis for like-minded governments to come together internationally to establish a shared vision and values for the responsible use of cyber operations,” he said.
Meanwhile General Sir Jim Hockenhull, Commander of Strategic Command, said the National Cyber Force is a crucial tool in the UK’s integrated approach to national security and defence of the UK.
“Working across Government and with our international allies is vital,” said Hockenhull. “There is a power in partnerships, and we must go further to out-cooperate and out-compete states that are driving instability.”
The NCF on Tuesday also named its Commander for the first time, as part of the Government’s commitment to provide transparency about how the UK conducts responsible cyber operations.
James Babbage, a GCHQ intelligence officer for nearly 30 years, has led the NCF since its inception in 2020, scaled its operations and led efforts to integrate it effectively with a broad range of other agencies and partners.
He has spent most of his career at GCHQ, with a secondment to the Ministry of Defence.
The existence of the NCF comes at amid increasingly dangerous online environment, with Russia, China and North Korea presenting ongoing threats.
Last week, a leak of confidential files from a Moscow defence contractor provided a fascinating insight into Russia’s cyberwarfare operations.
NTC Vulkan developed cyberwarfare tools for Russian hackers, aimed at taking down infrastructure networks and scouring the internet for cyber vulnerabilities.
It should be noted that the United Kingdom has been steadily growing its cyber capabilities for more than a decade now.
In June 2011 for example the UK Ministry of Defence (MoD) created a joint force command unit, that integrated the MoD’s cyber warfare and military intelligence units.
A few months prior to that in May 2011, the British government also acknowledged it had begun work on a “toolbox” of offensive cyber-weapons to complement its existing cyber defensive capabilities.
Then in 2013, the MoD began to allow convicted hackers to join the UK’s Joint Cyber Reserve Unit (JCRU).
This past decade has seen the government continue to expand the UK’s cyber-security forces, including the foundation of the National Cyber Security Centre (NCSC), which operates under GCHQ (based in Cheltenham, but the NCSC is based in London).
Indeed, between 2011 and 2016, the Government allocated £860m to the National Cyber Security Programme, and for the five years from 2016 to 2021, the Government “has in recognition of the threat – significantly increased funding and allocated £1.9bn for the new National Cyber Security Strategy.”
And with the online threats continuing to grow, so has the government’s cyber offensive capabilities.
In September 2018 the Government said it would expand the UK’s offensive cyber-war capabilities by approximately fourfold with a new cyber warfare unit.
The exact nature of the UK’s offensive cyber weaponry remains a closely guarded secret, but in a submission to a report December 2017 by parliament’s intelligence and security committee, GCHQ said the capabilities of its cyber unit extended to “the high end of counter state offensive cyber capabilities”.
“We actually over-achieved and delivered (almost double the number of) capabilities (we were aiming for),” GCHQ said at the time.
In April 2018 the government revealed it had carried out a cyber-attack on the ISIL or Islamic State terrorist group.
The UK’s National Cyber Force is thought to contain an estimated 500 specialists (i.e. hackers)