Britain’s newly created offensive hacking unit, the National Cyber Force, has said it is engaged daily in operations to disrupt terrorist groups, distributors of child sexual abuse material and military opponents of the UK.
An official paper, Responsible Cyber Power in Practice, is the first policy statement from the body and is intended to describe how far the UK is prepared to fight back against growing organised online threats.
Operational details remain sketchy, although the NCF says it is engaged in techniques to “undermine the tradecraft” of Russian, Chinese and other state-sponsored hackers and in “technical disruption” against terrorist groups, for example to prevent the dissemination of online propaganda.
Other activities listed by the NCF include “disrupting networks and operational capabilities” of Britain’s enemies in support of the UK military, and “persistent campaigns” to remove images of child abuse, so making the illegal content harder to find online.
Formally announced in 2020, the NCF is a joint operation between the GCHQ spy agency and the Ministry of Defence. It is the first time Britain’s cyber-attack capabilities have been grouped together in one acknowledged unit.
Russia, China, Iran and North Korea are all considered to promote hacker groups which aim to steal political and trade secrets online, or engage in online ransomware extortion attacks, where cybercriminals take control of a company’s systems and demand substantial payments to restore them.
Last week, a leak of files from Moscow revealed that Russian spy agencies tasked an IT company, NTC Vulkan, to develop cyberwarfare tools aimed at taking down infrastructure networks and scouring the internet for vulnerabilities.
The NCF says it is willing to try to knock out an adversary’s cyber capability if necessary, but argues that it can often be more effective to degrade their “ability to acquire, analyse and exploit the information they need”.
It describes this as the “doctrine of cognitive effect”, by which it is hoped that it is possible to affect opponents’ “perception of the operating environment and weaken[ing] their ability to plan and conduct activities effectively”.
Simply eliminating computer servers or networks may have a more dramatic impact in the short term, but the NCF says lost equipment can often easily be replaced, which is why a longer-term psychological strategy is favoured.
Britain has been very coy about revealing any specific details about cyber operations, which could be interpreted by hostile states as a form of attack. But in the past officials have privately acknowledged hacking into computer networks run by Islamic State in 2017, before the NCF was unveiled.
after newsletter promotion
The hack obtained details about how IS was obtaining drones and related missiles, and how and where pilots were trained, enabling coalition forces to destroy the capability, and reduce the military threat to ground forces in Iraq and Syria.
The NCF’s head, whose name is also being publicly revealed, is James Babbage, a GCHQ officer for the last 30 years, making him one of only four British spies whose names are in the public domain. The other three are the heads of Britain’s intelligence agencies, GCHQ, MI5 and MI6.
Jeremy Fleming, the head of GCHQ, said publishing the policy paper was intended to demonstrate the UK was a “truly responsible cyber power”. The NCF, he added was necessary to allow the UK to “contest and compete with adversaries in cyberspace” and to “protect our free, open and peaceful society”.
