‘Sow distrust and decrease morale’ – government lifts lid on work of UK’s offensive cyber spy unit

Written by Sam Trendall on 6 April 2023 in News

National Cyber Force reveals its work includes covert influence operations as well as disruption of adversaries IT networks

Credit: Pete Linforth/Pixabay

The government has, for the first time, released details of cyberattacks against hostile states and covert online influence activities undertaken by the UK’s dedicated National Cyber Force.

The creation of the force – the core remit of which is to lead the UK’s “offensive cyber” activities against the country’s adversaries, both nation states and terrorists – was first announced in November 2020. Its work, which also includes helping to tackle serious crime with a digital footprint, will be supported by £5bn of funding this decade.

This week, as part of a “commitment… to be as transparent as possible”, the government has published a report on the activity of the National Cyber Force (NCF). The force now “carries out cyber operations on a daily basis”, the government claimed, and is having success “using techniques that have the potential to sow distrust, decrease morale, and weaken our adversaries’ abilities to plan and conduct their activities effectively”.

According to the report, the NCF conducts operations in three main categories, including: combatting threats from hostile states, terrorists and criminals; combatting threats to the UK's systems, networks and data; and supporting wider defence and overseas policy objectives.

Activities conducted by the force include covert work “to influence hostile actors to change their behaviours, including engaging with them directly online”. 

“The intent is sometimes that adversaries do not realise that the effects they are experiencing are the result of a cyber operation,” the report added. “The ambiguity involved can help to amplify the cognitive effect.”

Related content

In addition to its work to influence hostile actors, the force also undertakes “dynamic, target operations” against “a range of priority targets”. Such operations are “highly tailored” to the adversary in question and may encompass “repeated targeting”.

“Our work can include covert operations against the IT networks or technology used by adversaries and employing techniques to make that technology function less effectively or cease to function altogether, the report said. “It might involve disrupting an adversary’s ability to use different forms of digital communications systems, so they are unable to contact each other at critical times. Or affecting systems an adversary depends on for access to data or to enable their decision making.”

The NCF sits jointly within the Ministry of Defence – and its tech research unit, the Defence Science and Technology Laboratory – GCHQ, and the Secret Intelligence Service, often referred to as MI6.

As well as stand-alone operations, the force’s work commonly forms part of wider “coordinated action” in concert with other military, defence, and intelligence agencies. It also has a remit to support the development of cyber skills across the landscape.

The report said: “Conducting operations in cyberspace is a critical part of driving the conditions and tempo of strategic activity; a key plank of the military’s approach to increased nation-state competition, and to warfighting, where that is necessary.”

Next steps
Over the coming months and years, the NCF – which is based in the Lancashire village of Samlesbury – has identified three priority areas for progress: scale; reach; and integration.

This will include “pursuing fast growth of personnel and capabilities”, as well as “significant investment… to keep pace with the changing nature of technology”. 

Alongside which will be greater efforts to “integrate effectively with other parts of government and with a wider range of partners and allies, [which] includes law enforcement, partners in the UK intelligence and security community, government policy departments, and a growing number of international allies… [and] we are [also[ working with the private sector, academia, think tanks and wider civil society”, according to the report.

The government claims that a national offensive capability has become necessary as “countries such as Russia and Iran routinely carry out cyber operations” intended to disrupt democratic procedures, the operations of the state, and national infrastructure of overseas enemies.

“Cyber operations offer particular advantages, depending on the circumstances,” the report said. “They provide an opportunity to reach adversaries irrespective of geography and without the need for individuals to be physically present. They can sometimes provide the only practical means of disrupting an adversary’s ability to exploit the internet and digital technology. They can be precisely targeted with specific effect and can avoid the challenges of using other, potentially physically destructive, interventions.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@publictechnology.net.

Share this page




Please login to post a comment or register for a free account.

Related Articles

GCHQ appoints first female leader
14 April 2023

Anne Keast-Butler named as new boss of intelligence and cyber agency

MoD seeks senior exec to boost ‘cyber awareness, behaviours and culture’ across defence sector
23 May 2023

Role comes with a remit to work with current and former military personnel, as well as officials and commercial suppliers

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

Government formally unveils annual independent cyber audits for all departments
24 April 2023

Ministerial announcement follows initial examinations of Home Office and business department earlier this year

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...