In November 2020, the UK government announced it was creating a new cyber defence division as part of its latest defence budget. The department, titled the National Cyber Force (NCF), will be the latest push towards modern areas of hostility. As more and more of the world moves online, the UK intends to maintain its position as a world-leading cybersecurity figure.
What is the NCF?
The NCF is a new department that was created out of existing security bodies. It has been in the pipeline since 2013 but has only now come to fruition. In recent years, attacks on Western countries, particularly those intended to disrupt democratic elections, are likely one of the biggest drivers behind this move.
Within the NCF are specialists in intelligence and cybersecurity from agencies such as the MoD, GCHQ, MI6 (the Secret Intelligence Service), and the Defence Science and Technology Laboratory (DSTL). Although these specialists already perform similar roles to what they will do in the NCF, this will be the first time they are brought together under a unified department.
The NCF intends to combine:
- The DSTL's scientific and technical expertise
- MI6's recruitment and training of specialist agents, and its use of operational technology
- The MoD's operational expertise
Together, these departments will form something of a super taskforce, specifically designed to protect the UK's online interests in the future. As cybercrime incidents are only going to rise, the government intends to create a unique department that combines all its parent organisations' strengths.
According to the BBC, the NCF's operational command has been in action since April 2020, but it has only recently announced it to the public. The department is recruiting members from within its parent organisations and the armed forces, intending to grow to a 3,000-member team within the next ten years.
What will the NCF do?
In recent years, the line between traditional warfare and modern conflict has been blurred dramatically. For example, potential interference in recent elections runs through disinformation campaigns on social media and other platforms. Or the Cambridge Analytica scandal, which arguably had no "foreign threat" behind it.
Then you have modern terrorism organised online through encrypted chat services, online portals, and the Deep Web. In this era of international peace (albeit on a technical level), the goalposts of conflict have shifted dramatically.
But this is where the NCF comes in. They intend to utilise operations already in existence (such as GCHQ's phone monitoring), combined with recent cybersecurity innovations, to protect the UK and its online assets.
According to the GCHQ website, some of their cyber operations could include:
- Helping to prevent the internet from being used for a serious crime on a global level, including fraud, child sexual abuse, drug trafficking, and more.
- Interfering with a specific mobile phone to stop the user communicating with contacts, even over encrypted apps.
- Remotely targeting hostile weapons systems to protect British military interests.
Of course, their operations' true breadth will remain top secret, so we can only speculate as to how the NCF will fully protect the UK online.
Through the NCF, the UK intends to build upon its previous online work done through GCHQ. For example, in 2016, GCHQ was used against ISIS to counteract their online propaganda networks. The NCF then offered this technology to NATO in 2018, and continue to work alongside the agency in the future.
In short, the NCF's goal will be to combine the expertise of existing security and intelligence forces to work against online threats, whether these be hackers, terrorists, or criminals. Hopefully, the result will be to position the UK as a world-leader in cybersecurity while also making it a secure place to live and work as more services move online.
The NCF offers excellent potential to change the face of cybersecurity. Bringing together such a range of technology and security organisations under a single authority will be game-changing.
That said, the cybersecurity sector is growing at such a rapid rate that there is little time to acknowledge and debate the ethical considerations of what these cutting-edge operations might mean for ordinary citizens. Although not discussed explicitly, what effects could this new department have on the concept of online privacy?