The new battleground

It seems that not a week goes by without a story emerging on how hackers have breached a huge corporation to steal data, or that an organisation has had its IT systems brought to a standstill by cybercriminals seeking financial gain. Security forces, including the military, are also having to contend with the significant threat posed by state-based, or statefunded, groups that have the skill and expertise to threaten critical national infrastructure, causing a threat to wider national security.

As we connect more computers, machines and general devices to the internet – in what is commonly referred to as the ‘internet of things’ – we can only expect the cyberthreat to grow as hackers find more ways to infiltrate networked systems.

Militaries around the world are also looking to enhance connectivity on the battlefield, which could present similar vulnerabilities. Vehicles and soldiers are becoming more digitised with a raft of computer technologies that emphasise interconnectedness, and data generation and sharing. As much as this digitisation will represent a capability enhancement, it may also increasingly result in digital vulnerability for armed forces if they are not properly prepared for both defensive and offensive cyber operations.

“We are operating in an unpredictable environment where we will see increasingly sophisticated attacks using rapidly evolving technologies,” explained Elliot Rose, head of cybersecurity at PA Consulting. “Some of these attacks will be much more nuanced than previously and, as the Bank of England has recently highlighted, could include attempts to corrupt information in key organisations to disrupt the UK economy.

£22 million
The amount committed by the British MoD to set up new cyber operations centres across the UK.
MCM Media 2019

“These types of attacks need the armed forces to work closely with industry to defeat them by using intelligence and surveillance to spot them, and then taking action to prevent further damage,” Rose added. “While maintaining defensive strategies and actions is vital, the armed forces should also use offensive cyber techniques to uncover and disable advanced adversaries, and stop and prevent attacks before they happen.”

In June 2019, speaking at the Royal United Service Institute’s Land Warfare Conference, the head of the army, Mark Carleton-Smith, noted that it was “indisputably the case” that a technical revolution was under way, and that a response by the British Army needed to be equally revolutionary.

“Secure borders, or living on an island, are no guarantees against the corrosive and intrusive effects of disinformation, subversion and cyber,” he explained.

Funding for protection

In May 2019, then-UK defence secretary Penny Mordaunt announced at the NATO Cyber Defence Pledge Conference in London that the MoD was committing £22 million for the British Army to set up new cyber operations centres across the UK. The centres “will draw together cyber capability from a range of sources – including both national intelligence and open source data – to give the army the competitive edge across all environments”, says the MoD.

The centres are likely to draw heavily on the 77th Brigade – a combined reserve and active unit that specialises in information warfare – as well as have contact with joint and other national security organisations. “These new cyber centres will allow the army and defence to transform the way we use data, at speed, so that we can compete with our adversaries in a way fit for the 21st century,” says Major General Tom Copinger-Symes, director of Military Digitisation, UK Joint Forces Command.

The details of where each cyber centre is to be located has yet to be determined, but operations are expected to begin in 2020. The new centres are to form part of wider investment into the UK’s National Cyber Security Strategy, which has included the standing up of a new National Cyber Security Centre (NCSC) in 2016, as well as the development of military-focused cyber capabilities by the MoD.

It is unclear, and would likely remain so for operational reasons, how much focus will be placed on defensive and offensive operations – the latter is particularly secretive. While offensive cybersecurity strategies would not eliminate all cyberattacks, they are “extremely valuable in reducing their likelihood”, according to Rose.

“An adversarial approach focused on seeking out the perpetrators, and attempting to disable – or at least disrupt – their operations needs to be central to the government’s strategy,” he added. “That needs to be accompanied by work to build an international consensus and partnerships to prevent the UK being viewed as a rogue cyber state.”

For experts such as Rose, the key for the new British Army centres would be close partnerships with the private sector to ensure that the armed forces are properly prepared for the threat they face.

“Collaboration with the private sector is critical so the centres can leverage capabilities and get a real understanding of the threats to the UK economy,” explains Rose. “As with the NCSC100 initiative, the centres should have a policy of secondment both ways with industry. The range of potential attackers, from nation states, hacktivists, criminals or extremists, means that organisations can no longer operate alone and the centres must be fully integrated with government and intelligence agencies, as well as the private sector.”

Along with shoring up defence in the immediate future, Rose explained that the government and armed forces must invest in training the next generation of cyber experts. “We need people with a deep understanding of their operating environment, an ability to ask the right questions and the right methodologies. We need to learn from others such as Israel, where the government funds and develops the most talented people from an early age. They gain a couple of years of return, and then embrace the fact that these people will eventually move to the private sector.” 

National Cyber Deception Laboratory launched

A new bastion of UK cyberdefence was offi cially launched at the inaugural National Cyber Deception Symposium in November 2019. A joint endeavour established by Cranfi eld University and the Defence Cyber School at the Defence Academy, Shrivenham, the National Cyber Deception Laboratory (NCDL) will allow research and information exchange between academia, industry and the government.

Darren Lawrence, a senior lecturer in behavioural science and head of the Information Operations Group at Cranfi eld University, has taken on the directorship of the new laboratory. “Military networks need a full spectrum military defence – existing civilian security approaches are simply not up to this task,” he commented on the NCDL’s launch. “Deception is all about creating errors in how our adversaries make sense of their world. It is about getting them to act in ways that suit our purposes, not theirs.”

The establishment of the NCDL was commended by Air Commodore Tim Neal- Hopes, head of MoD C4ISR and keynote speaker at the National Cyber Deception Symposium. “We live in a period of constant contest,” he said. “A period where the UK is attacked through cyberspace on a daily basis. Defence, if it is to maintain operational effectiveness, must therefore defend its information, networks and cyberdependent capabilities against these perpetual attacks.

“Cyber deception is a crucial element of cyberdefence, and I am therefore delighted to champion the creation of the National Cyber Deception Laboratory [NCDL] as part of that collective effort, and look forward to bringing the full force of the NCDL to help the UK MoD, and her allies, operate securely in the information age.”

According to Lawrence, the laboratory would give the military a greater chance to get the jump on potential attackers. “Researching ways to shape attacker behaviour and deny them the freedom to operate within our networks will enable military cyberdefence to move on to a more aggressive footing and deter future attacks.”