.
23-8-23
MI6 - History; (Vauxhall Pleasure Gardens) SIS Building - B1M > .
Security
The
National Cyber Force (NCF) is a result of the consolidation of offensive cyber activity in the
United Kingdom, dedicated to offensive action to combat security threats, hostile states, terror groups, extremism, hackers, disinformation and election interference. The specialist unit is a joint initiative between the
Ministry of Defence (MOD) and
GCHQ, the British
intelligence agency, due to launch in spring 2020. Its headquarters will be based in an as-yet determined location in the North-West of England as part of a new 'cyber corridor'.
The
NCF draws together personnel from
intelligence, cyber and
security agency GCHQ, the
MoD, the
Secret Intelligence Service (MI6) and the
Defence Science and Technology Laboratory (DSTL) under
one unified command for the first time. Alongside MoD’s operational expertise, DSTL’s scientific and technical capabilities and GCHQ’s global intelligence, SIS (MI6) provides its expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology.
Used alongside diplomatic, economic, political and military capabilities, examples of cyber operations could include:
- interfering with a mobile phone to prevent a terrorist from being able to communicate with their contacts;
- helping to prevent the internet from being used as a global platform for serious crimes, including sexual abuse of children and fraud; and
- keeping UK military aircraft safe from targeting by hostile weapons systems.
Government Communications Headquarters, commonly known as
GCHQ, is an
intelligence and
security organisation responsible for providing
signals intelligence (SIGINT) and
information assurance to the
government and
armed forces of the
United Kingdom. Based in "
The Doughnut" in the suburbs of
Cheltenham, GCHQ is the responsibility of the country's
Secretary of State for Foreign and Commonwealth Affairs, but it is not a part of the
Foreign Office and its Director ranks as a
Permanent Secretary.
GCHQ was originally established after the
WW1 as the
Government Code and Cypher School (GC&CS) and was known under that name until
1946. During
WW2 it was located at
Bletchley Park, where it was responsible for breaking the German
Enigma codes. There are
two main components of the GCHQ, the
Composite Signals Organisation (CSO), which is responsible for
gathering information, and the
National Cyber Security Centre (
NCSC), which is responsible for
securing the UK's own communications. The
Joint Technical Language Service (JTLS) is a small department and cross-government resource responsible for mainly
technical language support and translation and interpreting services across government departments. It is co-located with GCHQ for administrative purposes.
The
National Cyber Security Centre (NCSC) is an organisation of the
United Kingdom Government that provides advice and support for the
public and private sector in how to avoid
computer security threats. Based in
London, it became operational in October 2016, and its parent organisation is
GCHQ.
The NCSC absorbed and replaced
CESG (the
information security arm of GCHQ), the
Centre for Cyber Assessment (CCA),
Computer Emergency Response Team UK (CERT UK) and the cyber-related responsibilities of the
Centre for the Protection of National Infrastructure (CPNI). It built on earlier efforts of these organisations and the
Cabinet Office to provide guidance on
Information Assurance to the UK's wider private sector, such as the "10 Steps" guidance released in January 2015. In pre-launch announcements, the UK government stated that the NCSC would first work with the
Bank of England to advise financial institutions on how to bolster online defences. The centre was first announced in November 2015 by the
Chancellor of the Exchequer,
George Osborne. The existing Director General Cyber of GCHQ, Ciaran Martin, leads the new centre, and GCHQ's current Technical Director of Cyber Security, Dr Ian Levy, assumed the same role at the NCSC. ... In April 2016, the
Ministry of Defence announced that a Cyber Security Operations Centre (CSOC) "to protect the MOD's cyberspace from malicious actors" with a budget of over £40 million will contribute to this initiative. It is located at
MoD Corsham.
GCHQ Bude, also known as
GCHQ Composite Signals Organisation Station Morwenstow, abbreviated to
GCHQ CSO Morwenstow, is a
UK Government satellite ground station and
eavesdropping centre located on the north
Cornwall coast at Cleave Camp, between the small villages of
Morwenstow and
Coombe. It is operated by the
British signals intelligence service, officially known as the
Government Communications Headquarters, commonly abbreviated GCHQ. It is located on part of the site of the former
WW2 airfield,
RAF Cleave.
Around
£76m will be invested in the NCF in its first year. It will operate alongside the
National Cyber Security Centre (NCSC), which primarily concentrates on defensive cyber activities to protect government departments, strategic infrastructure and industry.
An
April 2021 report produced by academics from
King's College London and the
Offensive Cyber Working Group has produced a set of recommendations for the NCF, with an aim to increase public debate on offensive cyber in the UK.
Plans for the unit were reported in the media in September 2018. It has since been reported to have been delayed because of "distractions caused by uncertainties over Brexit and frequent changes of ministers and secretaries of state in the MoD" and
turf wars between the MOD and GCHQ.
In
2013, GCHQ received considerable media attention when the former
National Security Agency contractor
Edward Snowden revealed that the agency was in the process of collecting all online and telephone data in the UK via the Tempora programme.
Tempora is the codeword for a formerly-secret computer system that is used by the British
Government Communications Headquarters (GCHQ). This system is used to buffer most
Internet communications that are extracted from
fibre-optic cables, so these can be processed and searched at a later time. It was tested since 2008 and became operational in late 2011.
Tempora uses intercepts on the fibre-optic cables that serve as the
backbone of the Internet to gain access to large amounts of Internet users' personal data, without any individual suspicion or
targeting. The intercepts are placed in the United Kingdom and overseas, with the knowledge of companies owning either the cables or landing stations.
The existence of Tempora was revealed by
Edward Snowden, a former American intelligence contractor who leaked information about the program to former
Guardian journalist
Glenn Greenwald in May 2013 as part of his revelations of government-sponsored
mass surveillance programs. Documents Snowden acquired showed that data collected by the Tempora program is shared with the
National Security Agency of the United States.
Snowden's revelations began a spate of ongoing disclosures of global surveillance. The Guardian newspaper was then forced to destroy all incriminating files given to them by Snowden because of the threats of lawsuits from the UK Government.
USA
United States Cyber Command (USCYBERCOM) is one of the eleven
unified combatant commands of the
United States Department of Defense (DoD). It
unifies the direction of
cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise.
USCYBERCOM was created in
mid-2009 at the
National Security Agency (NSA) headquarters in
Fort George G. Meade,
Maryland. It cooperates with NSA networks and has been concurrently headed by the
director of the National Security Agency since its inception. While originally created with a
defensive mission in mind, it has increasingly been viewed as an
offensive force. On 18 August 2017, it was announced that USCYBERCOM would be elevated to the status of a
full and independent unified combatant command. This elevation occurred on
4 May 2018.
The US and UK are joining forces to "impose consequences" on their shared adversaries who conduct malicious cyber-activities. The combined action would address "evolving threats with a full range of capabilities", they said. The shared adversaries were not named but the announcement follows increasing concern over Russia-based ransomware. The plan was discussed last week at an annual meeting of intelligence chiefs, in the US.
Gen Sir Patrick Sanders and Government Communications Headquarters (GCHQ) director Sir Jeremy Fleming and US Cyber Command head Gen Paul Nakasone "reaffirmed" their commitment to jointly disrupt and deter new and emerging cyber-threats.
As democratic nations, the two countries were committed to carrying out proportionate and necessary operations within the law. The US and UK are stepping up efforts to strike back in cyber-space - or at least they are becoming more public about it. They are also making clear the long-standing intelligence partnership is translated into offensive operations online. The US strategy of "persistent engagement" means contesting foreign adversaries day-to-day in cyber-space to try to make it harder for them to operate.
The UK does not use the same language but, with the launch of the National Cyber Force, it has signalled it is doing the same - trying to knock out ransomware groups' infrastructure, for example, or make it harder for foreign intelligence agencies to carry out espionage or more destructive attacks.
The talk is of "imposing consequences" - but there are still big questions about whether these actions are having a significant effect on opponents who play by different rules or deterring those adversaries from continuing their actions.