The UK’s National Cyber Force has been conducting “daily” hacking operations in support of overseas military deployments as well as targeting terrorists, cyber criminals and child pornographers, one of the country’s top spies said on Tuesday.
Sir Jeremy Fleming, director of GCHQ, said the covert unit had “countered state threats, made key contributions to military operations, and disrupted terrorist cells and serious criminals” since it was set up three years ago.
The rare insight into the workings of the NCF came in a 28-page document outlining the principles on which it operates. GCHQ also named the head of the unit for the first time: James Babbage, an intelligence officer who has worked for 30 years at GCHQ with spells at the Ministry of Defence and as a liaison officer in the US.
The disclosure comes as the US Cyber Command, a unit of the Pentagon founded in 2010 on which the NCF is based, has started to reveal more about its covert operations as Russia continues to mount an unprecedented volume of cyber attacks against Ukraine.
Fleming said he hoped the document, released on Tuesday and titled “The National Cyber Force: responsible cyber power in practice”, would provide “a basis for like-minded governments . . . to establish a shared vision and values for the responsible use of cyber operations”.
As a member of the Five Eyes intelligence grouping, which includes Australia, Canada, New Zealand and the US, the UK has some of the world’s most advanced cyber warfare capabilities. The NFC is a collaboration between GCHQ, the defence ministry, the UK’s foreign security service MI6, and the Defence, Science and Technology Laboratory.
The unit is set to grow from a few hundred staff to 3,000 employees in the coming years and will eventually move into a permanent headquarters based at Samlesbury in Lancashire.
Central to its cyber approach is the “doctrine of cognitive effect”, which the NCF said involves techniques that aim to sow distrust, decrease morale and weaken adversaries’ ability to plan and conduct their activities.
Its capabilities range from jamming an enemy’s air defences to protect British forces during a mission, or monitoring or shutting down the communication networks of a terrorist group, such as Isis, which GCHQ publicly acknowledged doing in 2018.
The NCF gave no details of any specific operation but said they were conducted in a legal and ethical manner. It added: “As a general rule we cannot and do not avow cyber operations, as to do so undermines the benefits of ambiguity and risks enabling adversaries to develop better defences.”
GCHQ said Babbage was a history graduate who went on to complete a masters in computing and began working at GCHQ in the early 1990s.
The partial lifting of the lid on the NCF’s work follows recent moves by UK spy agencies to come out of the shadows as public concern grew about state surveillance and their need to widen recruitment.
It comes against a backdrop of the US and EU authorities clamping down on the activities of commercial suppliers of technology used by western intelligence agencies over fears the unregulated market has allowed hostile states and criminals to benefit from some of the cyberweapons that have been developed.
US president Joe Biden signed an executive order last week aimed at identifying contractors supplying sophisticated cyber tools into those deemed friendly to the west and those that sell to regimes more likely to use the weapons to surveil or repress their own citizens. The bad actors would be barred from the US market.
The EU is expected to follow soon with similar rules, clamping down on a simmering spyware crisis in Spain and in Greece, where companies have sold sophisticated, military grade technologies that have been used on opposition lawmakers and journalists.
