Marcus Willett, @GCHQ's first director of cyber, assesses the SolarWinds intrusion. "... it is neither accurate nor sensible for US commentators to characterise it as an act of war requiring warlike retaliation" iiss.org/blogs/survival…
An interesting reminder from Willett: espionage generates transparency. "Attempts to steal state secrets in peacetime are internationally tolerated because, among other things, they can reduce the chance of a misunderstanding that could lead to a real conflict."
Another key point: attribution is easier than people think. "Cyber-capable states have for some time been able to confidently identify perpetrators of attacks, though they have often hesitated to make those attributions public due to ... protecting sensitive intelligence sources"
Willett: cyber norms need to define critical infrastructure narrowly. "states will inevitably consider a potential adversary’s critical networks a legitimate wartime target, and need to gain a technical presence on such networks during peacetime to prepare for that eventuality."
Willett: focusing on state cyber operations misses the point. "Reinforcing basic cyber hygiene with new laws establishing disincentives to pay ransoms to cyber criminals – it is currently too convenient for companies simply to use their insurance to pay up ... would make sense"
• • •
Missing some Tweet in this thread? You can try to
force a refresh
The @ODNIgov intelligence report has some kind, and cautionary, thoughts on the UK. The good: "The United Kingdom is likely to continue to punch above its weight internationally given its strong military and financial sector and its global focus." dni.gov/files/ODNI/doc…
But: "Managing the economic and political challenges posed by its departure from the EU will be the country’s key challenge; failure could lead to a splintering of the United Kingdom and leave it struggling to maintain its global power." dni.gov/files/ODNI/doc…
"India may struggle to balance its long-term commitment to strategic autonomy from Western powers with the need to embed itself more deeply into multilateral security architectures to counter a rising China." dni.gov/files/ODNI/doc…
General Nick Carter talking at @IISS_org says under IR/command paper, defence attaché posts "no longer a backwater". Ouch to all existing defence attachés?
Carter says UK will conduct series of exercises, "Agile Stance", which will test readiness, ability to "outload", ability to disperse, and to protect and look after critical national infrastructure. (More details: theyworkforyou.com/wrans/?id=2020…)
Carter: "we're learning a bit about future battlefields from what's playing out in recent months...competition between hiding and finding", recently in Nagorno-Karabakh. "Showing us that mass, potentially, can be a weakness–as potentially are single points of failure"
Taiwan publishes new defence review. Says its 'military’s asymmetric capabilities requirement is about “evading enemy’s strengths and exploiting their weaknesses” as well as being small, mobile, stealthy and numerous for strategic dispersion.' defensenews.com/global/asia-pa…
"sea control is also listed as one of Taiwan’s priorities in resisting a Chinese invasion across the Taiwan Strait ... “resist the enemy on the opposite shore, attack it at sea, destroy it in the littoral area, and annihilate it on the beachhead.”..." defensenews.com/global/asia-pa…
"The QDR also sought to address previous criticism ... The QDR pledged to strengthen the capabilities of [troops], with plans to improve the mobilization system, the organization, force structure, training and the equipping of the Taiwanese reserves." defensenews.com/global/asia-pa…
🧵 A note on cyber and nuclear. Some picked up on this line in IR: "we reserve the right to review this [negative security] assurance if the future threat of [WMD] [including] emerging technologies that could have a comparable impact, makes it necessary" assets.publishing.service.gov.uk/government/upl…
Sources told the Telegraph this referred to: '... “game changers” such as cyber, AI, encryption and laser directed energy weapons ...' telegraph.co.uk/politics/2021/… (let's leave aside "encryption"). Some interpreted "cyber" to mean highly destructive cyber attacks. I'm less sure
It made me think of the changed language in 2018 US nuclear posture review, which said "significant non-nuclear strategic attacks" could include "attacks on US or allies’ nuclear forces, their command & control, or warning & attack assessment.." nti.org/analysis/artic…
My piece on the UK warhead announcement today, looking at some—though certainly not all—of the possible rationales for the shift to a larger stockpile. Thanks to @heatherwilly for input on what the review might mean by the "doctrinal threat" from Russia economist.com/britain/2021/0…
Do read @tjaplant & @harries_matthew: "Although UK has ceased to publicly discuss a ‘sub-strategic’ role for its nuclear arsenal, this increased stockpile & greater flexibility could provide greater room for use of low-yield variants." This is "troubling" rusi.org/commentary/goi…
And a harshly critical judgment here, too: "The review asserts the UK’s commitment to nuclear disarmament but offers no new steps to offset the impact of its stockpile increase and sets out no vision for future arms control negotiations ..." rusi.org/commentary/goi…
🧵A few other random bits and pieces from the integrated review that caught my eye:
UK promises to "introduce a new, robust security framework for telecoms to ensure our networks are secure and resilient to future challenges; and work with partners, including the Five Eyes, to create a more diverse and competitive supply base for telecoms networks."
On China, an interesting mix of cautious and robust language. "The significant impact of China’s military modernisation and growing international assertiveness within the Indo-Pacific region and beyond will pose an increasing risk to UK interests."