🚨 #NCF2021 | The National Cyber Force that Britain Needs?

A live 🧵on the expert panel chaired by Prof. Lady Moira Andrews with report co-authors @AmyErtan & @tcstvns and guests Major Juliet Skingsley & Marcus Willett.

Here is the report's summary⬇️

This is a co-authored report by @josephdevanny, myself, @AmyErtan & @tcstvns and co-produced by @KCL_CSRG, @Offensive_Cyber & The Policy Institute at King's

Follow #NCF2021

You can also stream on YouTube Live here:
We now have @tcstvns providing his introductory remarks after the chair Lady Moira Andrews' introduction...

Provides some background to the National Cyber Force - across geopolitics, ethics, societal issues including the interdisciplinary focus of thinking.

He notes what a "responsible cyber power" means in practice for the UK and its avowed offensive cyber force, the NCF.

However Stevens notes that this is not necessarily new, but comes from a long background and development. Including from GCHQ, MoD, Dstl, SIS

Stevens continues that the NCF is a "logical step" for offensive cyber in the UK.

But, this doesn't mean that this doesn't raise important questions... What is it for, its missions, is it up to the task?

Continued: Stevens notes how the UK NCF contributes to peaceful relations, its international obligations as well as contributing to a responsible cyberspace.

Now we're over to @AmyErtan...

Amy starts on the recommendations that the report provides for the NCF.

First up governance and accountability - need senior leadership including ministerial oversight. There should be a deputy National Security Adviser for Cyber.

Next: Organisational Configuration.

NCF operates under various authorities - this should be made clear - including division of effort.

Also Cabinet Office led audit of workforce, esp. in context of HQ in North-West England

Next: International Cooperation.

NCF should continue existing alliances, including with Europe, develop new ones, as well as developing norms in cyberspace and continuing adherence to international law obligations

Next: Mission Focus.

Need to make sure there is a clear articulation of what should be focused on, continuous oversight (by the National Audit Office), and ensuring that mission focus is regularly reviewed.

Amy draws attention to @ciaranmartinoxf's foreword on the NCF and the UK being accountable for offensive cyber and its balance in cyber security.

Now we're off to Marcus Willet, the former Deputy Head of @GCHQ

Marcus Willet begins...

Strategic, doctrinal and policy level debate is sorely needed. This can be done without jeopardising national security.

Willet starts with the 'pre-history' of the NCF.

There didn't need to be a conflict between effects missions and other intelligence activities.

Ever since the start there has been an issue with definition - CNE, CNA etc.

Offensive Cyber was settled upon by 2013 - this has been understood as warlike - hence some preference for cyber operations.

There is a wide range of missions for the NCF - two practical conclusions across military / civilian in 2014 with NOCCP.

These are:

1. They are underpinned by similar capabilities

2. Makes sense to run these operations jointly.

Willet continues that the start of any form of cyber power should start with cybersecurity.

Offensive cyber is subordinate to the broader toolkit.

Yet it is also beyond cybersecurity - such as in operations against Daesh.

The UK would not create indiscriminate worms (like WannaCry) or other vulnerabilities - tenets of IHL apply to cyberspace.

This is key to the UK's understanding to be a responsible cyber power.

Cyber is also there for when deterrence fails. But come conflict, parts of an adversaries critical national infrastructure may come under purview - it is necessary to prepare these in advance.

It is far more important to settle targets which should be off limits

GCHQ and MoD have developed capabilities together for over 100 years.

This permitted conversations, along with close ties and collaborations, to allow NCF to emerge.

A 'here here' to the report's recommendations for international cooperation.

This is what makes the UK distinct to some other countries like China.

"I [Willet] lived and breathed the NCF for several years"

And that's a wrap from Marcus! Now to Major Juliet Skingsley!

A reminder that Juliet is speaking in personal capacity from the chair!

Juliet notes how much more public the debate about offensive cyber has become.

Very little details until 2018 when Director of GCHQ confirmed use against Daesh.

This has been an important evolution.

Juliet continues:

How do we define offensive cyber - and "avoid hyperbole" which can be misleading.

Cyber covers a lot - and focusing on the high end is not a good way to understand what is happening.

The UK is not the only state to use offensive cyber - and others are using it for statecraft.

Today, the gaps are closing. Yet secrecy makes it difficult to assess.

Reminder that the NCF is not a Cyber Command - but the proliferation of the latter show growth of military activity.

As more states develop activity there are more vectors for escalation, how do we manage this?

"We know the genie is out of the bottle" wrt offensive cyber

International law is going to be crucial - and the UK has led on this - and has been taken up by other states and publicly expressed their views.

That's a wrap from Juliet which has covered much on international law and the UK's contribution... back to Moira!

"What do you think will be the biggest challenge for the NCF commander in the next 5 years?"

Big question from Moira!

Stevens - mission prioritisation

Andrews - did the report gloss over counter-terrorism and organised crime?

Stevens - limited public information, we're not working in a classified space. We used 'pre-history' as we know so little about offensive cyber.

Willet - pre-history does have a story to be told, more to say on serious organised crime - will help understand "real results" of capability.

It's about people and skills.

Growing scope is why it is going to expand out of GCHQ's hub in Manchester [👀]

Ertan - International zooming out - the US, for instance, is very different, and the UK has some very different choices to make.

Moira asks one more question...

"What is the most appropriate governance framework for the NCF?"

Skingsley - We need to be clear on legal / ethical / policy considerations as they're not the same.

The Law on Armed Conflict or IHL is not always applied according to context of the operation - BUT this does not mean there is no law.

Willet - There are so man different angles. Recruitment, accountability, investment are one thing.

Authority is complex - when they need to be signed off according to whether laws of armed conflict applied - but generally this was being developed well.

Willet continued - How is guidance sought and developed, a ministerial small group - but this is a key part for oversight. Each has a different solution but their integration is key.

Stevens - most of the time we're not talking about war fighting. This is not a Cyber Command [reiterating earlier point]. Previously offensive cyber seemed dominated by GCHQ and now MoD - which may explain emphasis of focus by people on military operations.

Now we're moving to audience questions!

Job ad for NCF needed a DV clearance - will this reduce access to people and skills?

Willet - Hope that the NCF is focusing on different forms of access for skills with some creative thinking. But criteria for DV doesn't preclude "low risk on poor grounds".

What's the career look like in the NCF or broader government service?

Another question coming up!

[Summary] How should sovereign UK national command and how will this deconflict with NATO?

Willet - This relates to the 'nuclear model' and make these available to NATO rather than NATO developing its own capabilities. It does have a concern about its network security.

Skingsley - Challenge is around deconfliction in the NATO construct

Ertan - NATO is going to be integrated with offensive cyber through SACEUR.

Still some questions to be resolved.

Stevens - NATO could smooth access, develop norms, and aligning doctrine.

Next Question

[Summary] "How can IL ensure that activity in cyberspace stays below a violation of sovereignty?"

Skingsley - About moving from high-end focus - majority of effects are below threshold of armed conflict.

Plenty of IL applies - the UK is playing its strengths here. It's a way to get international support where cyberspace is more predictable and stable.

Stevens - The UK routinely breaches the sovereignty of other states (as do others). We reach for sovereignty when it is convenient to do so.

There is an important place for IL - but this can get clouded by sovereignty.

A live audience question!

[Summary] "There is a global 'infodemic'. What should be the role of the NCF in responding to this problem wrt global health?"

Willet - A distinction between malign state activity for strategic effect from broad misinformation from elsewhere is required.

Stevens - Ignoring the 'should'! Lawyers have to be careful against non-state actors.

Skingsley - We do have precedent (IRA, Russia)

Another question!

[Summary] "What's the role of industry for the NCF"?

Willet - it's absolutely crucial - it's about developing capability it is not about running operations on behalf of the NCF. Relationships and contracts are in place and are happening.

There could be more flexibility with how the NCF engages with the private sector

Stevens - agree with Willet - we've been talking about this since before the first strategy in 2009. Other departments are going to have to be involved in this - BEIS/DCMS have been working hard at this.

Building capacity part of this - hence northern HQ

Now we're at some reflections! So we're at a wrap!

Thanks for getting this far down (if anyone does) the thread.

The report is available here ⬇️



• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Andrew Dwyer

Andrew Dwyer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!