🚨 #NCF2021 | The National Cyber Force that Britain Needs?
A live 🧵on the expert panel chaired by Prof. Lady Moira Andrews with report co-authors @AmyErtan & @tcstvns and guests Major Juliet Skingsley & Marcus Willett.
Here is the report's summary⬇️
kcl.ac.uk/news/national-….
A live 🧵on the expert panel chaired by Prof. Lady Moira Andrews with report co-authors @AmyErtan & @tcstvns and guests Major Juliet Skingsley & Marcus Willett.
Here is the report's summary⬇️
kcl.ac.uk/news/national-….
This is a co-authored report by @josephdevanny, myself, @AmyErtan & @tcstvns and co-produced by @KCL_CSRG, @Offensive_Cyber & The Policy Institute at King's
Follow #NCF2021
You can also stream on YouTube Live here:
Follow #NCF2021
You can also stream on YouTube Live here:
We now have @tcstvns providing his introductory remarks after the chair Lady Moira Andrews' introduction...
Provides some background to the National Cyber Force - across geopolitics, ethics, societal issues including the interdisciplinary focus of thinking.
#NCF2021
Provides some background to the National Cyber Force - across geopolitics, ethics, societal issues including the interdisciplinary focus of thinking.
#NCF2021
He notes what a "responsible cyber power" means in practice for the UK and its avowed offensive cyber force, the NCF.
However Stevens notes that this is not necessarily new, but comes from a long background and development. Including from GCHQ, MoD, Dstl, SIS
#NCF2021
However Stevens notes that this is not necessarily new, but comes from a long background and development. Including from GCHQ, MoD, Dstl, SIS
#NCF2021
Stevens continues that the NCF is a "logical step" for offensive cyber in the UK.
But, this doesn't mean that this doesn't raise important questions... What is it for, its missions, is it up to the task?
#NCF2021
But, this doesn't mean that this doesn't raise important questions... What is it for, its missions, is it up to the task?
#NCF2021
Continued: Stevens notes how the UK NCF contributes to peaceful relations, its international obligations as well as contributing to a responsible cyberspace.
Now we're over to @AmyErtan...
#NCF2021
Now we're over to @AmyErtan...
#NCF2021
Amy starts on the recommendations that the report provides for the NCF.
First up governance and accountability - need senior leadership including ministerial oversight. There should be a deputy National Security Adviser for Cyber.
#NCF2021
First up governance and accountability - need senior leadership including ministerial oversight. There should be a deputy National Security Adviser for Cyber.
#NCF2021
Next: Organisational Configuration.
NCF operates under various authorities - this should be made clear - including division of effort.
Also Cabinet Office led audit of workforce, esp. in context of HQ in North-West England
#NCF2021
NCF operates under various authorities - this should be made clear - including division of effort.
Also Cabinet Office led audit of workforce, esp. in context of HQ in North-West England
#NCF2021
Next: International Cooperation.
NCF should continue existing alliances, including with Europe, develop new ones, as well as developing norms in cyberspace and continuing adherence to international law obligations
#NCF2021
NCF should continue existing alliances, including with Europe, develop new ones, as well as developing norms in cyberspace and continuing adherence to international law obligations
#NCF2021
Next: Mission Focus.
Need to make sure there is a clear articulation of what should be focused on, continuous oversight (by the National Audit Office), and ensuring that mission focus is regularly reviewed.
#NCF2021
Need to make sure there is a clear articulation of what should be focused on, continuous oversight (by the National Audit Office), and ensuring that mission focus is regularly reviewed.
#NCF2021
Amy draws attention to @ciaranmartinoxf's foreword on the NCF and the UK being accountable for offensive cyber and its balance in cyber security.
Now we're off to Marcus Willet, the former Deputy Head of @GCHQ
#NCF2021
Now we're off to Marcus Willet, the former Deputy Head of @GCHQ
#NCF2021
Marcus Willet begins...
Strategic, doctrinal and policy level debate is sorely needed. This can be done without jeopardising national security.
#NCF2021
Strategic, doctrinal and policy level debate is sorely needed. This can be done without jeopardising national security.
#NCF2021
Willet starts with the 'pre-history' of the NCF.
There didn't need to be a conflict between effects missions and other intelligence activities.
Ever since the start there has been an issue with definition - CNE, CNA etc.
#NCF2021
There didn't need to be a conflict between effects missions and other intelligence activities.
Ever since the start there has been an issue with definition - CNE, CNA etc.
#NCF2021
Offensive Cyber was settled upon by 2013 - this has been understood as warlike - hence some preference for cyber operations.
There is a wide range of missions for the NCF - two practical conclusions across military / civilian in 2014 with NOCCP.
#NCF2021
There is a wide range of missions for the NCF - two practical conclusions across military / civilian in 2014 with NOCCP.
#NCF2021
These are:
1. They are underpinned by similar capabilities
2. Makes sense to run these operations jointly.
#NCF2021
1. They are underpinned by similar capabilities
2. Makes sense to run these operations jointly.
#NCF2021
Willet continues that the start of any form of cyber power should start with cybersecurity.
Offensive cyber is subordinate to the broader toolkit.
Yet it is also beyond cybersecurity - such as in operations against Daesh.
#NCF2021
Offensive cyber is subordinate to the broader toolkit.
Yet it is also beyond cybersecurity - such as in operations against Daesh.
#NCF2021
The UK would not create indiscriminate worms (like WannaCry) or other vulnerabilities - tenets of IHL apply to cyberspace.
This is key to the UK's understanding to be a responsible cyber power.
#NCF2021
This is key to the UK's understanding to be a responsible cyber power.
#NCF2021
Cyber is also there for when deterrence fails. But come conflict, parts of an adversaries critical national infrastructure may come under purview - it is necessary to prepare these in advance.
It is far more important to settle targets which should be off limits
#NCF2021
It is far more important to settle targets which should be off limits
#NCF2021
GCHQ and MoD have developed capabilities together for over 100 years.
This permitted conversations, along with close ties and collaborations, to allow NCF to emerge.
#NCF2021
This permitted conversations, along with close ties and collaborations, to allow NCF to emerge.
#NCF2021
A 'here here' to the report's recommendations for international cooperation.
This is what makes the UK distinct to some other countries like China.
#NCF2021
This is what makes the UK distinct to some other countries like China.
#NCF2021
"I [Willet] lived and breathed the NCF for several years"
And that's a wrap from Marcus! Now to Major Juliet Skingsley!
#NCF2021
And that's a wrap from Marcus! Now to Major Juliet Skingsley!
#NCF2021
Juliet notes how much more public the debate about offensive cyber has become.
Very little details until 2018 when Director of GCHQ confirmed use against Daesh.
This has been an important evolution.
#NCF2021
Very little details until 2018 when Director of GCHQ confirmed use against Daesh.
This has been an important evolution.
#NCF2021
Juliet continues:
How do we define offensive cyber - and "avoid hyperbole" which can be misleading.
Cyber covers a lot - and focusing on the high end is not a good way to understand what is happening.
#NCF2021
How do we define offensive cyber - and "avoid hyperbole" which can be misleading.
Cyber covers a lot - and focusing on the high end is not a good way to understand what is happening.
#NCF2021
The UK is not the only state to use offensive cyber - and others are using it for statecraft.
Today, the gaps are closing. Yet secrecy makes it difficult to assess.
#NCF2021
Today, the gaps are closing. Yet secrecy makes it difficult to assess.
#NCF2021
Reminder that the NCF is not a Cyber Command - but the proliferation of the latter show growth of military activity.
As more states develop activity there are more vectors for escalation, how do we manage this?
#NCF2021
As more states develop activity there are more vectors for escalation, how do we manage this?
#NCF2021
"We know the genie is out of the bottle" wrt offensive cyber
International law is going to be crucial - and the UK has led on this - and has been taken up by other states and publicly expressed their views.
#NCF2021
International law is going to be crucial - and the UK has led on this - and has been taken up by other states and publicly expressed their views.
#NCF2021
That's a wrap from Juliet which has covered much on international law and the UK's contribution... back to Moira!
#NCF2021
#NCF2021
"What do you think will be the biggest challenge for the NCF commander in the next 5 years?"
Big question from Moira!
#NCF2021
Big question from Moira!
#NCF2021
Stevens - mission prioritisation
Andrews - did the report gloss over counter-terrorism and organised crime?
Stevens - limited public information, we're not working in a classified space. We used 'pre-history' as we know so little about offensive cyber.
#NCF2021
Andrews - did the report gloss over counter-terrorism and organised crime?
Stevens - limited public information, we're not working in a classified space. We used 'pre-history' as we know so little about offensive cyber.
#NCF2021
Willet - pre-history does have a story to be told, more to say on serious organised crime - will help understand "real results" of capability.
It's about people and skills.
Growing scope is why it is going to expand out of GCHQ's hub in Manchester [👀]
#NCF2021
It's about people and skills.
Growing scope is why it is going to expand out of GCHQ's hub in Manchester [👀]
#NCF2021
Ertan - International zooming out - the US, for instance, is very different, and the UK has some very different choices to make.
#NCF2021
#NCF2021
Moira asks one more question...
"What is the most appropriate governance framework for the NCF?"
#NCF2021
"What is the most appropriate governance framework for the NCF?"
#NCF2021
Skingsley - We need to be clear on legal / ethical / policy considerations as they're not the same.
The Law on Armed Conflict or IHL is not always applied according to context of the operation - BUT this does not mean there is no law.
#NCF2021
The Law on Armed Conflict or IHL is not always applied according to context of the operation - BUT this does not mean there is no law.
#NCF2021
Willet - There are so man different angles. Recruitment, accountability, investment are one thing.
Authority is complex - when they need to be signed off according to whether laws of armed conflict applied - but generally this was being developed well.
#NCF2021
Authority is complex - when they need to be signed off according to whether laws of armed conflict applied - but generally this was being developed well.
#NCF2021
Willet continued - How is guidance sought and developed, a ministerial small group - but this is a key part for oversight. Each has a different solution but their integration is key.
#NCF2021
#NCF2021
Stevens - most of the time we're not talking about war fighting. This is not a Cyber Command [reiterating earlier point]. Previously offensive cyber seemed dominated by GCHQ and now MoD - which may explain emphasis of focus by people on military operations.
#NCF2021
#NCF2021
Now we're moving to audience questions!
Job ad for NCF needed a DV clearance - will this reduce access to people and skills?
#NCF2021
Job ad for NCF needed a DV clearance - will this reduce access to people and skills?
#NCF2021
Willet - Hope that the NCF is focusing on different forms of access for skills with some creative thinking. But criteria for DV doesn't preclude "low risk on poor grounds".
What's the career look like in the NCF or broader government service?
#NCF2021
What's the career look like in the NCF or broader government service?
#NCF2021
Another question coming up!
[Summary] How should sovereign UK national command and how will this deconflict with NATO?
#NCF2021
[Summary] How should sovereign UK national command and how will this deconflict with NATO?
#NCF2021
Willet - This relates to the 'nuclear model' and make these available to NATO rather than NATO developing its own capabilities. It does have a concern about its network security.
Skingsley - Challenge is around deconfliction in the NATO construct
#NCF2021
Skingsley - Challenge is around deconfliction in the NATO construct
#NCF2021
Ertan - NATO is going to be integrated with offensive cyber through SACEUR.
Still some questions to be resolved.
Stevens - NATO could smooth access, develop norms, and aligning doctrine.
#NCF2021
Still some questions to be resolved.
Stevens - NATO could smooth access, develop norms, and aligning doctrine.
#NCF2021
Next Question
[Summary] "How can IL ensure that activity in cyberspace stays below a violation of sovereignty?"
#NCF2021
[Summary] "How can IL ensure that activity in cyberspace stays below a violation of sovereignty?"
#NCF2021
Skingsley - About moving from high-end focus - majority of effects are below threshold of armed conflict.
Plenty of IL applies - the UK is playing its strengths here. It's a way to get international support where cyberspace is more predictable and stable.
#NCF2021
Plenty of IL applies - the UK is playing its strengths here. It's a way to get international support where cyberspace is more predictable and stable.
#NCF2021
Stevens - The UK routinely breaches the sovereignty of other states (as do others). We reach for sovereignty when it is convenient to do so.
There is an important place for IL - but this can get clouded by sovereignty.
#NCF2021
There is an important place for IL - but this can get clouded by sovereignty.
#NCF2021
A live audience question!
[Summary] "There is a global 'infodemic'. What should be the role of the NCF in responding to this problem wrt global health?"
#NCF2021
[Summary] "There is a global 'infodemic'. What should be the role of the NCF in responding to this problem wrt global health?"
#NCF2021
Willet - A distinction between malign state activity for strategic effect from broad misinformation from elsewhere is required.
Stevens - Ignoring the 'should'! Lawyers have to be careful against non-state actors.
Skingsley - We do have precedent (IRA, Russia)
#NCF2021
Stevens - Ignoring the 'should'! Lawyers have to be careful against non-state actors.
Skingsley - We do have precedent (IRA, Russia)
#NCF2021
Willet - it's absolutely crucial - it's about developing capability it is not about running operations on behalf of the NCF. Relationships and contracts are in place and are happening.
There could be more flexibility with how the NCF engages with the private sector
#NCF2021
There could be more flexibility with how the NCF engages with the private sector
#NCF2021
Stevens - agree with Willet - we've been talking about this since before the first strategy in 2009. Other departments are going to have to be involved in this - BEIS/DCMS have been working hard at this.
Building capacity part of this - hence northern HQ
#NCF2021
Building capacity part of this - hence northern HQ
#NCF2021
Now we're at some reflections! So we're at a wrap!
Thanks for getting this far down (if anyone does) the thread.
The report is available here ⬇️
kcl.ac.uk/policy-institu…
#NCF2021
Thanks for getting this far down (if anyone does) the thread.
The report is available here ⬇️
kcl.ac.uk/policy-institu…
#NCF2021
• • •
Missing some Tweet in this thread? You can try to
force a refresh
