07 December 2020

A soldier with a keyboard

Liviu Ioniţă

For a while now, the states have, more or less transparently, cyber military units, the world governments are committed to a larger spectrum of cyber operations and, recently, there were also created offensive cyber operations. This is happening in a world lacking rules, a grey zone, the area of online conflicts, wherein a new type of war is emerging: the cyber war.

Image source: US DoD

In the US, the US Cyber Command, a structure which is, since its foundation, controlled by the US Strategic Command, was transformed, in 2018, in a combat command, which allowed his commander at that time, general Paul Nakasone, to directly report to the US Secretary of Defense.

In the same year, the new US Cyber Security Strategy, adopted after a 15 years break, has introduced the defend forward concept (an action which precedes the disruption or completion of a damaging cyber activity) and authorizes the offensive cyber operations. And, through a classified directive, the National Security Presidential Memorandum 13, the offensive and defensive cyber operations can be conducted without president’s approval.

In January 2019, France revealed its first doctrine for offensive cyber operations, part of a series of deep and quick measures about on the French interests’ defence in the cyber space. The novelty of the doctrine is the integration of the cyber activities in the conventional military operations. The offensive cyber operations can prepare or complete the conventional military operations – acting like a force multiplier – or they can replace them totally where necessary.

And, recently, the Great Britain has publicly admitted the new National Cyber Forces, an “offensive cyber hackers unit”, which targets digital enemies of the United Kingdom, a structure that raised many speculations lately.

A new battlefield

The 2010 Stuxnet malware proved that a cyber attack might impact the physical world. In 2015, the hackers managed to stop the energy supply mechanism in certain areas in Ukraine, using a virus known as BlackEnergy. And in 2016 seven Iranian hackers have been accused for trying to enter (in 2013) in the command and control system of a dam at New York’s periphery.

The cyber war refers to the use of digital attacks by an actor – state to disrupt the vital computational systems of a country, to produce damages.

In many of the cases, the computational systems are not the final target – these are targeted because of their essential role in infrastructure’s management, like airports or electric networks, banking systems etc.

Unlike the traditional military attacks, a cyber attack can be launched immediately from any distance and, unlike a conventional military operation, the author can hardly be identified, which is worsening the retaliations.

Therefore, the governments and agents are taking measures.

Since 2017, the US intelligence services, whose the main cyber threat actors are Russia, China, Iran and North Korea, were warning that more than 30 countries are developing offensive cyber attack capacities, most of them secrete, thus we are witnessing a cyber arms race.

There is also the risk for these guns to be spread and to provoke a bigger chaos due to the deep connections that exist today.

The states are developing cyber defence capacities, but also offensive ones, and, starting with 2014, NATO has established that a cyber attack on one of its members would be enough to invoke the Article 5 and the collective defence mechanism of the Alliance. Also NATO is the one that recognizes the cyber space as an “operational field”, an area where conflict can emerge, a “battlefield”.

The offensive cyber capacities of the United Kingdom

In 2018, Great Britain has developed a “major offensive cyber campaign” against the Islamic State.

It is what Jeremy Fleming has confessed, the direct of the GCHQ intelligence agency, within a conference at the Manchester National Cyber Security Centre.

Partnering with the Defence Ministry, the GCHQ has developed an offensive cyber campaign against Daesh, which reduced the group’s capacity to coordinate the attacks and has suppressed the propaganda.

It was for the first time when Great Britain was admitting the pointlessness of the online efforts of an enemy in a military campaign.

Also at that time, Jeremy Fleming has stated that such actions, “this technical skill, this understanding of the potential of cyber capacities is going beyond the terrorist groups, towards … hostile states and illegal groups”.

On the existence of offensive cyber capacities possessed by Great Britain and their role in the 2016-2021 National cyber security strategy:

“Offensive cyber capabilities involve deliberate intrusions into opponents’ systems or networks, with the intention of causing damage, disruption or destruction. Offensive cyber forms part of the full spectrum of capabilities we will develop to deter adversaries and to deny them opportunities to attack us, in both cyberspace and the physical sphere.”

“Through our National Offensive Cyber Programme (NOCP), we have a dedicated capability to act in cyberspace and we will commit the resources to develop and improve this capability.”

“To do this, we will invest in our NOCP – the partnership between the Ministry of Defence and GCHQ that is harnessing the skills and talents of both organisations to deliver the tools, techniques and tradecraft required; develop our ability to use offensive cyber tools; and develop the ability of our Armed Forces to deploy offensive cyber capabilities as an integrated part of operations, thereby enhancing the overall impact we can achieve through military action.”

According to the provisions of the Strategy, Great Britain has established a National Cyber Security Centre/NCSC, to “protect the public and the private sector from cyber attacks and manage the cyber incidents, especially those targeting the critical national infrastructure, being the first national cyber centre which reunited the government, the intelligence agencies and the private sectors in one organization, offering a “unified source of advice, guidance and support on cyber security, including the management of cyber security incidents”.

Officially launched in 2017, the NCSC, “a global expertise centre, easily used by people and companies”, has gathered the Communications Electronics Security Group, the Centre for the Protection of National Infrastructure, the Computer Emergency Response team and the Centre for Cyber Assessment, a structure which provided assessments of the cyber threats for the government’s departments.

The objective of the Centre is reducing the damages provoked by the cyber attacks on the United Kingdom. “This includes everything from free website vulnerability scanning for public sector and proactively taking down tens of thousands of phishing sites, to our world leading CyberFirst campaign to encourage teenagers to become tomorrow’s cyber security pioneers”, said Ian Levy, technical director of NCSC.

According to their own assessment for this year, the Annual Review 2020 shows that between 1st of September 2019 and 31st of August 2020 the NCSC has managed 723 security incidents, supporting 1200 of victims. The message in Centre’s report was: “we are all the victim of cyber criminals”.

But who is developing all these offensive cyber operations?

Robert Hannigan, who was leading the GCHQ when the NCSC was created, and who was previously involved in cyber security issues, is saying that the necessary authorization and capacities for such operations have exclusively belonged to GCHQ.

In Organizing a Government for Cyber; The Creation of the UK's National Cyber ​​Security Center, published by the Royal United Services Institute, he claims that, "unlike the US National Security Agency, GCHQ has always had the legal authority of an offensive cyber operational organization and has made that under ministerial authorization in limited cases”.

The challenge of the National Offensive Cyber ​​Program, presented by the Strategy, was to expand this capability in the British army, with the improvement of skills in the field, and, "within the government, it was decided not to imitate the US Cyber ​​Command model, separately and parallel to the NSA", preferring “an integrated military-civilian model".

And this step forward seems to be the National Cyber ​​Force.

The existence of the National Cyber ​​Force has been publicly confirmed after months of speculation and a decade after Great Britain launched the first offensive cyber operations.

The National Cyber ​​Force (NFC) has been operating, “has been secretly up and running since April with several hundred hackers based in Cheltenham and other military sites around the country”, but only in November it was officially recognized by the prime-minister, and the authorities are still attentive with providing details.

The National Cyber ​​Force will counter the threats of terrorists, criminals and hostile states, within it, MI6 officers collaborate with both GCHQ and the Defense Science and Technology Laboratory, under unified command.

The structure not only requires state-of-the-art military capabilities, it was designed to support the armed forces in case of conflict, but also to act daily against cyber threats in general.

The NCF's operational mission is to degrade, disrupt and even destroy the communications systems used by people who represent a threat to the UK. This could go from cell phone interference to a suspect to prevent communication with his connections, to accessing a cybercrime group's computers to prevent or threaten such as the 2017 WannaCry attack on the National Health Service.

The ambition is to increase the force to about 3,000 members over the next decade, with the intention of operating mostly secretly.

The foundation of the National Cyber ​​Force was not entirely smooth: there was a long and difficult dispute between GCHQ and the Ministry of Defense for authority. Finally, it was agreed that the Secretary of the Ministry of Foreign Affairs and the Secretary of Defense will have a role in approving the different types of operations, depending on the nature of the target.

The official presentation on November 19 states that the „National Cyber Force builds out from that position of defensive strength. It brings together intelligence and defence capabilities to transform the UK’s ability to contest adversaries in cyber space, to protect the country, its people and our way of life”. But it is also mentioned that „it is built on success of the current National Offensive Cyber Programme, including collaboration between GCHQ and Strategic Command to carry out cyber operations, being separated from the NCSC, however “working closely together”.

The National Cyber ​​Force will work with other members of the Five Eyes alliance, with other Western allies, and provide capabilities to the North Atlantic Alliance if necessary.

Over the past six months, there has been an increase in the frequency of cyber attacks in the UK, targeting strategic infrastructure and areas related to Covid-19, including attempts to access vaccine research and spread pandemic misinformation.

So the National Cyber ​​Force seems to be welcomed, but not everyone agrees when it comes to conducting offensive cyber operations.

We will get nothing from the dangerous "militarization" of the Internet to our detriment. This is the opinion of the former executive director of the National Cyber ​​Security Center, Ciaran Martin.

In a recent lecture at King's College, Ciaran Martin, who recently ended his term, said that as the use of offensive cyber operations by nations, including the United Kingdom, has become a reality, a "more prudent" and "more realistic" approach is needed.

In his opinion, although attack is said to be the best form of defense, in the case of cybernetics, "defense is the best form of defense."

Western countries should give priority to defensive measures over cybersecurity, "a more secure digital environment being the best guarantor of the security and safety of Western countries in the digital age."

Martin also warned of the danger of using cyber weapons against their creators: "It is irresponsible to think that states can store and develop cyber capabilities, assuming they will never be stolen", as in the 2017 WannaCry ransomware attack, which did not deliberately target the NHS, but created chaos in health care systems that work with outdated Microsoft software. The "American cyber weapon" was stolen and then redefined by North Korean hackers, "who used it to unleash the WannaCry virus".

Last but not least, Ciaran Martin calls for more openness in the case of the disclosure of cyber operations, and "national security officials must talk to civilian specialists to avoid two separate conversations".

When an expert says that we all should take a moment and think about it, but, as in any “battlefield”, this can just stay a beautiful dream.

Translated by Andreea Soare