The UK government plans to invest £24 billion in cyber security and the armed forces as part of a major shake-up of its defence policy.
Published earlier this week, Global Britain in a Competitive Age: the Integrated Review of Security, Defence, Development and Foreign Policy includes a new “full-spectrum” approach to the UK’s cyber security capabilities, which are designed to improve the country’s defences and deter potential attackers.
“In strengthening our homeland security, we will build on the firm foundations in counter-terrorism, intelligence, cyber security and countering the proliferation of chemical, biological, radiological and nuclear […] weapons,” the report says.
One way it’s doing that is through an amendment of its nuclear missile policy. Under the new strategy, the government says it’s prepared to launch nuclear attacks if the country faced an exceptional threat that used cyber weapons or other “emerging technologies”.
This marks a change from existing UK policy, which states that the Trident nuclear programme could only be used against another nuclear power or in response to extreme chemical or biological threats.
National Cyber Force
A central part of this review is the NCF (National Cyber Force), which uses “offensive cyber tools” to detect, disrupt and deter adversaries.
Formed in 2020, the NCF is a partnership between the Ministry of Defence and GCHQ. The exact nature of its work is highly secretive, although GCHQ has given its assurance that its operations do not violate any laws.
This suggests that the NCF focuses on techniques to prevent adversaries from operating rather than attacking them or breaching their systems.
This is in line with what little we know about the tools at the NCF’s disposal. For example, it is authorised to interfere with mobile phones to stop terrorists communicating with their contacts, and can implement defences to protect military aircraft from weapons systems.
UK cyber security strategy
The report proposes that these changes should be part of a “whole-of-cyber” approach to both offensive and defensive capabilities.
It recommends looking at a range of capabilities, including creating a way to make the Internet safer for users, as well as ways in which the UK can take the lead in technologies vital to cyber power, such as microprocessors, quantum technologies and new forms of data transmission.
Commenting on the proposed cyber security policy, Prime Minister Boris Johnson said:
“Cyber power is revolutionising the way we live our lives and fight our wars, just as air power did 100 years ago. We need to build up our cyber capability so we can grasp the opportunities it presents while ensuring those who seek to use its powers to attack us and our way of life are thwarted at every turn.”
He added: “Our new, full-spectrum approach to cyber will transform our ability to protect our people, promote our interests around the world and make the lives of British people better every day.”