Britain is in the final stages of setting up a security force to wage offensive cyberwarfare against terrorist groups, hostile states and organised crime groups that are threats to the country, The Independent has learnt.
The American assassination of Iranian general Qassem Soleimani has added urgency to the progress of the specialist unit, amid risks of a cyber conflict that could affect the UK.
Download the new Independent Premium app
Sharing the full story, not just the headlines
A government spokesperson said the MoD and GCHQ “have a long and proud history of working together in the national interest and continue to tackle the real threats that the UK faces from a range of hostile actors”.
There is no evidence that the Iranians plan to target the UK in response to the killing carried out by Donald Trump’s administration. But militant groups may decide to carry out strikes autonomously, security sources point out.
It also remains the case that a cyberattack is not necessarily nation-specific. A hit on an American bank at commercial hubs such as the City of London or Frankfurt would have a highly damaging ripple effect.
Around £76m is due to be invested in the force in the first year, with command and control shared between the MoD and the Government Communications Headquarters in Cheltenham. Recruitment is projected to take place from the armed forces and intelligence services, as well as academia and the private sector.
The NCF will operate alongside the National Cyber Security Centre (NCSC), which primarily concentrates on defensive cyber activities to protect government departments, strategic infrastructure and industry.
The need for an organisation such as the NCF has been increasingly recognised in security and military circles – due to the rapid rise of extremist propaganda, allegations of Russian interference in western elections and referendum campaigns, disinformation following the Salisbury poisoning, and attacks on public and private institutions by hacking gangs.
Iran was blamed in 2012 for targeting Wall Street banks with denial-of-service attacks, knocking their websites offline in retaliation against US sanctions. In 2015, Turkey blamed Tehran for cyberattacks that hit its electricity grid, shutting down power for 40 million people. Two years ago, dozens of parliamentary accounts in the UK were breached in attacks linked to Iran. And earlier this year, Tehran was blamed for data hacks of American businesses.
The Iranian government has firmly denied the allegations.
The NCF is expected to expand its activities to crime networks involved in gun and drug smuggling, as well as people trafficking, which often augments the earnings of extremist groups.
Offensive cyber action had been carried out on an ad-hoc basis against Isis in Syria and Iraq. Setting up the NCF has been delayed, say western officials, by distractions caused by uncertainties over Brexit and frequent changes of ministers and secretaries of state in the MoD.
Certain operational details are yet to be finalised, but the plan is set to be given the go-ahead in the near future.
Last year, then-defence secretary Penny Mordaunt spoke of a £22m boost to “create new cyber operations centres’’ but gave no indication that they would be conducting offensive operations.
Her successor, Ben Wallace, is believed to be a strong proponent of the NCF. Speaking to the Nato Parliamentary Assembly in London in October, he warned that responses to “cyber [attacks], disinformation, assassination, corruption” by hostile parties “have not been good enough”. The defence secretary continued: “We are neither nimble enough nor deterring enough and that is where we must aim our investments.”