Intelligent, collaborative and effective: three ambitions for the UK’s defensive cyber operations
Hollywood would have us believe that the great white shark is the most effective ocean predator. In reality, the apex ocean predator is the killer whale. They’re intelligent, collaborative, and devastatingly effective. Killer whales eat sharks. And these three factors show the potential for more effective outcomes in the cyber domain.
The Integrated Review (IR) of Security, Defence, Development and Foreign Policy, and the Defence Command Paper set out a vision for the UK to operate intelligently and collaboratively in a complex and competitive cyber environment – the aim being to wield power responsibly to sustain strategic advantage. Yet, in all things data-related, the different elements of the UK’s defence and security enterprise are stymied from effective collaboration and strategic advantage by siloed, disjointed working. This adds complexity when trying to cohere and integrate strategy, policy, activity, and research and develop capability.
With Defensive Cyber Operations (DCO) listed as a key activity by the IR, it raises the question: how can MOD develop the opportunities presented in the IR and maximise Defensive Cyber Operations to achieve true strategic advantage?
The cyber landscape presents three opportunities for DCO to become greater than the sum of its parts:
1. Be intelligent - understanding its own unique role
2. Be collaborative - cultivating relationships across the cyber ecosystem
3. Be effective - aligning more closely with capability development.
1. Be intelligent
The killer whale understands its own strengths comparative to its prey and uses this intelligently when hunting. In intelligence-led operations, the inclination is to let the external threat shape the UK’s posture and position. Of equal or more importance, though, is intelligence about the UK itself.
Strategic advantage requires a comprehensive understanding of one’s own capabilities, strengths and vulnerabilities. Critical self-evaluation is a difficult and sometimes painful undertaking, often revealing less than flattering truths, but is a critical step towards attaining strategic advantage. Only once we understand our own weaknesses can we look to protect them.
From a Defence DCO perspective the key aspects of self-awareness should include:
- Who owns and maintains our various assets and systems?
- Are we adequately protecting the right ones?
- Who owns the data and how is it shared, analysed, and protected?
- Are we optimising the management of Cyber Vulnerability Investigations?
- What is our soft underbelly?
Or perhaps this last question should instead ask, ‘who is our soft underbelly?’ All too often, the default reaction is to look to technology to provide the answer and neglect the most vulnerable DCO asset – people. The IR infers the UK is in a state of persistent engagement and constant contact, one in which its adversaries are operating below the threshold of traditional warfare, primarily in the cyber domain. Most importantly, they’re not operating within ‘conventional’ binary warfare rules. Instead, they’re conducting subtle, psychological warfare campaigns using cyber as its means. This new kind of threat aims to divide, destabilise and disrupt from within. It forces the UK to view its approach to DCO from a whole new perspective.
As the new ‘fifth’ domain, cyber is still a relatively unknown territory as a battlespace. Intelligence about the UK and its adversaries must be complemented with comprehensive Intelligence Preparation of the Environment. What is the UK’s vital ground? What will be its Avenues of Approach? Building resilience is as much about fortifying one’s own domain as it is about maintaining a persistent and dominant presence.
2. Be collaborative
The killer whale is deadliest when working as part of a team. In the cyber domain, those who work together and continually innovate and evolve will hold the balance of cyber power. The IR spotlight on cyber provides DCO with the opportunity to evolve by establishing, strengthening and mutually exploiting relationships with others both across Government and with allies by:
- investing in the Single Intelligence Environment (SIE) to share intelligence analysis and ideas with Defence Intelligence and Defence Concepts and Doctrine Centre (DCDC)
- collaborating with Defence Science and Technology Laboratory and Defence Concepts/Futures departments on over-the-horizon technology, quantum encryption or artificial intelligence
- collaborating with and contributing to the National Cyber Force (NCF) to further enhance links across the intelligence community and understand the threat and potential from an Offensive Cyber (OC) perspective. Moreover, a close working relationship with the NCF is crucial to ensuring a throughput of cyber talent
- investing in the Defence Cyber School through DCO’s unique relationship with industry (e.g. Microsoft or SANS Cyber Security Training) to bring its facilities and teaching up to world-class standard, building the foundations for future cyber talent
- exploring new perspectives as part of the whole-of-cyber approach, incorporating DCO thinking alongside psychological operations and academia to counter sub-threshold cyber warfare.
3. Be effective
The extent to which DCO will be able to wield effect will depend very much on its ability to exploit the opportunities afford by the IR’s statement of intent regarding cyber. This requires a clear strategy which seeks to:
- understand (itself, its adversaries and the battlespace)
- learn (through collaboration and from its adversaries)
- evolve (from a conventional way of working to encouraging new perspectives and risk-taking
- shape (the battlespace and the rules of cyber engagement).
That DCO should be intelligence-led is nothing new. However, perhaps because the concept is so overused, it has become somewhat diluted. The IR is unequivocal in its ambition that as democracy and pluralism decline, the UK must be able to influence the new world order, hence the establishment of the Secretary of State’s Office for Net Assessment and Challenge (SONAC). The UK’s adversaries have already proven that they will be ruthless, innovative and unconventional within cyber, where the inherent difficulty of attribution skews risk:reward balance in their favour. If the UK is to effectively wield influence it will have to first establish itself as a leading power in shaping the cyber rules of engagement.
The reason the killer whale has evolved into the most effective ocean predator is that it is intelligent enough to understand that it may not be the biggest fish or have the sharpest teeth – it doesn’t have to. By outwitting and outmanoeuvring prey and adversaries, dominating vital ground and using its pod as force multipliers, it is the killer whale which inevitably prevails.
In a world of constant competition and persistent engagement, DCO can, and should, eat sharks.