Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Impact
Culture
Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Global Shifts
Empowered consumers
Healthier humans
Future organisations
Business for better
Safer societies
Sustainable world
Industries
Consumer and manufacturing
Defence and security
Energy and utilities
Financial services
Government and public sector
Health
Life sciences
Transport
Services
Set growth strategy
Build brands, products, and services
Reimagine AI, digital, and data
Improve organisational performance
Deliver complex programmes
Empower your people
Impact
Culture
Insight

Intelligent, collaborative and effective: three ambitions for the UK’s defensive cyber operations

By Chris Jones

Tags

Hollywood would have us believe that the great white shark is the most effective ocean predator. In reality, the apex ocean predator is the killer whale. They’re intelligent, collaborative, and devastatingly effective. Killer whales eat sharks. And these three factors show the potential for more effective outcomes in the cyber domain.

The Integrated Review (IR) of Security, Defence, Development and Foreign Policy, and the Defence Command Paper set out a vision for the UK to operate intelligently and collaboratively in a complex and competitive cyber environment – the aim being to wield power responsibly to sustain strategic advantage. Yet, in all things data-related, the different elements of the UK’s defence and security enterprise are stymied from effective collaboration and strategic advantage by siloed, disjointed working. This adds complexity when trying to cohere and integrate strategy, policy, activity, and research and develop capability.

With Defensive Cyber Operations (DCO) listed as a key activity by the IR, it raises the question: how can MOD develop the opportunities presented in the IR and maximise Defensive Cyber Operations to achieve true strategic advantage?

The cyber landscape presents three opportunities for DCO to become greater than the sum of its parts:

1. Be intelligent - understanding its own unique role

2. Be collaborative - cultivating relationships across the cyber ecosystem

3. Be effective - aligning more closely with capability development.

 

1. Be intelligent

The killer whale understands its own strengths comparative to its prey and uses this intelligently when hunting. In intelligence-led operations, the inclination is to let the external threat shape the UK’s posture and position. Of equal or more importance, though, is intelligence about the UK itself.

Strategic advantage requires a comprehensive understanding of one’s own capabilities, strengths and vulnerabilities. Critical self-evaluation is a difficult and sometimes painful undertaking, often revealing less than flattering truths, but is a critical step towards attaining strategic advantage. Only once we understand our own weaknesses can we look to protect them.

From a Defence DCO perspective the key aspects of self-awareness should include:

  • Who owns and maintains our various assets and systems?
  • Are we adequately protecting the right ones?
  • Who owns the data and how is it shared, analysed, and protected?
  • Are we optimising the management of Cyber Vulnerability Investigations?
  • What is our soft underbelly?

Or perhaps this last question should instead ask, ‘who is our soft underbelly?’ All too often, the default reaction is to look to technology to provide the answer and neglect the most vulnerable DCO asset – people. The IR infers the UK is in a state of persistent engagement and constant contact, one in which its adversaries are operating below the threshold of traditional warfare, primarily in the cyber domain. Most importantly, they’re not operating within ‘conventional’ binary warfare rules. Instead, they’re conducting subtle, psychological warfare campaigns using cyber as its means. This new kind of threat aims to divide, destabilise and disrupt from within. It forces the UK to view its approach to DCO from a whole new perspective.

As the new ‘fifth’ domain, cyber is still a relatively unknown territory as a battlespace. Intelligence about the UK and its adversaries must be complemented with comprehensive Intelligence Preparation of the Environment. What is the UK’s vital ground? What will be its Avenues of Approach? Building resilience is as much about fortifying one’s own domain as it is about maintaining a persistent and dominant presence.

2. Be collaborative

The killer whale is deadliest when working as part of a team. In the cyber domain, those who work together and continually innovate and evolve will hold the balance of cyber power. The IR spotlight on cyber provides DCO with the opportunity to evolve by establishing, strengthening and mutually exploiting relationships with others both across Government and with allies by:

  • investing in the Single Intelligence Environment (SIE) to share intelligence analysis and ideas with Defence Intelligence and Defence Concepts and Doctrine Centre (DCDC)
  • collaborating with Defence Science and Technology Laboratory and Defence Concepts/Futures departments on over-the-horizon technology, quantum encryption or artificial intelligence
  • collaborating with and contributing to the National Cyber Force (NCF) to further enhance links across the intelligence community and understand the threat and potential from an Offensive Cyber (OC) perspective. Moreover, a close working relationship with the NCF is crucial to ensuring a throughput of cyber talent
  • investing in the Defence Cyber School through DCO’s unique relationship with industry (e.g. Microsoft or SANS Cyber Security Training) to bring its facilities and teaching up to world-class standard, building the foundations for future cyber talent
  • exploring new perspectives as part of the whole-of-cyber approach, incorporating DCO thinking alongside psychological operations and academia to counter sub-threshold cyber warfare.

3. Be effective

The extent to which DCO will be able to wield effect will depend very much on its ability to exploit the opportunities afford by the IR’s statement of intent regarding cyber. This requires a clear strategy which seeks to:

  • understand (itself, its adversaries and the battlespace)
  • learn (through collaboration and from its adversaries)
  • evolve (from a conventional way of working to encouraging new perspectives and risk-taking
  • shape (the battlespace and the rules of cyber engagement).

That DCO should be intelligence-led is nothing new. However, perhaps because the concept is so overused, it has become somewhat diluted. The IR is unequivocal in its ambition that as democracy and pluralism decline, the UK must be able to influence the new world order, hence the establishment of the Secretary of State’s Office for Net Assessment and Challenge (SONAC). The UK’s adversaries have already proven that they will be ruthless, innovative and unconventional within cyber, where the inherent difficulty of attribution skews risk:reward balance in their favour. If the UK is to effectively wield influence it will have to first establish itself as a leading power in shaping the cyber rules of engagement.

The reason the killer whale has evolved into the most effective ocean predator is that it is intelligent enough to understand that it may not be the biggest fish or have the sharpest teeth – it doesn’t have to. By outwitting and outmanoeuvring prey and adversaries, dominating vital ground and using its pod as force multipliers, it is the killer whale which inevitably prevails.

In a world of constant competition and persistent engagement, DCO can, and should, eat sharks.

About the authors

Chris Jones PA defence and security expert Chris is an engineer and change specialist translating technology opportunities into large scale business concepts.
Connect

Explore more

A young child playing with his toy astronaut
Insight

Launching a new narrative: How to solve UK space’s PR problem

The UK space industry has yet to fully convey its significance to the economy and society.
A young child playing with his toy astronaut
Backlit RAF Typhoon taxis out for takeoff
Insight

How can the aerospace, defence, and security industries collaborate to build a safer future?

Navigating the challenges of the modern world means forging new paths that deepen collaboration and accelerate innovation.
Backlit RAF Typhoon taxis out for takeoff
Military vehicle with soldiers driving
Insight

Keeping our Armed Forces safe by reimagining the defence supply chain 

A Q&A with the UK’s Ministry of Defence and Team Protect.
Military vehicle with soldiers driving
A digital word
Insight

Creating a safer world: Seven lessons from DSEI 2023

In an increasingly volatile world, we believe a positive human future must be underpinned by a world that is safe, secure and sustainable.
A digital word

Contact the team

We look forward to hearing from you.
Get in touch

Get actionable insight straight to your inbox via our monthly newsletter.