Elliot Rose, head of cyber security at PA Consulting, comments on the UK’s defensive and offensive cyber capabilities.
The piece explains that the UK Ministry of Defence (MOD) has announced additional funding for the British Army to stand up to new cyber operations centres across the UK.
It goes on to look at the threats these new units will be up against and how the army can play its part in strengthening the UK’s cyber capabilities.
Elliot says: “We are operating in an unpredictable environment where we will see increasingly sophisticated attacks using rapidly evolving technologies.
“Some of these attacks will be much more nuanced than previously and, as the Bank of England has recently highlighted, could include attempts to corrupt information in key organisations to disrupt the UK economy.”
He adds: “These types of attacks need the armed forces to work closely with industry to defeat them by using intelligence and surveillance to spot them and then taking action to prevent further damage. While maintaining defensive strategies and actions is vital, the armed forces should also use offensive cyber techniques to uncover and disable advanced adversaries and stop and prevent attacks before they happen.”
The article notes that the UK MOD announced it was committing £22m in funding for the British Army to set up new cyber operations centres across the country. It then explains that it is unclear how much focus will be placed on defensive and offensive operations – the latter is particularly secretive.
Elliot says: “While offensive cybersecurity strategies will not eliminate all cyberattacks, they are “extremely valuable in reducing their likelihood.”
He adds: “An adversarial approach focused on seeking out the perpetrators and attempting to disable or at least disrupt their operations needs to be central to the government’s strategy. That needs to be accompanied by work to build an international consensus and partnerships to prevent UK being viewed as a rogue cyber state.”
Elliot goes says that the key for the new British Army centres will be close partnerships with the private sector to ensure that the armed forces are properly prepared for the threat they face.
“Collaboration with the private sector is critical so the centres can leverage its capabilities and get a real understanding of the threats to the UK economy,” Elliot says. “As with the NCSC100 initiative, the centres should have a policy of secondment both ways with industry. The range of potential attackers, from nation states, hacktivists, criminals or extremists, mean organisations can no longer operate alone and the centres must be fully integrated with government, intelligence agencies, as well as the private sector.”
As well as shoring up defence in the immediate future, Elliot explains that the government and the armed forces must invest in training the next generation of cyber experts.
“We need people with a deep understanding of their operating environment, an ability to ask the right questions, and the right methodologies,” he says.
“We need to learn from others, such as Israel where government funds and develops the most talented people from an early age. They gain a couple of years of return and then embrace the fact that these people will eventually move to the private sector.”