Britain’s most senior cyber general has said the UK possesses the capacity to “degrade, disrupt and destroy” its enemies’ critical infrastructure in a future cyber conflict, in a rare acknowledgement of the military’s offensive hacking capability.
Gen Sir Patrick Sanders, who heads the UK’s strategic command, said that he been told by Boris Johnson to ensure Britain is a “leading, full-spectrum cyber power” able both to defend against – and carry out – hacking attacks.
But while the British military claims to have had an offensive cyber capability for a decade, it has rarely been publicly discussed. Sanders said the armed forces worked “in partnership with GCHQ” to deliver “offensive cyber capabilities”.
These could, in theory, Sanders said, “degrade, disrupt and even destroy critical capabilities and infrastructure of those who would do us harm, ranging from strategic to tactical targets” both in isolation or alongside traditional military force.
Dominic Cummings, Johnson’s chief aide, is an enthusiast for military technology and extra spending on cyber warfare, and is expected to be a key element of the forthcoming five-year integrated defence review, which is due to conclude in November.
One possibility is that the prime minister will announce the formal creation of the long-awaited National Cyber Force, jointly run by the military and GCHQ, although this has been previously disrupted by turf wars between them.
Publicly acknowledged examples of offensive cyber skirmishes are rare and the UK has been largely unwilling to spell out what it considers legitimate activity. Cyber hacking was conducted within “strict legal and ethical arrangements”, Sanders said, but he did not spell out any examples.
Degrading or eliminating critical infrastructure could theoretically include targeting an enemy country’s communications, telephone or power networks in a situation of war, although what was deemed legitimate at other times is less clear.
The UK is understood to have conducted a hacking operation against Isis around 2017 to gain information about an emerging, low-tech armed drone capability operated by the Islamist terror group in Mosul.
The hack obtained details about how the drones and the attached missiles were bought and how and where the operators were trained, enabling anti-Isis coalition forces to destroy the capability.
Cyber operations are in part run from a control room near Corsham, near Chippenham, the historical site of the secret nuclear bunker to which the British government could relocate in an emergency.
Each day, Sanders said, the UK military was targeted by an average of 60 attacks that require human engagement or intervention. “If this was an air war, this would be the Blitz, and this [Corsham] is the fight and control centre at Bentley Priory.”
Perpetrators range from youthful hackers to hostile states, including Russia, China, Iran and North Korea – four of an estimated 60 countries around the world now reckoned to have developing cyberwar capabilities.
In the last few months, the UK has accused Russia of trying to steal coronavirus research from labs in Britain, the US and Canada, while concerns remain in intelligence circles that China is actively engaged in a wide range of industrial espionage.
“The binary distinction between war and peace as we have approached it no longer applies,” Sanders said. “Our adversaries are applying all means to gain advantage below the threshold of war and are accruing advantage insidiously and inevitably.”