The fledgling National Cyber Force (NCF) agency – a partnership between GCHQ and the UK Ministry of Defence (MoD) established in 2020 – reiterates its responsible role in conducting cyber operations on behalf of the UK in a recent report: Responsible Cyber Power in Practice.

The cyberspace remains an emerging theatre of war in which the NCF wish to establish legitimacy for its operations in an online environment surrounded by ambiguity and misconduct. In fact, the Director of GCHQ Sir Jeremy Fleming declares a desire to codify state-sponsored cyber activity:

“With the threat growing and the stakes higher than ever before, we hope this document provides a benchmark for the UK’s approach and a basis for like-minded governments to come together internationally to establish a shared vision and values for the responsible use of cyber operations,” he said.

The Integrated Review Refresh (IRR), published 13 March, details the UK’s commitment to acting as “a responsible and democratic cyber power”, which includes providing transparency on “the use of our offensive cyber capabilities”.

In that spirit, the NCF’s report divulges how daily cyber operations protect the UK: to counter state threats, support military operations, and disrupt terrorists and serious crime. The report illustrates how states can act responsibly in cyberspace by acting according to its key operational principles.

How are they different?

“It is our accountable, precise, calibrated and therefore proportionate operations that distinguish us from the large-scale disinformation activities practised by certain of our adversaries,” the report emphasises.

The report stresses its three operational principles:

Accountable: Operations are conducted in a legal and ethical manner, in line with domestic and international law and out national values.

Precise: Operations are based on a deep understanding of the cyber environment and are designed to be timed and targeted with precision.

Calibrated: The impact of operations is carefully assessed, taking into account the wider context. This is a dynamic process that responds rapidly to any changes in the operational environment. Consideration is given to a wide range of factors including those that might affect wider escalation and de-escalation.

Psychological tactics

The NCF report divulges how the organisation largely operates through he use of psychological tactics. The agency employs a “doctrine of cognitive effect”, whereby the NCF manipulates their adversaries by “affecting their perception of the operating environment and weakening their ability to plan and conduct activities effectively”.

This tactic narrows their adversary’s functionality in cyberspace by effecting an adversary’s understanding, capability and willpower, thus prompting them to change their behaviour.

“While the immediate effect of a particular cyber operation may be relatively short lived, the cognitive impact – including a hostile actor’s loss of confidence in their data or technology – can often be longer term,” the report states.

Military integration

NCF is integrating cyber with other UK military capabilities to help protect UK forces, engage its allies, and constrain adversaries to prevent conflict developing.

“We are supporting the development of better understanding of the cyber and electro-magnetic domain and its integration with the other operational areas of the military – maritime, land, air and space – to be able to synchronise effects across the tactical, operational and strategic levels.

“Conducting operations in cyberspace is a critical part of driving the conditions and tempo of strategic activity; a key plank of the military’s approach to increased nation-state competition, and to warfighting, where that is necessary”.