Announced by Prime Minister Boris Johnson, NCF will see GCHQ and the Ministry of Defence (MoD) partner to defend against a range of cyber threats. By way of example, the government said these could include: interfering with a mobile phone to prevent a terrorist from being able to communicate with their contacts; helping to prevent the internet from being used as a global platform for serious crimes, including sexual abuse of children and fraud; and keeping UK military aircraft safe from targeting by hostile weapons systems.
The new body will be staffed with personnel from GCHQ, the MoD, the Secret Intelligence Service (MI6) and the Defence Science and Technology Laboratory (Dstl). It’s the first time such capabilities in the UK are to be unified under a single command.
General Sir Patrick Sanders of strategic command, which leads on cyber, intelligence, special forces and information capabilities for defence, said: “Just over 100 years ago we created a new force to defend the UK from threats in a new domain – the air. Today’s announcement of the formation of the National Cyber Force to defend the UK in cyberspace marks a similar milestone and the imperative is just as vital because cyberspace is the most contested domain where our adversaries and our allies will meet over the next decade and beyond.”
“What distinguishes the NCF, and I believe passionately is its greatest strength, lies in the partnership between Strategic Command, GCHQ and SIS, blending our strengths and cultures to create this operationally distinct force. It is a natural step after decades of cooperation and means we are growing a potent national capability to deter our adversaries, defend our forces on operations and protect our digital homeland.”
However, with only five British undergraduate computer science degrees certified by the UK’s NCSC for cybersecurity content, Paul Farrington, EMEA CTO at Veracode, said more needs to be done.
“The notable increase in UK military investment, particularly in cyber defence and automation, is a positive milestone in the government’s growing commitment to addressing new and emerging threats. Given the current technology skills shortage, especially in security, it’s clear more needs to be done to prepare for and mitigate the impact of cyber security attacks. Both users and the creators of software will benefit from the investment, which could stimulate the economy through the creation of 40,000 new jobs.
“There’s no shortage of security flaws to be fixed in the applications we use every day. We know from our Veracode State of Software Security research, for example, that 76% of apps have at least one security flaw. It is therefore essential that application security is closely considered as part of this investment, ensuring people are equipped with the skills, tools and technology to create software that is robust from the outset,” Farrington said.
