The UK just released its comprehensive report Integrated Review concerning future diplomatic and military capabilities. While the document discusses foreign policy, adversaries, and kinetic forces such as missiles, tanks, or nuclear weapons, it contains interesting tidbits about cybersecurity and cyberwarfare (and is perhaps analogical to the other one from France). I critically assess and link to a few of the more interesting ones. Indeed, cyber operations are an integral part of the toolsets of State power projection measures.
Concise definition of cyber power is included: “Cyber power is the ability to protect and promote national interests in and through cyberspace: to realise the benefits that cyberspace offers to our citizens and economy, to work with partners towards a cyberspace that reflects our values, and to use cyber capabilities to influence events in the real world“
Development and maintenance of offensive cyber capabilities
Many countries develop their capabilities. Few have actual powers. It will be interesting to track this space because the UK is among the more abled States. Armed Forces will have “full-spectrum capabilities”:
“They will have full-spectrum capabilities – embracing the newer domains of cyberspace”
This means the ability of offensive operation.
Examples of cyber operations
It is a rare sight in any State documents to see the examples of the potential cyber operations carried by the forces. The report describes two concrete ones: cyberattacks on smartphones of the target, and cyberattacks on foreign missile defense systems (or missile defense systems in general?).
While cyberattacks on smartphones of the target are a scalpel-like operation, disabling enemy missile systems (“keeping UK military aircraft safe from targeting by weapons systems“) is an example of a cyber operation targeting the enemy weapons systems (I wrote about the cyber risk of weapons systems in a recent piece). It is imaginable that such a particular operation would be conducted in the context of an armed conflict. In a situation of armed conflict, cyberattacks will look different than in peacetime.
Some rules need to be observed.
“The UK is committed to using its cyber capabilities in a responsible way, in line with UK and international law. Past and future cyber operations have and will continue to operate under existing laws“
Threats and capabilities
“State threats are persistent and take many forms, including espionage, political interference, sabotage, assassination and poisonings, electoral interference, disinformation, propaganda, cyber operations and intellectual property theft. These tools of coercion and interference can also be used in ‘hybrid’ combination”
One response is cyber weapons?
“ the Alliance (NATO) must be equipped to deal with the full range of possible threats. These include long-range precision strike weapons, cyber weapons and weapons aimed at degrading space-based infrastructure.“
“To take the lead in the technologies vital to cyber power, such as microprocessors, secure systems design, quantum technologies and new forms of data transmission”
It seems that quantum computing and cryptography (and networks) may become an important part when thinking about cybersecurity. Many States seem to link “quantum technologies” and “cyber”. The UK is not an exception to the rule. The excerpt above speaks about “technological sovereignty”
The actual Integrated Review document is here.
This is an interesting document. It speaks about foreign policy, diplomacy, conventional, nuclear, and cyber forces. While I do not want to place cyber forces in competition with such devices as tanks o aircraft, it still fascinates me when cyber operations are places in the same lines with those others...
Did you like the assessment and analysis? Any questions, comments, complaints, or offers for me? Feel free to reach out: firstname.lastname@example.org