On April 4, the United Kingdom’s National Cyber Force (NCF), a defense and intelligence partnered organization between the Government Communications Headquarters (GCHQ) and elements of the U.K. Ministry of Defense, released “The National Cyber Force: Responsible Cyber Power in Practice.” The document builds on the U.K.’s 2022 National Cyber Strategy and provides details about how the NCF is currently operating responsibly, given its rapidly accumulating knowledge and understanding of cyberspace strategic realities.
The document’s description of the cyber strategic environment and the U.K.’s operational approach for exercising responsible cyber power closely align with U.S. insights about cyberspace embodied in the defend forward strategy and the operational approach of persistent engagement. The fact that the U.K. and the U.S. came to the same strategic and operational revelations independently is a testament to the explanatory power of cyber persistence theory (CPT) and to a paradigm change unfolding before our very eyes.
From Misalignment to Persistence
Our book, “Cyber Persistence Theory: Redefining National Security in Cyberspace,” introduces the logic of initiative persistence, explains how such logic aligns to the structural realities of the cyber strategic environment, and creates an imperative for all cyberspace actors. The explanatory framework of CPT redefines security as seizing and sustaining the initiative in exploitation; that is, anticipating the exploitation of a state’s own digital vulnerabilities before they are leveraged against them, exploiting others’ vulnerabilities to advance their own security needs, and sustaining the initiative in this exploitation dynamic. States may choose not to abide by this logic or not operationalize it well. The consequence, however, will be cyber insecurity and a loss of relative power for those not persisting. Alternatively, states may choose to abide by the logic but do so in irresponsible ways that threaten peace and security—such as by using cyber-enabled ways and means to illicitly acquire intellectual property, circumvent international sanctions, and undermine confidence in democratic institutions. The U.K. has provided a helpful framework for distinguishing such irresponsible cyber behavior.
The NCF’s document, which is essentially an “operational primer,” offers a model for how states with significant cyber capability and capacity may pursue initiative persistence and do so in a responsible manner. Specifically, responsible cyber operations and campaigns are a recognition that the U.K. “cannot leave cyberspace an uncontested space where adversaries operate with impunity.” The NCF must be “agile in developing and seizing opportunities” while contributing “daily” to a “whole of society” approach to a secure cyberspace in which the U.K. thrives. This is a paradigmatic shift away from the U.K.’s 2016 cyber strategy, which indicates that security would be achieved with offensive cyber capabilities employed as deterrent threats to malicious activity—a paradigm that in the United States has also begun to recede.
NCF Operational Approach and Principles
Although the NCF is a relatively new U.K. organization, its operational approach is based on years of cyber operations experience as well as the experience of its partners. It is important to note that the U.K. and the U.S. independently arrived at some common understandings of an operational approach for the cyber strategic environment. These include proactively and continuously operating and linking continuous operations into campaigns to generate enhanced cumulative effects of strategic import; campaigning to counter and contest, disrupting the capacity of a specific adversary to act or achieve their objectives; seizing opportunities both to advance security in competition with others and to set favorable conditions for managing crisis conditions and prevailing in conflict; layering cyber effects operations with information operations to amplify cognitive effects by sowing confusion and friction among threat actors; and combining such campaigns with other levers of national power—for example, combining cyber campaigns with economic sanctions—to create longer-term strategic impact.
The NCF offers a foundation of three operational principles on which all British cyber operations and campaigns rest: They must be conducted in line with domestic and international law (accountable), they must be timed and targeted with precision (precise), and their intended impact must be carefully assessed (calibrated). The document goes to important lengths to emphasize that U.K. operational planning has robust oversight (which it claims is “one of the strongest in the world”) and is guided by established processes, authorizations, and clear doctrine with a feedback loop so that the principles of being accountable, precise, and calibrated are reinforced in the operational planning cycle.
Mechanisms of Effect
Cyber persistence theory expects the unilateral exercise of cyber power to be the dominant form of cyber activity in which actors set and reset the conditions for their own security directly. This expectation is fully manifested in the NCF operational approach, which identifies its core role as “to make it harder for adversaries to use cyberspace and digital technologies to achieve their ends.” Recognizing that cyberspace is a contested space (in line with the implication of CPT’s notion of constant contact), the NCF seeks to make adversary technology work less effectively or cease to function, disrupt those seeking to harm by impacting their ability to communicate and organize ( in the case of terrorists to disseminate extremist views), impede access to data for decision-making, undermine criminal platforms, and, when needed, support and enable military operations. Combinations of these activities create an advantage over adversaries “by affecting their perception of the operating environment and weakening their ability to plan and conduct activities effectively,” what this operational primer refers to as the doctrine of cognitive effect. Operating in cyberspace—where security rests on anticipation of exploitation in an environment in which speed, scale, and scope of effects can be exponential and near instantaneous—requires mechanisms to set advantage. The NCF document suggests one solution is introducing precise and calibrated friction (this is our word and our interpretation of what the doctrine of cognitive effect ultimately entails) into an adversary’s operational environment, both technically and perceptually.
The document concludes that “we can often achieve the greatest cognitive effect by affecting the functionality and effectiveness of an adversary’s systems over a period of time” rather than denying them entirely. This may be described as a “bend-but-do not-break approach,” one informed by observations that destructive effects can often be countered rapidly by replacing equipment or moving to different infrastructure. The document also argues that “while the immediate effect of a particular cyber operation may be relatively short lived, the cognitive impact—including a hostile actor’s loss of confidence in their data or technology—can often be longer term … [reinforced through] a campaign for cumulative effect.” We agree with the NCF that the operational art of compounding friction to reduce functionality and confidence, by introducing doubt and complexity, is aided by cyber operations’ great capacity for ambiguity—its ability to create a lack of clarity about whether lost functionality is a technical glitch or a consequence of an unknown but intentional act.
Measuring Value and Strategic Impact
The NCF primer acknowledges the need to develop new approaches to measure effect, and to convey these to senior political leaders who rightly want to see a return on their investment. One obstacle to be surmounted is the incorrect reflex made by some analysts and policymakers to focus on the technical (and often transitory) effects of a singular operation and conclude that they fall short of exerting an independent and decisive impact. Some academic literature is wedded to this narrow understanding and fails to recognize the independent strategic impact of cyberspace campaigns in competition and their enabling role in crisis and conflict. Viewing each cyber operation as a discrete act—and particularly cyber effects operations as a substitute for kinetic effects—has fostered unrealistic expectations for measuring impact.
Technical effects on systems or data can produce tactical outcomes and often short-term effects (including cognitive effects) on targets and actors. Over time, when combined with information operations, the cumulative impact of tactical actions can have an operational impact on the adversary’s military campaign and a strategic impact on their broader revisionist goals. Further, military cyber operations can even advance broader allied strategic goals by potentially enabling demarches, indictments and arrests, sanctions, and other partner activities. U.S. and U.K. cyber forces have pivoted from thinking in terms of discrete targets and toward understanding how cyber operations contribute to campaigning for strategic impact. This remains a work in progress and a fruitful area for U.S.-U.K. collaboration.
An Area for Further Research
In “Cyber Persistence Theory,” our goal was to offer a structural theory that could illuminate why states and other actors pursue security in and through cyberspace in ways that cannot be explained by theories of coercion such as deterrence and escalation dominance. We posited that if our theory is correct, we should see more states explicitly adopting strategies of cyber persistence to seize and sustain initiative in their behaviors. The Biden administration’s 2023 National Cybersecurity Strategy and now the NCF’s operational primer align with that expectation.
We also argued that academic research in the field of cyber security studies will need to address with greater fidelity the operational nuances that are likely to emerge as states anchor their cyber strategies on initiative persistence. The NCF has provided grist for that academic research mill with its inaugural operational principles document, just as U.S. Cyber Command did in 2018 with the introduction of persistent engagement. Both documents leveraged expertise from the academic community. This should broaden, and the NCF operational primer identifies an area that is ripe for academic research—how continuous campaigns that introduce organizational and decision-making friction disrupt an adversary’s ability to leverage speed, scale, and scope. Slowing down the other side has the knock-on potential to reinforce one’s own advantage in a fluid environment of contested initiative. This is a fascinating way and means of cyber persistence, which the British have illuminated.
Ultimately, the United Kingdom and the United States share a vision of cyberspace that remains global, interoperable, secure, and anchored responsibly around democratic principles. The release of this NCF operational primer on responsible cyber power should encourage support and confidence from the U.K. public and government, and become an important pillar in an effective whole-of-society cyber approach. Internationally, the document makes an invaluable contribution to defining what the responsible exercise of cyber power in the pursuit of defense and security looks like when it is aligned with the strategic realities of cyberspace.
The views expressed are those of the authors and do not reflect the official position of any U.S. government agency or the Institute for Defense Analyses.
Established in 2020, the NCF is responsible for operating in and through cyberspace to counter and contest those who would do harm to the UK or its allies, to keep the country safe and to protect and promote the UK's interests at home and abroad.Does the U.S. military have a cyber division? ›
Organization. Army Cyber is the Army service component command supporting U.S. Cyber Command. All 41 of the Active Army's cyber mission force teams reached full operational capability (FOC) by September 2017.What branch of the military does cyber warfare? ›
In 2014, the U.S. Army established the Cyber Corps, merging the offensive cyber role of the Military Intelligence Corps and defensive cyber role of the Signal Corps. In 2018, Cyber Command was elevated to a full unified combatant command.What is DoD cyber force? ›
United States Cyber Command (USCYBERCOM) is one of the eleven unified combatant commands of the United States Department of Defense (DoD). It unifies the direction of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and bolsters DoD's cyber expertise.What is the national strategy for cyber? ›
The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks. Released on February 14, 2003, it offers suggestions, not mandates, to business, academic, and individual users of cyberspace to secure computer systems and networks.What is NERC in cyber security? ›
North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC CIP) is the presiding set of standards that govern our Bulk Electric System (BES) in the United States and protect all those who use it from cyber threats.Where does the U.S. rank in cyber warfare? ›
The 2022 index's top 10 list of cyber powers, in order, is the United States, China, Russia, United Kingdom, Australia, Netherlands, South Korea, Vietnam, France and Iran. While the United States has flagged North Korea's cyber activities as concerning, the country comes in at number 14 on the Belfer list.What is the difference between the NSA and the U.S. Cyber Command? ›
But the two offices think about cyber differently: The NSA focuses on intelligence gathering and surveillance, while Cyber Command pursues offensive and defensive military cyber operations.Which country has largest cyber Army? ›
Cyber surveillance power: When it comes to cyber surveillance, China is the most powerful in cyber.What is the motto of the Army Cyber Branch? ›
Cyber Corps (United States Army)
|Home station||Fort Gordon, Georgia|
|Motto(s)||Defend, Attack, Exploit|
|Branch color||Steel Gray with Black Piping|
Historically the majority of cyber security activities were run out of Air Force, but Army, Navy and Marines also participated. The NSA and CIA also conduct substantial cyber security activities. Arguably the Air Force and Navy have the most when it comes to cybersecurity, but it is offered in all branches.Who is in charge of U.S. cyber security? ›
CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience.What are the 5 C's of cyber security? ›
The five C's of cyber security are five areas that are of significant importance to all organizations. They are change, compliance, cost, continuity, and coverage. The top priority of organizations all over is having security protective of their digital and physical assets.What is the 133 cyber Mission Force teams? ›
The CMF is comprised of 133 teams that are organized into several areas of responsibility: Cyber Protection Teams act to defend the Department of Defense Information Network (DODIN), critical infrastructure, and key resources while also working to prepare other cyber forces for combat.What was the world first true cyber weapon? ›
Stuxnet was first identified by the infosec community in 2010, but development on it probably began in 2005. The U.S. and Israeli governments intended Stuxnet as a tool to derail, or at least delay, the Iranian program to develop nuclear weapons.What are the 3 pillars of national cyber strategy? ›
Promoting privacy and the security of personal data; Shifting liability for software products and services to promote secure development practices; and, Ensuring that Federal grant programs promote investments in new infrastructure that are secure and resilient.What are the four pillars of the national cyber strategy? ›
This National Cyber Strategy outlines how we will (1) defend the homeland by protecting networks, systems, functions, and data; (2) promote American prosperity by nurturing a secure, thriving digital economy and fostering strong domestic innovation; (3) preserve peace and security by strengthening the United States' ...What are the four pillars of US national cyber strategy? ›
The first new National Cyber Strategy in 15 years is built on four pillars: protecting the American people, the homeland and the American way of life; promoting American prosperity; preserving peace through strength; and advancing American influence.What are the most violated standards by NERC? ›
CIP-007 remains the most frequently violated Reliability Standard in the period from 2021 through Q3 2022, followed by CIP-004 and CIP-010.Is NERC a government entity? ›
NERC is overseen by the Federal Energy Regulatory Commission and governmental authorities in Canada. Is NERC a government agency? NERC is a not-for-profit corporation.
Who Must Comply? All bulk power system owners, operators, and users must comply with NERC-approved Reliability Standards. These entities are required to register with NERC through the appropriate Regional Entity. For more information about the Compliance program, please contact us.Which country is #1 in cybersecurity? ›
While cybercrime is an issue in the United States, it is also true that the United States is the country with the best infrastructure to tackle it and has the most cybersecurity firms in the world calling it home.
|Characteristic||Korea (Rep. of)|
Which is the least cyber-secure country in the world? According to our study, Tajikistan is the least cyber-secure country in the world, followed by Bangladesh and China.Is NSA higher than CIA? ›
The NSA is often considered more powerful than the CIA because of its expansive data collection capabilities. The agency has access to a variety of global communications and data networks, which it uses to collect vast amounts of information.What is America NSA called? ›
|Assistant to the President for National Security Affairs|
|Incumbent Jake Sullivan since January 20, 2021|
|Executive Office of the President|
|Member of||National Security Council Homeland Security Council|
|Reports to||President of the United States|
Government security agencies like the NSA can also have access to your devices through built-in back doors. This means that these security agencies can tune in to your phone calls, read your messages, capture pictures of you, stream videos of you, read your emails, steal your files …How good is the U.S. at cyber warfare? ›
It is an armed forces Unified Combatant Command. A 2021 report by the International Institute for Strategic Studies placed the United States as the world's foremost cyber superpower, taking into account its cyber offense, defense, and intelligence capabilities.Is the United States cyber security good? ›
The Cybersecurity 202: The United States is still number one in cyber capabilities. The United States remains by far the world's most cyber-capable nation with no major competitors for the title.What country got attacked most in terms of cybersecurity? ›
1. China – a Hotbed of Hackers. China has continued to wage large scale cyber attacks, and this includes stealing intellectual property.
The National Cyber Range is a cyber range project being overseen by DARPA to build a scale model of the Internet that can be used to carry out cyber war games. The project serves as a test range where the military can create antivirus technologies to guard against cyberterrorism and attacks from hackers.What is the best Army MOS for cyber security? ›
Cyber Operations Specialists (MOS 17C) are tasked with safeguarding Army intelligence and information. They safeguard information by protecting digital data, maintaining security measures like firewalls, and introducing new cyber security.What is the seventh military branch? ›
The newest branch of the military, the U.S. Space Force, was signed into law in December 2019. The Space Force currently does not have a reserve component.What is the smartest U.S. military branch? ›
The Air Force is the “smartest branch.” I hate to debunk this one because it saves me so much stress and hassle whenever a bunch of veterans are at the bar comparing the size of their brains based on branch of service. Eventually, someone pats the airman on the back and says, “Hey! At least you're the smartest branch!”Does the FBI have a cyber division? ›
The FBI has specially trained cyber squads in each of our 56 field offices, working hand-in-hand with interagency task force partners. The rapid-response Cyber Action Team can deploy across the country within hours to respond to major incidents.What is the closest major to cyber security? ›
- Computer Science.
- Computer Programming.
- Database Management.
- Computer Hardware Engineering.
- Network Administration.
- Cloud Computing.
- Information Technology Management.
- Information Security & Assurance.
Nakasone serves as the commander of U.S. Cyber Command and the director of the National Security Agency. Both organizations have a role in preventing and defeating cyberattacks on America.Who is the commander of the U.S. Cyber Command? ›
Paul M. Nakasone, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, speaks with U.S. Space Force Brig. Gen.What are the 3 A's of cyber security? ›
Authentication, Authorization, and Accounting (AAA) is a three-process framework used to manage user access, enforce user policies and privileges, and measure the consumption of network resources.What are the 10 domains of cyber security? ›
- Security Management Practices;
- Access Control Systems and Methodology;
- Telecommunications and Networking Security;
- Security Architecture and Models;
- Operations Security;
- Application and Systems Development Security;
- Physical Security;
In this article, we will discuss the 6 D's of cyber security and how you can implement them in your own cyber-defense strategy — Deter, Detect, Defend, Deflect, Document, and Delay. Creating a holistic approach to your cyber-security plan using these six references can drastically reduce your organization's risk.Where is the 127th cyber Protection Battalion? ›
Indiana members of the 127th Cyber Protection Battalion work in Fort Meade, Maryland.What is orange team in cyber security? ›
The Orange team are created to maximise the effectiveness of both the Red and Yellow teams. They do this by integrating Yellow team members with enhanced and in-depth knowledge of architecture and coding, with members of the Red team whose expertise remain in hacking and exploitation.What is hunt forward? ›
Hunt Forward Operations (HFOs) are strictly defensive cyber operations conducted by U.S. Cyber Command (USCYBERCOM) at the request of partner nations. Upon invitation, USCYBERCOM Hunt Forward Teams deploy to partner nations to observe and detect malicious cyber activity on host nation networks.What is cyber super weapon? ›
Cyberweapon is commonly defined as a malware agent employed for military, paramilitary, or intelligence objectives as part of a cyberattack.What is the main weapon in cyber crime? ›
Explanation: Phishing, injecting Trojans and worms to individuals comes under peer-to-peer cyber crime. Whereas, leakage of credit card data of a large number of people in deep web comes under computer as weapon cyber-crime.Is Stuxnet still around? ›
This is a pertinent question and the answer is unequivocal for Ilias Sidqui: "A Stuxnet-like scenario is still possible in 2022 because the principle remains the same; there have always been, there are and there will always be Zero-Day vulnerabilities that allow cybercriminals to have an offensive advantage. " Marco ...Who is responsible for national cyber security? ›
The National Cyber Security Division (NCSD) is a division of the Office of Cyber Security & Communications, within the United States Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.What are examples of cyber power? ›
This can be described as the equivalent of a country being capable of building a modern air force without maintaining a commercial civil aviation sector. Some examples include technologically underdeveloped countries like Iran, Tunisia, and North Korea—all of which maintain cyber armies.What does cyber power unit do? ›
CyberPower Power Distribution Units (PDUs) distribute network power to multiple devices. PDUs deliver AC power from an uninterruptible power supply (UPS), a generator, or utility power source to servers, network/telecom equipment, and other devices.
At a mile-high level, cybersecurity professionals are responsible for protecting IT infrastructure, edge devices, networks, and data. More granularly, they are responsible for preventing data breaches and monitoring and reacting to attacks.What is the UK equivalent of NIST? ›
The National Cyber Security Centre (NCSC), as the United Kingdom's national technical authority for information assurance which provides advice and assistance on cyber security in accordance with its functions under the Intelligence Services Act 1994, has provided the cyber security guidance linked from this collection ...Who regulates cyber security in the UK? ›
National Cyber Security Centre (NCSC)
The NCSC, which is part of GCHQ (Government Communications Headquarters), has a significant role in technical authority for cybersecurity that: Acts as a CSIRT that offers guidance and support to organizations that have reported a cybersecurity incident.
In 2016, the National Cyber Security Centre was established under GCHQ but located in London, as the UK's authority on cybersecurity.Is the US a CyberPower? ›
The 2022 index's top 10 list of cyber powers, in order, is the United States, China, Russia, United Kingdom, Australia, Netherlands, South Korea, Vietnam, France and Iran.Which country has the most CyberPower? ›
- United States. While cybercrime is an issue in the United States, it is also true that the United States is the country with the best infrastructure to tackle it and has the most cybersecurity firms in the world calling it home. ...
- Finland. ...
- United Kingdom. ...
- Republic of Korea. ...
Even though the United States is ranked number one overall, China continues to build on its cyber strengths. In several cyber power categories, it now leads the world. And in at least one instance, Russia also tops the United States.What are the seven CyberPower indices? ›
The NCPI 2020's Most Comprehensive Cyber Powers across all seven objectives are, from 1st to 10th: US, China, UK, Russia, Netherlands, France, Germany, Canada, Japan, Australia. We present three different indices. The NCPI, the Cyber Intent Index (CII), and the Cyber Capability Index (CCI).How do you charge CyberPower? ›
To recharge the battery, simply leave the unit plugged into an AC outlet. The unit will charge in both the on and off position. 2. With the UPS unit off and unplugged, connect the computer, monitor, and any externally powered data storage device (Zip drive, Jazz drive, Tape drive, etc.Do you need a powerful computer for cyber security? ›
Steps to Choose a Laptop for Cyber Security
CPU - If you are working for cyber security, choosing the right processor is essential. Having two or more cores is always recommended in such cases. Intel Core i7 processors are a good choice in terms of power and capacity.
- You and your colleagues. Employees are the common factor linking most security breaches, which sometimes are deliberately malicious, but more often than not are down to carelessness. ...
- Lone hackers. ...
- Hacktivists. ...
- Petty criminals. ...
- Organized criminals.
In the case of cyberattacks and data breaches, companies and organizations are often viewed as negligent for not protecting their customers' information. Governments also face blame when they do not or cannot stop malicious cyber activities from happening on their soil.Who is the ultimate entity accountable for cyber risk in an organization? ›
At the senior management level, the CEO is accountable to the board for cyber risks and cybersecurity management.