Britain's New Hacker Army Could Change the Face Of Cyber War

The headquarters of the GCHQ, Britain's signals intelligence agency that will help develop the military's new cyber security force. Image via Flickr.

On Sunday, the United Kingdom announced that it will recruit “hundreds” of hackers and IT experts to build up its military’s offensive cyber capabilities, making it the first nation to openly admit that it plans to wage future wars in cyberspace.

In a press release, British Defense Secretary Philip Hammond confirmed that the UK will spend £500 million on a new hacker reserve force in order to develop “full-spectrum military cyber capability, including a strike capability” as a deterrent to cyber threats. The unit, Hammond said, will be at “the cutting edge of the nation’s cyber defenses,” working alongside traditional military forces to protect the nation’s digital infrastructure, and launch offensive cyber attacks if necessary. In the future, Hammond added, these clinical “cyber strikes” will supplement conventional arms by disabling enemy planes, weapons, communications, and other hardware.

“‘This is the new frontier of defence,” Hammond told the Daily Mail. “For years, we have been building a defensive capability to protect ourselves against these cyber attacks. That is no longer enough.” He continued: 

You deter people by having an offensive capability. We will build in Britain a cyber strike capability so we can strike back in cyber space against enemies who attack us, putting cyber alongside land, sea, air and space as a mainstream military activity. Our commanders can use cyber weapons alongside conventional weapons in future conflicts.

By itself, the news that Britain is building up a digital army is not all that shocking. It’s an open secret that most world powers—including the US, China, Israel, and Russia—have developed offensive cyber capabilities behind closed doors, and that the US has already launched a cyber strike, the Stuxnet worm, to sabotage the Iranian nuclear program. It’s not surprising that Britain, the world’s fourth-largest military and America’s closest ally, is getting in the game. 

As the 2009 McAfee Virtual Criminology Report made clear, cyber attacks are already a reality of modern warfare, and the importance of cyber armies is only expected to increase over the next 20 or 30 years. From the McAfee report:

Although there is no commonly accepted definition for cyber war today, we have seen nation-states involved in varying levels of cyber conflict. Further, while we have not yet seen a “hot” cyber war between major powers, the efforts of nation-states to build increasingly sophisticated cyber attack capabilities, and in some cases demonstrate a willingness to use them, suggests that a “Cyber Cold War” may have already begun.

But while the UK may not be breaking any new ground in cyber warfare, Hammond’s willingness to announce Britain’s cyber strategy—and envision a future where cyber weapons are used openly alongside conventional arms—may be even more significant. Politically-motivated cyber threats have so far been shrouded in secrecy, making it difficult to determine who is behind the attacks, what their motivations might be, or what kind of retaliation they might expect. On the one hand, this has made some governments more cautious about launching cyber attacks. But it has also prevented an international community from developing norms for what constitutes a cyber threat and what constitutes a proportionate response to a cyber attack.

Security experts have questioned whether Britain made the right move in publicly disclosing its cyber buildup, particularly at a moment when the international community is in a state of heightened suspicion over the NSA’s sweeping spying programs. “Why make plans for a cyber-strike force public now?” British security analyst Thomas Rid asked the Financial Times. “Such aggressive statements can be counter-productive. Other actors want to react in kind, making everybody less secure.”

But as the McAfee report points out, the cyber cold war is already underway, and it will only escalate as more nations develop cyber capabilities. While Britain’s announcement may make online threats more likely in the short term, it will also provide the first test of whether offensive cyber capabilities can serve as a deterrent measure against future attacks. And if other countries follow Britain’s lead, it will bring cyber security policy out into the open, aligning public debate with the realities of modern war.