The National Security Strategy categorised Cyber Attacks as being one of the most direct and likely threats the UK will face in the coming years, a Tier 1 Threat.
A recent speech from the Director General of GCHQ was notable because it was given at all, cyber defence is coming out of the shadows, however, reading the speech, there is no mention of war, battles, defences or anything remotely military.
Also notable was the Chief of the General Staff discussing the issue, calling for the setup of a UK Cyber Command
We must learn to defend, delay, attack and manoeuvre in cyberspace, just as we might on the land, sea or air and all together at the same time. Future war will always include a cyber dimension and it could become the dominant form
Is this difference in approach, GCHQ and the military taking understandably different positions, a sign of a coming turf war for funding and control or is it entirely natural that we should approach the issue at many levels.
When it comes to actually creating a capability to defend against cyber attack and possibly use it in our own offensive operations where should the priorities lie?
I tend to think it should be concentrated away from the military, funding is tight enough as it is, diluting our already sparse resources to chase after cyber capabilities and follow the US fashion is a bad idea. It also fails to take into account the connectedness of modern systems, to defend in depth, one needs cooperation from a range of nations and organisations.
NATO and the EU joint capability areas would be a good place to invest and where military expertise needs to form part of the mix, as surely it will, it should be on a secondment or joint basis.
Let’s not reduce the UK’s military capability by diverting precious funding to an area best served by those with beards and sandals (sorry about the wholly out of touch stereotype!)
Intelligence and the civilian security sector are far better placed, supported by the military, but certainly not commanded by them.