President Trump’s recent move to elevate the United States’ Cyber Command to full “combatant” status has given us in the UK an opportunity to refresh and revitalise our own cyber fielded forces. In the official statement launching CYBERCOM, Trump said “ [this] elevation will also help streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander” At the moment UK cyber forces are not organised in a manner that enables us similar streamlined C2 and effective deployment of our cyber assets. Not helping the discussion is the lack of transparency around UK cyber capabilities. Former Defence Secretary Phillip Hammond made international headlines in 2013 by announcing that the UK was developing an offensive cyber capability. Other than this declaration, there is very little public scrutiny or even awareness of our capabilities. The fact that this announcement was so note-worthy also highlights the dearth of public discussion on cyber warfare.
The MOD has released a Joint Doctrine Publication known as the Cyber Primer, which provides an excellent high level overview of cyber opportunities and vulnerabilities in the military context but no real substance as to the ORBAT of UK forces. With the recognition of cyber as a separate but underpinning domain of warfare as shown in this excellent article, perhaps it is time to re-organise the UK’s forces in a similar way to our US allies. Taking a step further to create a “purple” force of offensive and defensive specialists along with a re- invigorated electronic warfare cadre would demonstrate real innovation in an arena where competition is fierce, rules are unclear and technology advances at a breathtaking pace. Why do we need a separate cyber force? Modern platforms such as Typhoon, A400M, AJAX and the QEC carriers are highly dependent on the cyber domain to fulfil their basic functionalities as well as gain a technological edge on our adversaries. Where the air force provides control of the air and the navy provides control of the sea, so too we must have “cyber control” delivered by a force of experts and specialists. The Cyber Primer states that we must be able to operate as freely in this domain as we do in the other physical ones, therefore we need to create a separate branch of the armed forces with the innate “cyber-mindedness” to exploit this new battlespace. For someone with RAF leadership experience, this feels like 1916-18 all over again. Back then we had discovered another new realm of warfare, the air, and argument was fierce as to who would be responsibility for aerial battle. The UK led the world in the creation of an independent air arm. Now, 100 years on, we are presented with another opportunity to lead and innovate.
What would an integrated Cyber Force look like? Currently the bulk of UK Cyber capabilities fall under Joint Force Command, similar to how US cyber forces used to fall under Strategic Command. There are also discrete units within each of the single services, such as 591 Signals Unit, the Fleet Electronic Warfare Group and 14 Signals Regiment. We could break out these units as well as the Joint CEMA Group, the operators, and Information Systems and Services, responsible for enabling those capabilities, into a separate “RCF” commanded by a 3 or 4 Star officer.
The challenges to this radical change would be significant. Trades with these specialisations are under manned and in high demand from civilian industry. Institutional inertia and the “old guard” would be hard to win over. However, there exists a motivated and committed cadre of personnel with the UK MOD who, given this challenge, could and would rise to the occasion. In conclusion, our allies and adversaries are innovating at pace in the cyber domain. In order to keep up, the UK must make significant change to the way it conducts cyber operations. A Royal Cyber Force would be a substantial first step.
The views expressed within individual posts and media are those of the author and do not reflect any official position or that of the author’s employees or employer. Concerns regarding content should be addressed to firstname.lastname@example.org