The UK government recently unveiled its new defense, security, and foreign policy strategy. It is billed as the most comprehensive review since the end of the Cold War.

But what is the ‘Integrated Review’, and how does information security fit in to the country’s overall defense strategy?

Military and cyber warfare specialist Stephen Pritchard, writing for The Daily Swig, answers all this, and more.

What is the Integrated Review?

The paper, Global Britain in a Competitive Age: The Integrated Review of Security, Defence, Development and Foreign Policy (or the ‘Integrated Review’), brings together the UK government’s thinking on defense, foreign policy, overseas aid, and security.

As well as the review, a military-focused ‘command paper’, Defence in a Competitive Age, was published on March 22.

The Integrated Review puts much greater emphasis on cybersecurity and cyber defense. The government is also creating a new, integrated National Cyber Force, drawing personnel from the military, intelligence services, and GCHQ.

The review also sets out the UK’s priorities in areas such as artificial intelligence and robotic and drone technologies, all of which are set to play a greater role in defense.

Why is ‘cyber’ now viewed as one of the domains of defense?

NATO named cybersecurity as one of the domains of defense, alongside land, sea, air, and space, in 2016. Potentially, a cyber-attack on a NATO country could trigger a collective response from the alliance, under Article 5 of its treaty.

Adversaries could aim cyber-attacks directly against military targets – knocking out communications systems – or use them to gather intelligence, or to attack industry or other supporting civilian infrastructure.

The scope of cyber-attacks is broad, and defense involvement is inevitable, according to Professor Vladlena Benson, director of the Cyber Security Innovation Centre and board member of the UK Central Chapter at ISACA, a security industry association.

“It is clear that the new domains of cyber space yield new landscapes for cyber warfare. The new battlefields of information supremacy have manifested themselves in the destructive political influences leading to economic and democratic process disruptions across the cyberspace,” Benson told The Daily Swig.

“Further, the latest attempts to compromise the [Covid-19] vaccine development process shows how disruptive and diverse the threats are. The latter also presents a challenge to physical defenses and the defense across multiple fronts against state-sponsored APTs.”

 

UK cybersecurity strategy outlined in the Integrated Review 2021The UK’s Integrated Review placed cybersecurity front and center

How is the UK government proposing to strengthen its cyber defenses?

The UK is moving away from so-called ‘sunset’ capabilities, including older fighter jets, warships, and armored vehicles, and towards investment in new technologies.

At the tactical level, newer equipment, including the F-35 fighter and the Ajax armored reconnaissance vehicle, include powerful sensors and data-sharing capabilities.

Higher up, military leaders talk about “information maneuver”, or using data and information for strategic advantage. The army will have information maneuver groups, and also created a dedicated cyber unit last year.

Most significantly, the new National Cyber Force will handle both offensive and defensive information security operations.

Although most of the funding for the new organization comes from defense, it will also combat terrorism and serious organized crime, and share expertise with government bodies and civilian companies.

“The armed forces have already been engaging with cyberspace for years; the creation of the National Cyber Force has just helped to bring more public attention to this,” Dr Francis Gaffney, director of threat intelligence and response at Mimecast, told The Daily Swig.

“The National Cyber Force creates a way for organizations like the armed forces to combine their resources and talent with other governmental bodies. This should, in theory, give them wider capabilities as they pool together their intelligence and develop targeted strategies to defend the nation.”

What does the government mean when it says the UK needs to be “at the forefront of global regulation on technology, cyber, digital, and data”?

The UK government has reiterated its commitment to the rules-based system of international relations.

Laws governing information security and cybercrime, though, vary widely from country to country. Pursuing attackers across borders, let alone prosecuting them, remains difficult.

As far back as 2013, the UK admitted to an offensive cyber capability. This is one of the roles of the National Cyber Force. According to RUSI, the defense and foreign policy think tank, this should be no surprise – cyber capabilities are an evolution of battlefield tactics such as jamming communications.

But the UK will need to work with other countries including NATO allies, neutral, and even hostile powers if it is to create ‘rules of war’ for cyberspace, and stronger laws to deter cybercrime.

Doing so, though, could in turn help the UK’s information security sector.

“With global losses from cybercrime now totaling over $1 trillion, it’s clear just how important it is for the country and its local businesses to prioritize cybersecurity and shore up their defenses,” Adam Philpott, EMEA president at McAfee, told The Daily Swig.

“This is why the increased importance placed on cybersecurity in the UK’s Integrated Review is promising news for the future of this country.”

From: Portswigger