Inside the MoD’s New Cyber Command: Why the Government Initiative Needs to be on CISOs’ Radars

The UK government is learning from cyber warfare tactics in Ukraine to shore up its defences. Kate O’Flaherty delivers the need-to-know details and explores the call to action for CISOs

Early in the war with Russia, Ukrainians used digital technology to locate their enemies and attack them quickly on a large scale. This combination of kinetic and cyber warfare helped them to turn the advantage around and halt the encircling Russian advance.

The UK armed forces are learning from Ukraine’s progress, and the lessons have informed a new Cyber and Electromagnetic Command – an initiative announced in May by the Ministry of Defence (MoD)

Part of the UK Strategic Defence Review, which aims to make the country more secure at home and abroad, the initiative recognises the increasing integration of electronic systems and computer networks, which the MoD believes will eventually be indistinguishable.

It comes alongside a £1 billion investment in a so-called “Digital Targeting Web” that will help make quick, integrated battlefield decisions by linking sensors and shooters across domains. The government cites the example of how a threat could be identified by a naval or space sensor before being disabled by an F-35 aircraft, drone or offensive cyber operation in a matter of seconds.

In the government’s words, the move will give the UK “a decisive advantage through greater integration across domains, new AI and software, and better communication between our armed forces”.

So, what’s changed, what does this all mean for UK defence and security, and how should CISOs respond?

What’s Changed?

Of course, the UK already had cyber and electromagnetic (cyberEM) defences in place, but they were disparate. Previously, pockets of cyberEM expertise across defence included the army’s Cyber and Electromagnetic Effects Group; the Air and Space Warfare Centre; the Royal Navy’s Information Warfare Group; and the Space Command.

“We saw this kind of proactive disruption during operations against ISIS, where communication lines were manipulated to interfere with recruitment, coordination and propaganda” Oliver Spence

The new Command ensures that there is a central organisation with the authority and responsibility for integrating these capabilities to command and coordinate in a joined-up way.

Technically, the Command will focus on degrading enemy command and control capabilities, especially on the battlefield. This means jamming drone signals, disrupting missile guidance and interfering with enemy communications, says Oliver Spence, CEO of CybaVerse, who served in the Marines a decade ago. “There’s already a lot of success being seen in Ukraine with these types of tactics,” he tells Assured Intelligence.

The establishment of the Command means more offensive cyber capabilities, with the UK intercepting and manipulating communications to prevent attacks before they happen. “It’s about looking ahead: What are the likely attack vectors and how do we get ahead of them?” Spence explains.

Beyond Ukraine, these tactics have been used in other hybrid warfare situations. “We saw this kind of proactive disruption during operations against ISIS, where communication lines were manipulated to interfere with recruitment, coordination and propaganda,” Spence says. “The same thinking applies here: If we can interfere early in the chain, we can protect the UK more effectively.”

At the same time, the Digital Targeting Web, due to be in place by 2027, will integrate sensors and weapons across all domains, using AI and real-time data to neutralise threats within seconds. The move marks “a strategic shift”, recognising that cyber and electromagnetic domains are “contested daily” and that resilience is key to countering the threat, says Ben Fuery, associate director, cybersecurity at Bridewell.

Ian McGowan, managing director at Barrier Networks, spent 13 years serving as a cyber officer in the Land Information Assurance Group. He says the UK Command mirrors the structure and strategic vision of US Cyber Command, also known as USCYBERCOM, which has integrated cyber operations with military planning across services for some time.

Threat From Hostile Nations

Every day behind the scenes, the UK is constantly battling a range of cyber attacks, defending national infrastructure that provides essential services and logistics supply chains.

Set against this hostile backdrop, the Strategic Defence Review highlights Russia as an immediate and pressing threat in key areas such as cyberspace and information operations. At the same time, it emphasises that China is likely to continue seeking advantage through espionage and cyber attacks.

“The threats the UK now faces are more serious and less predictable than at any time since the Cold War” MoD spokesperson

The Strategic Defence Review is clear that the threats the UK now faces are “more serious and less predictable than at any time since the Cold War”, with issues including war in Europe, growing Russian aggression, new nuclear risks, and “daily cyber attacks at home”, an MoD spokesperson tells Assured Intelligence.

The stats shared by the MoD are staggering. In the last two years, the government agency has protected UK military networks against more than 90,000 “sub-threshold” attacks, the spokesperson adds.

Attacks are being perpetrated by several adversaries, primarily from Russia and China, Ivan Milenkovic, vice president of risk technology EMEA at Qualys, tells Assured Intelligence. “They are engaged in a persistent campaign of cyber espionage, intellectual property theft, and attempts at political interference targeting UK democratic institutions, politicians and civil servants.”

Attacks are on the rise now, but new methods fuelled by changing technology are set to raise the stakes further. Beyond traditional cyber attacks such as ransomware, adversaries are using disinformation campaigns designed to influence political discourse and amplify civil unrest,  CybaVerse’s Spence points out. “These can be subtle and difficult to trace, but are incredibly damaging over time,” he warns.

Meanwhile, rapid advances in emerging technology, such as AI voice spoofing, deepfake videos, and social engineering using generative AI, are exacerbating the issue, making the need for the integrated capabilities of the Command more urgent.

A Call to Action for CISOs

The Command is a government initiative, but it should be on all CISOs’ radars, especially if you operate in a highly-targeted critical sector, such as healthcare, finance or energy – or if you are a supplier to these industries.

With this in mind, the MoD investment should be a reminder that “you’re not operating in isolation”, says Sam Peters, chief product officer at ISMS.online. “Your organisation might not think of itself as a target, but if you’re connected to the right systems, servicing critical infrastructure, or simply handling sensitive data, you could be caught in the crossfire of a much bigger campaign.”

“Backups must be logically or physically air-gapped from the main network” Ivan Milenkovic

Ken Sheehan, director of operations for Smarttech247, is a former senior communications and information services officer in the Irish Defence Forces. With an increasing number of attacks targeting IT helpdesks, he advises making sure there is “a robust process in place for the interaction between your IT helpdesk and your staff” to avoid attacks targeting this area.

At the same time, ensure your staff are aware of the use of AI deepfakes by adversaries, particularly to impersonate senior leaders within your organisation, Sheehan tells Assured Intelligence. “It is likely there will be video footage of them online that threat actors can use to create a believable deepfake.”

To stay informed about the latest threats, it’s a good idea to participate in threat intelligence sharing. Alongside this, organisations must “develop, document, and regularly test a comprehensive incident response plan in case of an inevitable cyber attack”, says Qualys’ Milenkovic.

A cornerstone of this strategy is “a robust backup and recovery system” to help get things back up and running quickly if ransomware hits, Milenkovic says. “Backups must be logically or physically air-gapped from the main network and, where possible, stored in an immutable format to ensure they cannot be encrypted or deleted by an attacker.”

As the threat from nation states grows, alongside adversaries’ use of technology such as AI to elevate attacks, the MoD’s new measures are a welcome defence. It’s a call to action for CISOs to take note and ensure they understand the threats posed by hostile states, thereby increasing resilience to protect their businesses.