December 2, 2023

Lt. Gen. Tom Copinger-Symes is the deputy commander of the UK’s Strategic Command, accountable for the Ministry of Defence’s offensive and defensive cyber capabilities — in addition to actions that lie someplace in between.

He instructed Recorded Future Information that Strategic Command was now opening up about its hunt ahead operations — a sort of defensive exercise pioneered by U.S. Cyber Command wherein army cyber specialists deploy to a international nation to detect malicious exercise on the host nation’s networks.

These operations have been beforehand softly referenced within the Defence Command Paper 2023, when the MoD said: “Our potential to each study from occasions and hunt ahead to search out threats will generate strategic benefit for our personnel and companions in battle.” Express affirmation that the British Armed Forces have been conducting hunt ahead operations has not beforehand been reported.

Affectionately often known as Normal Tom to his subordinates, Copinger-Symes has just lately overseen the creation of the Nationwide Cyber Pressure (NCF) which consolidates British offensive cyber actions and contains workers from the indicators intelligence company GCHQ, the Secret Intelligence Service and the MoD.

Though the NCF will not be but totally staffed — and its new everlasting base within the village of Samlesbury in Lancashire in North West England has not but been constructed — officers say it’s already “finishing up operations each day,” although these are thought of to be covert, and officers don’t talk about them publicly.

Recorded Future Information spoke to Copinger-Symes in the course of the Defence and Safety Tools Worldwide (DSEI) convention in London earlier this month. This interview has been edited for size and readability.

THE RECORD: Because the starting of Russia’s full-blown invasion of Ukraine final yr, how has the British Military’s pondering modified in regards to the function of cyber throughout armed battle?

LT. GEN. TOM COPINGER-SYMES: Nice query. I believe I would begin by saying, clearly you do not wish to draw anyone strand from Ukrainian classes. Jim, my boss, [Gen. Sir Jim Hockenhull] has this pretty phrase: “When you screw up your eyes tight sufficient, you’ll be able to study any lesson you need.”

So the very first thing is only a caveat that we’re the cyber area leaders and due to this fact, we’re extra susceptible than most to study the teachings we wish to study from Ukraine, fairly than ones we should always. I believe to start out with, there was this nice delusion that cyber was the canine that did not bark. Now, it would — to increase that metaphor — be the canine that did not chunk. However that was due to an enormous quantity of arduous work, not least since 2014 by Ukraine, after which an enormous quantity of arduous work, at very brief discover, by a few of Ukraine’s associates and companions.

And people associates and companions aren’t simply nations, they have been massive digital primes, like Amazon Net Providers and Microsoft. So getting the Ukrainian knowledge out of Kyiv and into some safe cloud-like functionality internet hosting was, you recognize, that is the twenty first century equal of Charles de Gaulle, leaving Paris with gold and state papers. So at that nationwide degree of what resilience appears like, and the way knowledge performs into that, and the safety of your knowledge, I believe that is a very essential lesson.

Likewise, the type of menace intelligence that was flowing into Ukraine from very early on from individuals like Microsoft. And naturally, we’re very happy with how a lot cyberthreat knowledge we collect as Defence, however that is tiny in contrast with what Microsoft gathers each day of the week… I imply, it is superior, the size they work at. And that simply highlights to me this actually essential relationship we have got within the cyber area with our trade companions. That’s completely different from within the land area, or the air area, or maritime area, the place finally trade companions hand over a tank after which we function the tank — usually with folks mending the tank for us occasionally — however it’s far more of a handoff. Whereas within the cyber area, we’re working with trade actually the entire time, fairly much like the area area truly, the place you are far more built-in with trade. So I believe that is one of many options I would just level to: the criticality of that partnership with trade within the cyber area.

All photos: U.S. Ministry of Defence

The following one, and we within the UK, we outline the cyber area because the cyber and electromagnetic area. And there, we’re going again to the longer term, we’re simply reminding ourselves that no tank fights with an enormous cable popping out of its bottom. No aircraft flies with a cable [tethering it to a computer network], and we get our knowledge, and we share our knowledge, by way of the spectrum. So the criticality of the spectrum and the degrees of contestation of the spectrum — and albeit, simply the extent of environmental problem with the spectrum, you recognize, simply the affect of climate, and the rain, and so forth — is basically essential. And that is permitting us to re-identify these kinds of classes we have recognized for a minimum of 100 years, probably extra, in regards to the criticality of the spectrum, and what I’d name a converged area between on-line and the spectrum. The significance of that, and the flexibility to combat in and across the spectrum, and to combat for short-term dominance there, is simply as acute as preventing for air superiority.

TR: Is there such a factor as spectrum superiority, in the best way that there’s air superiority?

TCS: I believe like air — in a state-on-state battle the place there’s parity — the concept of air supremacy, or cyber supremacy, might be a bit doubtful. And when you assume you’ve got obtained it, you are most likely in for a impolite shock. However this concept — there’s a number of pondering popping out of America about pulsed operations, or the flexibility to, what within the First World Conflict would have been an artillery-salient type of standing for that achieved dominance — have your impact, after which pull again, I assume that is the place we’ll go to. And within the spectrum, you recognize, it is actually, actually arduous to achieve and keep absolute supremacy. However gaining superiority for the aim you want it for, goes to be actually, actually essential.

TR: Earlier this yr, the Nationwide Cyber Pressure printed a paper about being a Accountable Cyber Energy. It set out what was described as “the doctrine of cognitive impact.” In these phrases, how does cyber essentially differ from kinetic warfare?

TCR: With out instructing grandma to suck eggs, all warfare is cognitive. The inevitable human response to a spherical going over your head is normally to place your head down, it would not actually matter whether or not the bullet hits you or your subsequent door neighbor, it has a cognitive impact. And that ought to simply be a very good reminder that that is what warfare is about. There are human beings concerned. It is by no means about killing all people, it is about bending individuals to your will, and getting them to behave in the best way you need them to behave.

And, in fact, we have used non-kinetic, no matter you wish to name informational results, to try this endlessly, from the Zimmermann Telegram to no matter else. And cyber could be very a lot a part of that continuation of historical past. However in fact, cyber, the digital area, the spectrum, has these large amplifying results. A few of that may final endlessly, a few of that could be a part in time, in the identical approach because the printing press led to wars and pamphleteers of the nineteenth century impacted politics, as a result of not solely of its amplifying impact, however initially it is stunning, it has is an immense affect on individuals as a result of they have not grown up with it. So I believe the cyber area, the data setting — and army doctrine hasn’t fairly sorted out what we imply by these two issues but — because the lens by means of which all warfare is communicated, has been actually prevalent right here.

Let’s simply give attention to the nationwide strategic degree communications of Ukraine. We’re actually happy with the help we’re giving to Ukraine, and we’re there for the long run. We now have been awestruck by the ethical resilience and braveness of the Ukrainian individuals, and their military, however the Ukrainian individuals and — we most likely will not go into all of it right this moment, however you recognize, we’re actually happy with the technical ranges of help we’ve provided and given — however I do not assume anyone is telling President Zelensky talk internationally. He is giving us a grasp class in the way you talk actually essential messages to a number of audiences. And that’s cognitive impact. And, in fact, the interaction between that and what [Valerii] Zaluzhny [the commander-in-chief of the Armed Forces of Ukraine] is doing… you are seeing statecraft and warfare exercised at a PhD degree there, studying as they go.


However that is a very good reminder of how the data setting is the factor that really wins wars. Battles get gained by armies … [but] wars get gained by nations and their nation’s spokesman. And it is a mixture of these issues that basically wins a warfare. And we’re relearning that as a result of inevitably for 20 years, we’ve been centered on a really completely different type of battle, far more counterterrorism, far more counterinsurgency, towards a special type of menace and a special degree of warfare. And we have been utilizing info in a special type of approach.

TR: In the mean time the Nationwide Cyber Pressure is operational however not totally staffed. Below present plans, finally it is going to be composed of an equal share of Defence personnel and intelligence neighborhood personnel from GCHQ and MI6. How assured are you that the potential it’s meant to supply will likely be in place inside the subsequent three or 4 years?

TCS: With the present plan, and measurement and form … I imply, we’re bending ourselves out of form collectively, [building the NCF] means recasting a number of the commerce teams within the Military, Navy and Air Pressure, and the civil service, to get the best mix of expertise. That is proving arduous work, however we’re getting on high of it. We’re doing that in shut partnership with these intelligence companies and our scientists at DSTL [the Defence Science and Technology Laboratory], to get there. I am very assured that over the following three, 4 or 5 years, we’ll get there. As you recognize, we have introduced the longer term location in Samlesbury. As we get there, we’ll discover out what the partnership is between different websites across the nation and Samlesbury, and a few of the human components about transferring individuals round. The curve is up, I am not going to faux that it is all been good or easy. It is a new factor. And injecting tempo into a brand new factor the place even a few of the job titles, you recognize, individuals round Defence do not but know, I spoke on a panel earlier about unlocking our potential and one of many factors I stated is, in unlocking our potential, we’ve got want for it outdoors of cyber, simply in digital, we’ve got new commerce teams and job roles that folks do not perceive but. And guess what, that is the identical in a financial institution. Identical in an vitality firm. You recognize, that is unknown territory.

TR: For the sake of our U.S. viewers, how would you clarify the distinction between the NCF and U.S. Cyber Command?

TCS: It could most likely be improper for me to speak an excessive amount of about Cyber Command, as a result of I can not bear in mind proper now, what they’ve launched publicly and what they have not. I believe for us — and this will likely be acceptable the world over — we’ve got defensive cyber operations, which on the nationwide degree clearly run by means of the Nationwide Cyber Safety Centre (NCSC). After which by means of us at Strategic Command we run Defence Digital which is federated throughout Defence, so the Navy may have a CySOC [Cyber Security Operation Center] the Air Pressure has a CySOC, the Military has a CySOC, however all of them are working into Corsham, our GOSC [Global Operations Security Control Centre] the place we heart our cyber operations. That works very intently with NCSC when it comes to info sharing, menace sharing, and so forth.

After which we’ve got an offensive functionality which we have spoken about actually fairly publicly. I believe we’re type of main the world in that, and the concept of Accountable Cyber Energy is basically essential to that. After which we’ve got some bits that sit barely between offense and protection, and we have simply began speaking about our hunt ahead operations. The concept of ahead protection, you recognize, going and serving to our companions safe their very own networks, which begins to blur the boundaries between offense and protection.

TR: Does the UK additionally use the time period hunt ahead? I assumed it was a U.S. coinage.

TCS: We’re utilizing hunt ahead as a result of we’re studying a number of classes from them. Different nations all over the world discuss offensive cyber, cybersecurity and cyberdefense. We’ll refine our language over time, however for the second we use hunt ahead. I believe individuals intuitively perceive what which means.

As we develop the NCF, develop our defensive piece, develop hunt ahead, what we’re making an attempt to do in Strategic Command is construct a way more coherent cyber area. The American mannequin is barely completely different, however they’ve a special protection power. They haven’t simply the Military, Navy and Air Pressure, they’ve a Coast Guard and Marine Corps, and that is separate and so forth. Clearly, we work very, very intently with Cyber Command. And the place we differ from them, it is for good causes. And the place we are able to copy from them, we do. However we copy from an enormous bunch of individuals, as a result of this can be a race, and it is a type of Olympic-level sport. When you’re not copying different individuals, and when you’re not studying classes from different individuals, you are most likely going backwards, not forwards.

TR: One of many extra apparent variations between the U.Ok. and U.S. is the sources out there to the armed forces. How are these limitations affecting integration throughout Defence?

TCS: Paradoxically, and that is a kind of too-good-to-be-true solutions, so spoiler alert, one of many nice spurs to integration will not be being too effectively resourced. As a result of integration is about making the entire larger than the sum of the elements. And one of many causes to try this, is as a result of you do not have infinite quantities of cash to construct these large stovepipes [military systems that aren’t interoperable].

Now, that isn’t essentially the case alone. However I believe the purpose is, integration would not have to return from over-resource, generally you will be actually pushed to combine stuff since you’re making an attempt to get essentially the most out of the entire power. So I do not assume cash is a matter there. What I’d say about integration, and simply how we wish to take cyber ahead, or digital ahead is, we are able to endlessly ask for extra money — truly, we’ll get greater than £50 billion subsequent yr, and over the following 10 years, we’re getting £600 billion of our cash, taxpayers cash. That is fairly some huge cash. And I reckon we are able to do much more with that than we’re in the mean time. When you provided me extra money, I am going to take it, however within the meantime, we’re going broke for expertise and other people faster than we’re going broke for cash.


I believe the best limitation on how rapidly we are able to play out our ambitions, whether or not it is in our on-line world or for integration, and you recognize, Strategic Command does three massive issues: it integrates Defence, it leads the cyber area, after which it helps campaigns.

For all of these issues, individuals and expertise are the best limiting components. In order that’s why we introduced the brand new bursary scheme that we’re beginning, initially up in Lancashire to work with the Lancashire Abilities and Employment Hub, with initially 100 individuals. Simply this yr about £1 million of funding is being put in, and I hope in a couple of years that is 1000’s of individuals, that is how rapidly I wish to scale it, and I hope it is considerably a couple of million quid. We’re doing that in Lancashire, in order that we are able to give attention to the NCF and get some younger — and a few not so younger — individuals taken with cyber careers, whether or not it is within the offensive, the defensive, or work in spectrum for example. And I’d focus not a lot on cash on this specific case, however on attracting the best aptitude, not essentially polished expertise. We do not want tons and many math PhDs from Imperial or Cambridge or no matter, however we’d like individuals with aptitude, who wish to come and repair our issues. And God we’ve obtained a few of the coolest issues on the earth to repair, and get them enthusiastic about that and convey them in to have a flourishing profession in Defence.

TR: You talked about the significance of trade being one of many main classes from the warfare in Ukraine. I do know that is one thing being centered on at NATO as effectively. How does the British Military plan on studying that lesson?

TCS: At each single panel right here at DSEI, any person may have stated, “we have to work in a different way with the trade,” whether or not it’s in constructing tanks or doing cybers, or getting some whoop-ass AI into this factor. So what are we doing about that? Effectively, over the previous 4, 5 years, we at MoD have introduced in a CIO with no authorities expertise, no army expertise, from trade. We have introduced in a chief knowledge officer with no earlier authorities expertise, all trade expertise. We introduced in a CISO, Christine Maxwell — we do not name her that in Defence, we’ve got one other title, however she’s a CISO — no authorities expertise, all trade, working with authorities, however at all times on the trade aspect.

That is only one instance of how we’re turning this stuff round. Frankly, I’d be mendacity if I did not say they have been shocked once they got here in and noticed how we work with trade, how immature a few of the relationships are, not when it comes to the size of relationship, however how little belief there may be, how little relationship constructing there may be, and the way, — I am going to quote one in every of them — how “the contract at all times appears to be within the room” whereas they stated of their earlier profession, if the contract was within the room, the connection was damaged already and also you have been on the best way out.

TR: Is that this a dramatic change of MoD’s relationship with trade?

TCS: That’s the intention, however I am at all times apprehensive that it appears like “Oh, there, we’ve achieved it.” We now have not achieved it. And we’re actually hungry to go a lot, a lot sooner. I imply, I have been on 4 panels previously three days. On each one I’ve made the purpose we wish to go sooner, we wish to go stronger. I wish to be extra radical.

I additionally simply wish to come again to expertise. One of many issues I believe we modified the sport on, is recognizing that everyone’s going broke for [people with] expertise. I have not spoken to anyone within the broadly digital knowledge tech world who is not crying out for extra expertise: banks, vitality corporations, no matter. It would not matter how a lot they pay them, there should not sufficient expertise. So what we’re saying, significantly with the bursary, however this wider Digital Abilities for Defence program that we have simply launched, is that we’re an incredible studying/growth group.

In Defence, we most likely make investments extra time, labor and cash in individuals’s studying and growth than some other group. The British Military is the highest apprenticeship group in the entire of Europe, I believe the Royal Navy is the second, and the RAF is the fourth or fifth, or possibly it is the opposite approach round. However which means, collectively, we knock the apprenticeship factor out of the park. And earlier than anyone thinks that they are low expertise, a few of our greatest individuals at GCHQ begin as apprentices at GCHQ.

So we’re making an actual funding on expertise, and we’re doing that with trade. Most of these individuals … we’ll upskill them from type of GCSE or a A-Degree commonplace, with graduate diploma apprenticeships, in-service levels — after which they’re most likely going to depart after 5 or seven years. And in the event that they go away, and go and be part of nationwide safety, or an intelligence company, in the event that they go away and go and be part of trade, even when they go away and go and be a sheep farmer in Wales and by no means contact digital once more, it would not matter. We’ll ship large social worth to the nation by means of upskilling them. And that is a nationwide good, and we’ll try this with trade — and trade is gagging to try this with us. I imply, they’re completely eager to try this in partnership, and so they’re not apprehensive about what the phrases of it are. They only wish to try this collectively as a result of they acknowledge what a problem it’s.

TR: We now have time for only one ultimate query. Will a cyber particular person ever make it to the rank of lieutenant common?

TCS: Sure. The deputy head of the military, the deputy chief of the Normal Employees — an excellent buddy of mine, joined the military on the identical day as me — Sharon Nesmith, is a royal indicators officer … and she or he is a three-star. When she joined she was a cyber dude, in the best way we had, so possibly we’re already there.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

No earlier article

No new articles

Alexander Martin

Alexander Martin is the UK Editor for Recorded Future Information. He was beforehand a expertise reporter for Sky Information and can also be a fellow on the European Cyber Battle Analysis Initiative.