Britain’s National Cyber Force will be based in Lancashire, the government has said – although despite clear clues neither the Department of Defense nor BAE Systems will confirm the force’s planned new location.
The offensive hacking unit will be based somewhere in Samlesbury, a semi-rural area midway between Preston and Blackburn and just upstream of the M61 from Manchester. Precisely where, however, is a mystery.
Although BAE Systems has long had a production facility at the former WWII airfield in Samlesbury, the company declined to say whether the NCF would be based there. A spokeswoman confirmed that the company’s infosec Applied Intelligence division was not present in Samlesbury.
The Defense Ministry also declined to say, citing false “operational security” grounds.
Defense Secretary Ben Wallace has been quoted by the Defense Ministry as saying the usual political platitudes about the £ 5bn HQ creating “highly skilled jobs and expertise”. As it turns out, Wallace is the MP for Wyre and Preston North, a constituency which lies immediately north-west of Samlesbury.
Other sources of information were rather specific; the Lancashire post stowed the location of the NCF as a local business area “adjacent to BAE Systems’ Samlesbury factory”.
The BBC reiterated that the government said the NCF could “prevent a threat like the 2017 WannaCry attack”, conveniently forgetting that WannaCry was stopped mid-attack by a guy registering an uncontrolled command and control domain. The world didn’t need an army of government sponsored black hats to achieve this effect, just someone who could reverse engineer a binary and make a credit card payment online.
The NCF was officially announced to the world in November 2020, operating under that name since April of the same year. A formation belonging to the Ministry of Defense, its mandate is cyber offensive: the old-fashioned hacking of the enemies of the government of the day. Britain has so far remained silent on its offensive hacking capabilities despite by promising these to NATO for the use of the US-European military alliance.
WannaCry has become a depressing benchmark for UK government agencies claiming they can prevent this from happening again; in July, the Cabinet Office claimed that the National Cyber Security Center (NCSC) needed a posh head office in London because of its role in cleaning up WannaCry.
Others have pointed out that despite all the recent drumbeat over the NCF and other offensive cybernetic investments (the Conservative Party conference has been held in recent days), Britain should really focus on better security. Ciaran Martin, founding CEO of the NCSC and now a donation from Oxford, observed concisely on Twitter:
Offensive cybersecurity and cybersecurity are not two sides of the same coin.
One is a general national security capability to be used by the government for lawful purposes.
The other concerns the security of the digital environment.
There is some overlap; not a lot.
It’s not that hard. Fits in a tweet
– Ciaran Martin (@ciaranmartinoxf) October 4, 2021