UK’s offensive hacking force plans to scale operations to meet government's demands

A gloved cartoon hand inserts a key, the teeth of which are asterisks, into a keyhole against a red background
(Image credit: Getty Images)

The UK’s National Cyber Force (NCF) has revealed plans to scale operations amid rising demands from the government to ramp up offensive hacking capabilities.

In a report offering a unique insight into the NCF’s ongoing expansion, the offensive cyber force said it needs to “scale up to meet the requirements government has of it” and is rapidly expanding personnel and capabilities to meet current demand.

The NCF is currently in the process of establishing a new permanent base of operations as Samlesbury in Lancashire, which it said will enable the force to “increase operational output”.

Samlesbury, a 45-minute drive from GCHQ operations in Manchester, was selected as the site for the NCF headquarters in 2021.

As part of this expansion and recruitment drive, the NCF revealed that it plans to further invest in offensive hacking capabilities to contend with escalating global threats.

The report said that “significant capability investment” will be required to “keep pace with the changing nature of technology” and mitigate increasingly sophisticated cyber threats currently faced by the UK.

The NCF specifically highlighted rapid technological developments as a key operational challenge, noting that “fundamental changes to the future shape of the internet and globalisation of technology could raise significant complications”.

“Our adversaries are global and use a wide array of cyber and digital technologies,” the report said. “We need to have the technical ability and readiness to reach these adversaries wherever they are and irrespective of how they are using cyber technology.”

Closer integration with defence partners, including GCHQ, the Ministry of Defence (MOD), and the Secret Intelligence Service (SIS) will also be a key objective for the NCF moving forward.

The NCF noted that it must “integrate effectively with other parts of government and with a wider range of partners and allies”.

This includes law enforcement, government policy departments, the private sector, and a “growing number of international allies”.

“More broadly, we are working with the private sector, academia, think tanks, and wider civil society to harness the best thinking available to enable our mission,” the NCF said.

NCF faces operational challenges

The NCF noted that it faces several significant challenges as operations continue to accelerate. Relevant skills and expertise are currently a key issue facing the force.

Its status as a relatively new organisation is also presenting challenges due to its combination of elements from both the intelligence community and the armed forces, the report warned.

“This means that investment in organisational development is important. Not least given the often very different cultures, processes, and professional experiences of the constituent organisations.”

Similarly, the Samlesbury headquarters development will also require a “high degree of planning and preparation” before it can become fully effective in its capabilities, the NCF said.

What does the NCF do?

The NCF conducts cyber operations “on a daily basis” to protect against threats to British national security or the country’s economic well-being.

While much of the work conducted by the offensive hacking force is highly secretive, in recent years the NCF has led operations focused on protecting military deployments overseas, disrupting terrorist groups, and countering state-backed disinformation campaigns, it revealed.

The centre has also worked to counter “sophisticated, stealthy, and continuous cyber threats” facing the UK amid a significant increase in cyber criminal and state-backed attacks in recent years.

“NCF routinely plans and conducts operations to support and protect military operations and help ensure they safely meet their mission objectives,” the report said.


Supply chain as kill chain

Security in the era Zero Trust


“This can include disrupting physical threats, protecting supply chains, and disrupting hostile malware which could threaten operational readiness.”

A core tenet of the NCF’s approach is the ‘doctrine of cognitive effect’ - whereby the force uses techniques that have the potential to “sow distrust, decrease morale, and weaken our adversaries’ abilities to plan and conduct their activities effectively”.

“This can include preventing terrorist groups from publishing pieces of extremist media online or making it harder for states to use the internet to spread disinformation by affecting their perception of the operating environment,” the NCF said.

There are strict limitations set on the NCF, however. While the organisation represents the tip of the spear for the UK’s offensive cyber activities, NCF operations are conducted following a “well-established legal framework”.

This includes the Intelligence Services Act 1994 (ISA), the Investigatory Powers Act 2016 (IPA) and the Regulation of Investigatory Powers Act 2000 (RIPA).

NCF activities are also subject to approval by government ministers, judicial oversight, and parliamentary scrutiny, the organisation said.

“The NCF always acts within the law,” the report said. “Decisions to approve operations are informed by legal advice on relevant domestic and international law.”

NCF cyber capabilities are also developed so as to ensure that technologies or techniques can be “controlled effectively” and are predictable.

“A core part of responsible cyber operations is the design and use of capabilities in a way that is predictable and controllable, and where the risks are proportionate to the outcome required,” the report said. “We carefully design our capabilities to achieve this end.”

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.