Britain's National Cyber Force will be based in Lancashire, the government has said – though despite obvious clues neither the Ministry of Defence nor BAE Systems will confirm the force's planned new location.
The offensive hacking unit will be based somewhere in Samlesbury, a semi-rural area midway between Preston and Blackburn and just up the M61 from Manchester. Precisely where, however, is a mystery.
Although BAE Systems has long had a production facility at the old Second World War airfield in Samlesbury, the company refused to say whether the NCF would be based there. A spokeswoman confirmed that the company's Applied Intelligence infosec division has no presence at Samlesbury.
The Ministry of Defence also refused to say, citing spurious "operational security" grounds.
Defence Secretary Ben Wallace was quoted by the MoD mouthing the usual political platitudes about the £5bn HQ creating "highly skilled jobs and expertise". It so happens that Wallace is MP for Wyre and Preston North, a constituency that lies immediately northwest of Samlesbury.
Other news sources were rather specific; the Lancashire Post pegged the NCF's location as a local enterprise zone "next door to the Samlesbury Plant of BAE Systems."
The BBC repeated government claims that the NCF could "prevent a threat like 2017's WannaCry attack", having conveniently forgotten that WannaCry was halted mid-attack by one bloke registering an uncontrolled command-and-control domain. The world didn't need an army of government-sponsored black hats to achieve that effect, just someone capable of reverse-engineering a binary and making an online credit card payment.
- UK MoD data strategy calls for social media surveillance on behalf of 'local authorities'
- UK Ministry of Defence apologises – again – after another major email blunder in Afghanistan
- Computer and data scientists should be as highly regarded as 'warriors' says top UK cybergeneral
- UK's Ministry of Defence coughs up bug bounties for crowdsourced pentesting
The NCF was formally announced to the world in November 2020, having been operating under that name since April of that year. An MoD-owned formation, its remit is offensive cyber: old-fashioned hacking of the government's enemies du jour. So far Britain has been quiet about its offensive hacking abilities despite pledging these to NATO for the US-European military alliance's use.
WannaCry has become a depressingly common go-to for UK government agencies claiming they can prevent a repeat of it; in July the Cabinet Office claimed the National Cyber Security Centre (NCSC) needed a posh HQ in London because of its role in the WannaCry clean-up.
Others pointed out that despite all the recent banging of drums about the NCF and other offensive cyber investments (the Conservative Party Conference has been taking place over the past few days), what Britain really ought to be concentrating on is better security. Ciaran Martin, founding chief exec of the NCSC and now an Oxford don, pithily observed on Twitter:
Offensive cyber & cyber security aren't two sides of a coin.— Ciaran Martin (@ciaranmartinoxf) October 4, 2021
One is a general national security capability for use by Gov't for any lawful purpose.
The other is about the security of the digital environment.
There's some overlap; not much.
It's not that hard. Fits in a tweet