General Sir Nick Carter, Chief of the Defence Staff, said that UK armed forces need to change "fundamentally" to keep up with new threats posed by Russia and other nation state actors.
Speaking at the Air Power Conference at Savoy Place, central London, Sir Nick said that over the last three years, threats have "diversified, proliferated and intensified rather more rapidly than we anticipated".
"Our state-based competitors have become masters at exploiting the seams between peace and war," he said. "what constitutes a weapon in this grey area no longer has to go ‘bang’ – energy, cash, corrupt business practices, cyber-attacks, assassination, fake news, propaganda – and good old-fashioned military intimidation - are all examples of the weapons used to gain advantage in this era of ‘constant competition’."
He added that the rules-based international architecture that has assured our stability and prosperity since 1945 is "threatened".
Sir Nick said in the UK the risk we run in not defining this clearly, and acting accordingly, is that "rather like a chronic contagious disease, it will creep up on us, and our ability to act will be markedly constrained – and we’ll be the losers of this competition".
He said that Russia was the "arch exponent" of this and said it was "probably the most complex and capable state-based threat to our way of life since the end of the Cold War".
"Since 2016 we have seen a marked shift to cyber, subversion and coercion as well as sophisticated use of smear campaigns and fake news," added Sir Nick.
He urged thinking creatively to modernise the UK military.
"It is not about matching an adversary’s strength with strength but thinking about how to out-manoeuvre him by threatening his vulnerabilities, by holding what he cares about at risk and by thinking laterally and asymmetrically," he said.
There is a need to prioritise capabilities such as those allowing "us to manoeuvre in the information domain to create information advantage, enhancing our range of capabilities in cyber, space, electronic warfare and information operations".
He said that the UK needed to build its own resilience and protect its critical national infrastructure and other vulnerabilities – "such as our networks, such as CBRN, and survivability - all working within a cross-Government framework to utilise all of the levers of national power".
He said that the joint force was needed to defeat the full spectrum of threats and actors.
"The role of information technology here is profound – from bringing together understanding and situational awareness through advanced data fusion, through the use of machine learning and artificial intelligence to recommend courses and consequences of actions, to the delivery of a range of non-traditional deterrent effects," he said.
Joseph Carson, Chief Security Scientist at Thycotic, told SC Media UK that nations can defend themselves by ensuring their information and critical infrastructure is decentralised and beyond their countries physical borders which means a cyber-attack on a single country must attack multiple countries to achieve any significant damage.
"This means nation states must cooperate together and work together," he said. "Investing in people and technology is the only way to get the right skills needed to defend against such an attack. We need a people-centric approach to cyber-security which means people need to be trained and technology needs to be simple to use."
Dr Kevin Curran, senior member of the Institute of Electrical and Electronics Engineers and professor of Cybersecurity at Ulster University, told SC Media UK that some responses to increasing cyber-defences in Europe such as the NATO Computer Incident Response Capability (NCIRC) which protects NATO’s own networks by providing centralised round-the-clock cyber-defence support to various NATO sites.
"Of late, the European Council has adopted the decision to establish a European Union defence pact, known as PESCO. The 25 participating EU states are set to begin working on a series of joint-defence projects next year," he said.
Weds 21st Nov, 3pm
A practical risk-based approach to implementing GDPR and building a security-aware culture in your organisation.
Brought to you in partnership with Metacompliance
Mon 19th Nov
Brought to you in partnership with Mimecast