What the UK's Carrier Strike Deployment Means for Cyber

Earlier this month, the UK deployed its carrier strike group, sailing out of Portsmouth Harbour on a maiden deployment to the Pacific. Led by the Royal Navy's new ￡3 billion aircraft carrier Queen Elizabeth, the strike group will ultimately conduct ‘Freedom of Navigation’ exercises in the contested waters of the South China Sea. The highest profile naval deployment in a generation, the 9-vessel group will call on 40 countries and engage in 70 exercises en-route to its target in October/November - and it has the potential to cause UK cyber-defenders significant trouble.

Comprised of 9 ships, the UK strike group will be joined by a US destroyer and a Dutch frigate, with the Queen Elizabeth carrier itself carrying two squadrons of F-35 strike fighters.

The South China Seas are rich in resources, and the bitter disputes surrounding the extent of Chinese sovereignty have not stopped the People’s Liberation Army from constructing strategically defensive outposts (such as in the picture below) in attempts to lay Chinese claim to territory currently deemed as international waters.

According to Alessio Patalano an expert in East Asian warfare and security at King’s College London,

“ The message to China is, we will not accept bullying.”

The exercise is also part of the government’s attempt to launch ‘Global Britain’, meant to demonstrate that post-Brexit, the UK has strength economically, diplomatically and militarily – and has a presence on the world stage.

What’s this got to do with Cyber?

Those of us on the front-lines of cyber-security have long known that geopolitical flashpoints and military exercises can trigger a cyber-response, be it to demonstrate capability for a cyber-strike in the event of military escalation (a warning), or to cause genuine disruption and harm. Furthermore, we have seen an acceleration of hybrid-warfare, particularly from Russia, who are leading with a blended military/information warfare approach to conflict.

China itself is known to deploy cyber-aggression against its Pacific neighbours as part of its regional campaigning – and with the UK quite literally about steam into the dispute, it’s worth considering what this may mean closer to home.

But first – let’s consider, is this really different to any other exercise? Other countries, including the US, Australia and European allies, have performed similar (usually smaller) deployments in order to demonstrate freedom of navigation – so why is this any different? And while these countries have certainly been hit with Chinese cyber attacks, cyber is part of Chinese foreign policy whether or not there are warships sailing close to its shores.

Why is it different this time?

First, the Queen Elizabeth is now home to the largest number of F-35 Lightnings ever assembled in one place – a serious demonstration of power. Sailing such a dominant attack weapon into disputed waters may bring more provocation than a regular freedom of navigation exercise.

As Lt. Col. Andrew D’Ambrogi, the commanding officer of the US F-35 squadron based on the Queen Elizabeth told USNI News,

“We have never seen a ship with 18 F-35s that is going to transverse half the world like we’re going to do. It's a pretty bold statement. It's about power projection."

Second, despite being partially armed with US planes, the carrier sails under the UK flag. While Beijing may resist retaliation against a global superpower, the UK represents a far, far softer target than the US.

Third, Sino-UK relations have deteriorated significantly in recent months, with

• Huawei being stripped from UK 5G infrastructure
• Hong Kong residents being offered British citizenship in order to escape the Chinese Hong-Kong security bill
• The UK Government declaring acts of Genocide in reference to Chinese actions against the Uighurs
• Anti-Chinese narratives becoming mainstream in relation to Covid-19

Will the Queen Elizabeth deployment be straw that breaks the camel’s back? It is clearly a cause for concern, as the UK has been at pains to state that its carrier strike capability is not meant to be provocative. However, as Song Zhongping, a former instructor with China’s People’s Liberation Army, stated:

“China will welcome any friendly deployment, but will definitely hit back if Britain becomes provocative near Chinese territory,”

What else should we know?

This isn’t just about China. The Queen Elizabeth strike group will engage in 70 joint exercises, including flying its F-35s over Syria and Iraq in support of Operation Shader, the anti-Daesh campaign.

Furthermore, joint-exercises with the UAE are planned - likely to antagonize Iran, before the strike group also calls on South Korea – likely to provoke the North who have a history in responding to joint military drills with their own cyber attacks.

What do I need to do from a cyber perspective?

Right now, this all falls into the category of strategic threat intelligence. There’s still some months before the strike group conducts its South China Sea exercises, and much may change between now and October / November. If your organization is deemed critical infrastructure or a high profile target, you will likely already be building and testing your defenses against nation-state grade cyber attacks. However, it certainly wouldn’t hurt to run more detection and response drills as we go through the year, while keeping an eye on the status of UK-Chinese relations as we approach October.

However if we take a step back, it should give all of us in cyber – especially in the UK, pause for thought. This new ‘Global Britain’ is not just a one-off – further military exercises in the Pacific are planned through 2022 and 2023, including the testing of landing/invasion craft. If there is some kind of cyber retaliation to the Queen Elizabeth deployment, we may need consider whether the cyber threat to the UK moves to a state of permanent elevation.