Lancashire preparing to lead the way in cyber defence as ‘one of the good guys’

That was the assessment of a senior military commander paying a visit to the region this week to witness Lancashire cementing its claim to a place at the heart of the UK's digital defences.

The county has stepped up preparations for the opening of the NCF headquarters in Samlesbury in 2025, launching a new Lancashire Cyber Partnership in order to bring together all of the public and private sector players that will need to collaborate in order to ensure that the new facility delivers not only for the nation that it seeks to protect - but the place where it will be based.

The launch was set against the backdrop of Lancashire’s inaugural cyber festival in Preston . That event, hosted at at the University of Central Lancashire (UCLan), aimed to inspire the potential NCF workforce of the future - both the primary school pupils in attendance, who were encouraged to take part in cyber-themed problem-solving, and those a little closer to taking their first steps in a career in cyber defence who were given the message that a raft of skills and specialties will be needed for the roles on offer.

The Local Democracy Reporting Service (LDRS) understands that around 2,000 jobs are expected to be generated by the NCF’s presence in the county by the mid-2030s - not just within the headquarters itself, but also across the supply chain that it is expected will now spring up to service the development.

The NCF was established only in 2020 - as a partnership between the defence and intelligence sector - and operates in and through cyberspace to “disrupt, deny, degrade and contest those who would do harm to the UK and its allies, to keep the country safe and to protect and promote the UK’s interests at home and abroad”.

Lieutenant General Tom Copinger-Symes, Deputy Commander of UK Strategic Command - the Ministry of Defence’s lead cyber organisation - told the LDRS that the NCF would offer Lancashire “an amazing opportunity to bring together civilian industry, defence industry [and] academia…all in one fairly clustered tight space - and to really get the benefits of that”.

“The most obvious [potential is for] some amazingly skilled, valuable jobs,,,[and] to take part in probably one of the most exciting missions you could imagine in the 21st century.

“It's going to [have] a hugely important impact for the local area and a lot of the vision of the ‘cyber corridor’...will be really in play by [the end of the decade] - and I think that's going to be hugely exciting for the region,” Lt Gen Copinger-Symes added.

Andy Walker, chief executive of the Lancashire Enterprise Partnership, acknowledged that it was “ironic” that in spite of cyber work being, by definition, a digital endeavour, the “physical proximity [of the NCF being located in the county] does feel as though it's important” in bringing benefits to Lancashire.

“We're seeing…companies who might potentially work with National Cyber Force come forward proactively and [ask]: ’Whereabouts in Lancashire could we locate, where can we access skills, what type of facilities are available, how can we hook up with your local universities? So this feels like a real unprecedented opportunity for us,” Andy explained.

However, he stressed that with opportunity comes a challenge to which Lancashire will have to rise through the new partnership’s members, which include Lancashire County Council, the Lancashire Enterprise Partnership, UCLan, Lancaster University, BAE Systems and the NCF.

“Just with the NCF itself, you need transport and communications to be right, you need places to house the staff that will be working there. But you also need those links with academia and with the skills base of Lancashire to make these things work.

“[The partnership] isn't purely a talking shop. These organisations are genuinely putting their hand in their pocket and investing in these things, because it's good for their institutions and it's good for the region as a whole.”

LANCASHIRE NEEDS YOU - WHOEVER YOU MAY BE

Kerry Harrison, schools and colleges lead for the Lancashire Digital Skills Partnership, says that there is a need to “demystify” both the type of jobs cyber can entail and also the routes to obtaining them - in order to attract the best young people and make sure that nobody feels locked out of a career that could be perfect for them.

“We talk about cyber in a homogenous sense…like cyber is just one thing. Actually, it's multiple roles with multiple disciplines - some of which needs digital and tech skills, some of which needs linguistic skills, some of which needs behavioural psychologist skills.

“You need people [who] understand cultures and behaviours to inform how they react to situations. You also have the social engineers who look at the information that's on the internet - and the amount of stuff that people put out there - and how that can be used to understand a situation.

“None of those are necessarily the people with the high IT backgrounds that we often associate with the people behind the word ‘cyber’,” Kerry added.

She also stressed that particular qualifications were not a prerequisite.

“GCSE computer science…would be a great starting point, but just because you haven't done it doesn't mean that you can't then do anything else post-16 or post-18 to access a career in cyber.

“Similarly, as an adult, it doesn't mean that you can't do it then either - you could…access a skills bootcamp or [do] a degree or other qualification and [make a] career change.

“It can be really exciting for young people to actually see what's out there for them and…[the fact] that it can match their different preferences….their particular strengths - and that there's something for just about everyone."

Her comments were echoed by Dr. Rebecca Robinson, Lancaster University’s Research and Enterprise Business Support Manager, who said that diversity was key to a successful cyber workforce.

“If we think about any kind of problem solving, if we all approach it from the same perspective…with that same mindset, we're only going to come up with one solution. Now that might be the best solution for a particular challenge or for a particular type of person and the way that they interact with their world.

“But, actually, that doesn't make it the right solution for everybody - and it also doesn't necessarily allow us to be coming up with the most creative solutions.

“If we think about cybersecurity, the biggest risk factor is the human - it's the person in that mix. Over 90 percent of breaches are as a result of human error. So we need to understand people [and] psychology is really important,” Dr. Robinson added.

She said that there was a tendency to presume that cyber was “a male role”, even though there was “no good reason for that”. As well as wanting to ensure that women and girls see a place for themselves in the cyber world, Dr. Robinson said it was also important to encourage and inspire neuro-diverse people.

“They might have hyper-focus - [and] that can be such as talent…to be able to focus on something so in-depth.”

‘WE HAVE TO KEEP BEING THE GOOD GUYS’

The NCF can use a range of means to protect the UK - including by undermining the confidence of the country’s adversaries in their own data - and even in each other.

According to a paper published earlier this year, “Responsible Cyber Power in Practice”, operations may be mounted against “hostile actors” which could, amongst other things, “sow distrust in groups such as criminal gangs or terrorist cells”.

However, the document stresses the need to operate in accordance with the UK’s “values” and international law - as well as having “due regard” to voluntary norms like those endorsed by the UN General Assembly.

Lt Gen Tom Copinger-Symes told the LDRS that those parameters meant that the country had to be even more nimble in its response to threats, because “a lot of our adversaries aren't concerned by those ethics”.

“Some people might suggest they have a sort of head start on us [as a result] - so we need to be doubly quick to be able to counter them, whilst they may have fewer ethical concerns than we do.

“In overall governance terms, the National Cyber Force reports up through both the foreign secretary and the defence secretary - and then it's subject to a range of oversight through Parliament to make sure that ethical basis is kept in check and that we are living up to those responsible aspirations.

“We have to make sure, frankly, that we stay being the good guys,” Lt Gen Copinger-Symes warned.

Asked whether it would be difficult for those working in the NCF environment to switch off from the ‘mind games’ their jobs might involve, he acknowledged the intensity of the work that the organisation does.

“One of the features of cyber is it's always ‘on’ - we're in absolute constant competition. As we would say in the army, we're in constant contact with the enemy.

“Therefore, we do need to think really carefully about how to give people rest and make sure - because this is a marathon, not a sprint -... [that] they're ready for tomorrow.”

The responsible cyber power report notes that an “inevitable consequence” of the digital revolution is that cyberspace has become an “environment where global security issues are increasingly played out”.

“In today’s digital age, the UK’s ability to operate securely and effectively in cyberspace has become necessary to delivering our national goals. At the same time, the UK’s adversaries, including both state threats and non-state actors, are increasingly using cyberspace and digital technology to do us and others harm.

“The Government believes the UK cannot leave cyberspace an uncontested space where adversaries operate with impunity,” the document adds.

‘THIS ISN’T ABOUT GEEKS IN THEIR BEDROOMS’

A leading Lancashire academic who was working in the worlds of virtual reality and artificial intelligence (AI) long before most people had heard of either says that the latest technological developments are about complementing the role of humans - not replacing it.

Professor Rob Aspin, Head of Computing and Professor of Extended Reality at the University of Central Lancashire, says that AI allows people to focus on what they do best - and particularly those areas in which robots are found wanting.

“Our AI platforms are very good at responding to what they've been trained to look for - [but] very bad at spotting emerging trends.

“We train an AI platform on a…set of data. Once it's trained to a level of accuracy [and] precision that we want it to be…we then use it again and again on the same problem.

“[However], developing systems that can respond particularly to the creativity and randomness of our own brains and our activities - and the inspirational thought that people have - is very hard.

“So actually having people in the loop…and giving them information in a form that's very accessible - [which] they don't have to put a huge amount of cognition [into] understanding, so they can spend more time thinking about what they're seeing - is a huge advantage. It means we can respond faster.

“What AI will do is give us our best possible day every day, responding to us…assisting us in the data [and] helping us with the analysis. But it's still essential that we're there to do the cognitive and creative thought that's required to create that integration or connection of ideas together [which]enables us to investigate, to analyse, to draw new hypotheses [and] to develop new theories,” explained Rob, who has three decades of experience in his specialist field

He added that there was a need to “actually be able to explain what our AI platforms are doing” in order to ensure that “a safe and ethical environment” was maintained.

Rob also encourages people to gain a grasp of cybersecurity in their own lives and jobs.

“When we have some knowledge of what's going on [and] what the risks are, we can make sensible choices for ourselves. If we look at our younger generation...they're very understanding of how technology works, the interconnectedness of things, the need to be aware of the risks and how to manage their own personal identity and privacy within those systems.

“We're no longer in the land of geeks in the bedroom. Everybody has some digital device, some access [to] or manipulation of computers - and everyone needs to be aware of [cybersecurity].

“I think the problem is when we devolve it to a higher power…we're mystifying it, it becomes something to be worried about [and] something to be scared of. By taking control of it [and] by understanding [it, we are] empowering people.”