GCHQ director Jeremy Fleming used his first public speech in office to disclose that the agency conducted a significant cyber operation against ISIS.
Speaking at the Cyber UK conference in Manchester, Fleming described the operation’s effects as far-reaching. He said that in 2017 there were periods when ISIS (also known as Daesh) found it almost impossible to spread its propaganda online, use its usual channels for messaging, or depend on its publications.
In addition to disrupting the group’s ability to disseminate extremist content, GCHQ’s campaign reportedly degraded networks and destroyed equipment used by the organisation. This disclosure represents the first time the UK has publicly acknowledged carrying out a cyber attack against an adversary as part of a wider military campaign.
Fleming used the announcement to underline the importance of maintaining both defensive and offensive cyber capabilities. He argued that intelligence agencies must be able to take active measures when required, rather than rely solely on passive protection.
He also addressed concerns about state-sponsored cyber activity, criticizing Russia for persistent efforts to compromise and destabilise Western systems and democratic processes. Fleming described such behaviour as unacceptable and pointed to high-profile incidents to illustrate the threat.
Referencing the Salisbury poisoning of Sergei and Yulia Skripal—an episode widely attributed to Russian operatives—Fleming suggested the case demonstrates the lengths to which Russia may go. He added that the UK and its international partners responded robustly, signalling that illegal acts carry consequences.
“The robust response from the UK and from the international community shows the Kremlin that illegal acts have consequences. And it looks like our expertise on Russia will be in increasing demand,” he said.
Fleming’s remarks coincided with the opening of GCHQ’s new headquarters in Manchester, an event that highlights the organisation’s expanding role in national cyber security and intelligence operations.
The public confirmation of an offensive operation against ISIS prompts debate about transparency, legal oversight, and the balance between security and civil freedoms. Supporters argue that active measures are sometimes necessary to prevent violence, disrupt extremist networks, and protect potential victims. Critics stress the need for clear legal frameworks, accountability, and careful assessment of collateral effects on civilians and infrastructure.
Operationally, cyber campaigns against violent extremist organisations typically aim to limit communication channels, degrade command-and-control systems, and hinder fundraising or recruitment efforts. Such actions can involve taking down websites, disrupting social media accounts, interfering with messaging platforms, and targeting the digital infrastructure that supports propaganda distribution. When conducted alongside traditional law enforcement and military measures, cyber operations can form part of a broader strategy to reduce an organisation’s operational reach.
At the same time, experts caution that purely technical measures cannot eliminate the underlying drivers of radicalisation. Effective long-term strategies generally combine disruption with counter-radicalisation efforts, community engagement, and programmes to counter extremist narratives. Transparency about objectives, legal authority, and proportionality helps build public trust when states choose to disclose offensive cyber activity.
Fleming’s disclosure also reinforces the growing emphasis on cyber resilience. Nations and organisations are investing in defensive capability to harden networks, protect critical infrastructure, and improve incident response. Intelligence services argue that offensive options complement these defensive investments by neutralising threats before they can cause harm.
The revelation that GCHQ took direct action against ISIS in cyberspace signals a shift in how governments communicate about cyber operations. Public acknowledgement can serve multiple purposes: deterring adversaries, reassuring allies and the public, and framing the legal and ethical context for state behaviour in cyberspace. The UK’s decision to make this operation public reflects an interest in demonstrating both capability and resolve.
As cyber threats evolve, policymakers and the public will continue to debate how best to balance transparency, legal oversight and operational secrecy. The announcement underscores that cyber security is now a central element of national defence, requiring coordinated action across intelligence agencies, law enforcement, private sector partners, and international allies.
What are your thoughts on GCHQ’s decision to reveal this cyber offensive? Share your perspective in the comments.