UK cyber unit will target hostile states: Can defences cope?

UK Defence Minister John Healey has announced a cyber command tasked with coordinating offensive operations against hostile states. This is a bold – some might even say overdue – step up in Britain’s defence posture, backed by £1 billion for AI and a dedicated hacking attack team.

The Ministry of Defence (MoD) has revealed it’s been hammered by 90,000 cyberattacks from state-sponsored sources in the last two years alone—a figure that has doubled since 2023. Healey described the current climate as one of “continual and intensifying” cyber warfare. He also confirmed the UK’s readiness to respond.

So, what’s the plan? Offensive operations will be delivered through a new Cyber and Electromagnetic Command. But it’s not just about going on the attack, this unit will also be the custodian of a £1 billion investment into an upgraded AI-driven ‘kill web’.

The idea behind this ‘kill web’ is to connect disparate military systems to allow for lightning-fast decisions on the battlefield. Healey believes this will set “new standards” in defence, ensuring UK forces are not just “better equipped and better trained, but better connected and also capable of innovating ahead of adversaries.”

Offensive cyber isn’t entirely new territory for the UK. For the last five years, the National Cyber Force – a joint venture between GCHQ and the MoD – has been conducting hacking operations. What’s changing is that this force will now coordinate its offensive cyber capabilities with the new Cyber and Electromagnetic Command, which will also be leading the charge on defensive operations.

While full details of the UK’s offensive cyber toolkit is, understandably, kept under wraps, we only need to look at the actions of other nations – from spying on officials to wrecking industrial machinery – to get a sense of the possibilities. And let’s not forget the usual suspects: hostile states like Russia, China, Iran, and North Korea are all known to have hackers busy with online espionage and ransomware attacks.

But here’s the multi-billion-pound question: With this more assertive, offensive stance, can the UK’s national infrastructure withstand the almost inevitable further escalation in cyberattacks?

Spencer Starkey, Executive VP EMEA at cybersecurity firm SonicWall, told us: “The threat of a large-scale attack on critical infrastructure is no longer hypothetical. The techniques used in recent retail and legal breaches – identity compromise, ransomware, lateral movement – are exactly the kinds of methods that could disrupt healthcare, utilities, or government systems.

“While we haven’t yet seen a ‘black swan’ cyber event at scale in the UK, the trajectory of these attacks suggests that it’s a matter of when, not if, unless we accelerate systemic readiness and resilience across sectors.”

Starkey’s concerns aren’t just plucked out of thin air. Just this month, a report from the Commons public accounts committee fired a serious warning shot: the government’s crumbling computer systems are being left in the dust by cyber criminals. And, crucially, there’s a significant shortage of people with the right cyber skills.

The report didn’t pull any punches, finding that over a quarter of all public sector IT systems are running on vulnerable, old “legacy” technology. That’s a gaping hole between the growing cyber threat and current ability to defend against it. It’s not just government systems feeling the heat either; big high-street names like Marks & Spencer, Harrods, and the Co-op have all been hit by cyberattacks recently.

Adding to this grim chorus, Richard Horne, the chief executive of the National Cyber Security Centre, mentioned at a conference earlier this month that “nationally significant” cyber attacks targeting the UK have actually doubled in the past six months.

The new “kill web” is slated to be up and running by 2027. This system aims to use AI and cutting-edge software to better knit together military hardware across the RAF, British Army, and Royal Navy. Imagine a threat being picked up by a sensor on a ship, or even in space, and then being swiftly neutralised by an F-35 jet, a drone, or indeed, an offensive cyber operation.

This new command isn’t just about digital attacks; it’s also about leveraging expertise in electromagnetic warfare to degrade enemy command and control, jam signals to drones or missiles, and intercept enemy communications. The MoD rather pointedly likened this to how the Ukrainians managed to halt Russian advances by using tech to find the enemy quickly and hit them hard and fast.

Defence Secretary John Healey said: “The hard-fought lessons from Putin’s illegal war in Ukraine leave us under no illusions that future conflicts will be won through forces that are better connected, better equipped, and innovating faster than their adversaries. 

“We will give our Armed Forces the ability to act at speeds never seen before—connecting ships, aircraft, tanks, and operators so they can share vital information instantly and strike further and faster.”

Overseeing this new unit will be General Sir James Hockenhull, who is currently the Commander of UK Strategic Command. His current role already covers operations across all three services, including the existing cyber and space capabilities.

The government’s wider Strategic Defence Review (SDR), which the Labour government announced last year, is expected to set out how these beefed-up cyber defences will strengthen national security and, just as importantly, support economic stability.

Recognising that you can’t fight a digital war without digital soldiers, the MoD also launched the Cyber Direct Entry programme earlier this year. The goal? To fast-track military recruits into specialist roles to combat that ever-growing cyber threat.

“By attracting the best digital talent, and establishing a nerve centre for our cyber capability, we will harness the latest innovations, properly fund Britain’s defences for the modern age, and support the government’s Plan for Change,” explained Healey.

For a while, we’ve heard talk about the importance of cyber, but Healey suggests that practical, integrated action across the RAF, British Army, and Royal Navy has been lacking. “You might have seen the talk, now you’ll see the walk,” he stated.

So, the UK is stepping into the ring, gloves off, in the world of offensive cyber. It could act as a deterrent, but it also raises the stakes. The government’s commitment to arming itself with cyber talent and tech is plain to see. Yet, those stark warnings about the holes in national infrastructure can’t just be swept under the carpet.

Spencer Starkey from SonicWall had some advice on this front: “Cybersecurity arrangements must be agile and constantly updated to keep up with the evolving threat landscape. Threat actors are constantly developing new tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and bypass security controls, and companies must be able to quickly adapt and respond to these threats.

“This requires a proactive and flexible approach to cybersecurity, which includes regular security assessments, threat intelligence, vulnerability management, and incident response planning. It also requires ongoing training and awareness programs to ensure that employees are aware of the latest threats and best practices for cybersecurity.”

As Britain gets ready to “walk the walk” in the cyber domain, making sure its own digital front door is bolted and barred against further cyberattacks is vital. It really does feel like the question has shifted from “if” a major attack will happen, to simply “when.” That makes building resilience and readiness more critical than ever before.

See also: Check Point: AI is boosting cyber threat sophistication

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with other leading events including Digital Transformation Week, IoT Tech Expo, Blockchain Expo, and AI & Big Data Expo.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: cybersecurity, europe, government, hacking, infosec, Security, uk