The world is in an escalating cyber war: If governments don’t act, civilians will be caught in the crossfire
Amid the ballistic missiles, robot dogs and autonomous drones of various sizes unveiled at the biggest ever Chinese military parade this month was something that hadn’t been seen before.
Listen to this article
Beijing for the first time unveiled its cyberspace unit, charged with the superpower’s cybersecurity and cyberwar measures.
The show of force follows bombshell revelations from GCHQ that Chinese state-sponsored hackers have targeted 80 countries since 2021, including the UK’s critical infrastructure.
The group is also responsible for compromising US telecoms networks, taking up one million call records and targeting 100 Americans, including President Trump, JD Vance and Kamala Harris.
This isn’t the first time entities linked to China have carried out cyber-espionage on UK entities. GCHQ has previously revealed details of similar attacks on the Electoral Commission between 2021 and 2022 - a surveillance operation on MPs and the takeover of 8,500 devices in the UK for espionage purposes.
All signs point to the fact that attacks and operations of this nature will only intensify as hybrid warfare becomes the norm.
Operations come in two main forms: Cyberattacks, where a hacker attempts to damage or destroy a system, and cyber-espionage where the intruder illegally accesses a system to spy on its users or gather confidential information. In both cases the prevalence of these actions is already outstripping our ability to respond.
According to the National Cyber Security Centre, the number of nationally significant cyberattacks targeting the UK has doubled this year. The Defence Secretary admitted earlier this year that the country is under ‘daily attack’.
And there is now a growing awareness of the indiscriminate nature of modern cyberwarfare, both when it comes to espionage - like the scraping of personal and confidential data - and more disruptive actions targeted at critical infrastructure. It cannot be taken as a given that hostile states will colour within the lines and not target civilians.
As well as protecting government, defence and intelligence bodies and investing in retaliatory capabilities, the ability to defend the UK population must be made a priority.
We can get a sense of how damaging these operations can be by looking at the mostly non-state-sponsored cyberattacks that are becoming a fact of life in the UK.
This year has seen a series of cyberattacks and data theft operations by non-governmental actors that paint a bleak picture of the UK’s vulnerability. In April, supermarket chain M&S was hit, leading to the closure of its online store for seven weeks. Later that month another chain, Co-op was also attacked and had to shut down segments of its IT system. At the start of May, Harrods also revealed it had been targeted.
Then at the end of the month came reporting that highly-confidential patient data may have been stolen from NHS trusts through the exploitation of existing vulnerabilities in the system.
Next, in July Google warned that Scattered Spider, the same hacker collective who had targeted supermarkets, was now targeting transport and aviation. It follows multiple attacks by pro-Kremlin groups between 2023 and 2024 targeting the websites of London City, Birmingham and Manchester airports.
Most recently, Jaguar Land Rover was forced to shut down its IT system after it detected a cyberattack in progress, disrupting its two main plants at a time that is traditionally busy for the manufacturer.
These events are devastating for business stability and confidence. M&S estimates that the attack on its systems cost it £300m and the non-profit Cyber Monitoring Centre puts the total cost of the attacks on retail at £440m.
But they also have more tragic consequences. A Russia-based cyberattack on an NHS provider that disrupted more than 10,000 appointments, was confirmed by a trust to have caused the death of a patient who faced an unacceptable wait for a blood test result.
Obviously the route to this person’s death is harder to attribute than, say, dropping a bomb, but the implications of a death linked directly to a cyberattack carried out by a hostile group are sobering.
Although many of the examples above were the result of non-state-sponsored hackers (despite the often blurred line between a pro-Kremlin hacker and a hacker working on behalf of the Russian state), they give a clear indication of what’s possible and the damage that can be done. And there are examples of similar attacks carried out at the state level that prove such actions are part of their arsenal.
According to the National Cyber Security Centre, just before and since the start of Russia’s full-scale invasion of Ukraine in 2022, the Kremlin has been using disruptive cyberattacks as part of its war effort. It targeted commercial communications company Viasat and although the primary target was the Ukrainian military, the effects were felt by personal and commercial internet users outside of Ukraine, including wind farms in central Europe.
Even when not directly targeted, civilians can feel the effects of these kinds of attacks.
The UK is thankfully moving in the right direction. The strategic defence review included £1 billion for tackling cyber threats. While announcing the new Cyber and Electromagnetic Command, the Defence Secretary called it ‘the nerve centre of the UK that helps defend against these attacks’, adding that ‘the keyboard has become a weapon of war’.
But there now needs to be more of a focus on business and civilian infrastructure. The government and the NCSC provides educational guidance for businesses, but in line with the acknowledgement that cybersecurity is sometimes only as strong as its weakest link (such as was the case with the hack of the NHS provider), a much broader education campaign needs to be implemented to give everyone in the country an understanding of how to identify and prevent cyberattacks.
Furthermore, while the government already has mechanisms to track and identify vulnerabilities, like the NCSC’s Early Warning System (which is free and open to any UK organisation and alerts users to suspicious activity and exposed services) many SMEs still lack the capacity to act on these alerts.
The real gap isn’t in knowing where vulnerabilities are but in what to do next. Without accessible guidance, hands-on support and incentives to fix issues quickly, too many businesses remain exposed even after warnings are given. What’s needed is a nationally coordinated, assisted programme that ensures schools, councils, charities and supply-chain partners can actually close the gaps before adversaries exploit them.
Finally, from an economic perspective, further government investment in civilian cybersecurity and tax incentives especially for smaller businesses to help them manage the costs of protecting themselves would go a long way to filling the gaps in the net.
Massive economic losses, supply-chain and travel disruption, the theft and weaponisation of confidential personal data and even death. All potential consequences of the state-sponsored cyberattacks that we are threatened with daily. They are the costs of inaction if the government doesn’t act to cast a wider shield across the country's businesses and citizenry.
Without urgent action, the next casualty of cyberwarfare may not be a network or a business, but the people these systems are meant to protect.
Shaun Cooney is the Chief Product and Technology Officer of cybersecurity firm Promon. Shaun was also instrumental in setting up GCHQ’s National Cyber Security Centre.
LBC Opinion provides a platform for diverse opinions on current affairs and matters of public interest.
The views expressed are those of the authors and do not necessarily reflect the official LBC position.
To contact us email opinion@lbc.co.uk