The government is right: War is being fought by keyboard warriors - but we have to be able to defend as well as attack

30 May 2025, 07:42

By Shaun Cooney

On Monday, the government will use its Strategic Defence Review to fully announce £1billion in funding for cyberwarfare and tackling cyber-threats.

The new Cyber and Electromagnetic Command will be ‘the nerve centre of the UK that helps defend against these attacks’, the Defence Secretary John Healey said, adding that ‘the keyboard has become a weapon of war’

This acknowledgement is enormously encouraging. It’s time for governments globally to get real about where the future wars will be fought: with increasing signs that ‘no man’s land’ will be in cyberspace.

Therefore, a move that consolidates existing defensive and offensive capabilities to make responses more joined-up and efficient is a smart one.

Crucially, it acknowledges that there needs to be as much focus on attack as there is on defence, in the same way that physical warfare relies on attacking as well as protecting our borders.

However, as events in recent weeks have shown, despite massive amounts of time and money being invested in cybersecurity, the country has major vulnerabilities that need to be tackled alongside this strategy.

The Strategic Defence Review follows weeks of high-profile cyber-attacks that have targeted both the public and private sector.

First, there were the attacks on M&S and Co-op which left data compromised and shelves bare. Then the data of hundreds of thousands of Legal Aid applicants was accessed and downloaded as part of a cyberattack, including criminal records and financial data.

And just this week it was revealed that data from multiple NHS trusts, including patient data, was accessed maliciously.

But even before these highly publicised attacks, the UK was already facing daily attacks both from state actors and malicious hackers acting alone.

Richard Horne, CEO of the NCSC, warned in the wake of attacks on supermarkets that the number of nationally significant cyberattacks targeting the UK has doubled in the past six months.

In the last two years, the MoD alone has been subjected to 90,000 cyber attacks – double the number in 2023 – from hostile states including Russia and China.

Despite the UK investing a massive amount of time and money into cybersecurity, It is clear that it is still struggling to keep up with the pace of the cyberwar and the ceaselessness of attacks.

However, the issue is not just the scale of these attacks, it's also about the technology they’re targeting.

A recent report from the House of Commons Public Accounts Committee (PAC) claimed that outdated government computer systems have been roundly outpaced by hackers and delivered a staggering statistic: More than a quarter of all public sector IT systems are vulnerable.

The National Audit Office also recently suggested that for AI to be utilised in Whitehall, aging computer systems will need to be replaced.

We’re also facing a major shortage of expertise. Former US Secretary of Defence Donald Rumsfeld once warned of ‘unknown unknowns’; things you don’t even know you don’t know.

The same PAC report that warned about outdated tech also warned that a lack of cybersecurity experts and people trained in the area means that the government doesn’t even fully understand how vulnerable its IT systems actually are.

Beyond that, even if government systems and the public sector were made airtight, that doesn’t account for the private sector. Private companies aren’t going to war, obviously, but they are being attacked.

A holistic government approach needs to take that into account and incentivise the private sector to invest in more robust cybersecurity defences and training.

In announcing the new Cyber and Electromagnetic Command ahead of the Strategic Defence Review, the Defence Secretary admitted that the UK is ‘under daily attack’ and that the UK needs to step up.

These new announcements are a majorly positive step towards that stepping up, streamlining the country’s approach to combating and defending against threats from hostile nations.

However, if lingering holes in the country’s defensive shield, like aging IT systems and a vulnerable private sector, aren’t patched up then we remain open to attack.

Imagine a world-class boxer who specialises in knockouts. They have incredibly fast hands, devastating punches, and can deliver a flurry of blows that can put any opponent down.

They've spent years perfecting their jabs, hooks, and uppercuts, and their offensive technique is virtually unmatched. However, this boxer has a glass jaw and struggles with blocking or dodging punches.

While they can dish out immense damage, a single well-placed counter-punch from an opponent could end the fight for them just as quickly.

They can win big, but they can also lose big, very fast.

Instrumental in setting up GCHQ’s National Cyber Security Centre, Shaun Cooney now serves as the Chief Technology Officer of cybersecurity firm Promon

LBC Opinion provides a platform for diverse opinions on current affairs and matters of public interest.

The views expressed are those of the authors and do not necessarily reflect the official LBC position.

To contact us email opinion@lbc.co.uk