In an era of escalating geopolitical tensions, and an increasing reliance on autonomous technology, safeguarding the UK defence sector from cyber threats has never been more important. The 2025 Strategic Defence Review (SDR) charts the UK’s defence trajectory for the next decade, with cybersecurity as a pivotal focus.
Alongside a £2.2 billion uplift in defence spending, the government has committed £1billion to establish a Cyber and Electromagnetic (CyberEM) Command and develop a ‘Digital Targeting Web’ to enhance battlefield decision support and targeting. This investment underscores a critical reality that cyber is now a significant consideration in contemporary warfighting, requiring offensive and defensive capabilities to combat persistent nation-state level threats.
Threats to UK defence
Defence infrastructure faces a relentless threat of cyberattack. Whilst leveraging advanced technology to increase the MoD’s capability and overall lethality is of course the right thing to do, automating and connecting systems which have traditionally been electromechanical in nature increases the cyber threat further. Unlike commercial sectors, where attacks may disrupt operations or finances, a successful breach on UK Defence assets could lead to a catastrophic loss or life and severely degrade our ability to wage war.
At sea, the Navy’s leveraging of technology and automation as part of its ‘Lean manning’ initiative means that Naval ships can now go to sea with less sailors than ever before, but naval combat and navigation systems must remain secure. It is not difficult to imagine a scenario where hostile actors compromise a warship’s digital controls, disabling radar, disrupting communications, or even hijacking weapon systems (such as Phalanx). The floating fortress could be rendered helpless, leaving maritime forces dangerously exposed.
Even more alarming are the risks to nuclear command and control. A successful cyber intrusion here wouldn’t just mean data theft, it could trigger catastrophic failures in the UK’s most sensitive military assets. Given the stakes, these systems are often air-gapped and heavily restricted, but as with the successful attack on the Iranian Nuclear enrichment programme, airgaps have been found to be vulnerable to sophisticated cyberattack, and as cyber threats evolve, so must their defences.
Satellite communications and intelligence networks are also under increasing threat; From real-time battlefield surveillance to secure communications, any disruption here could blindside military operations. Adversaries know this, and state-sponsored hackers relentlessly probe for weaknesses in these systems.
Whilst there have been massive improvements in the way in which the MoD tackles cyber, several complexities remain. Arguably the greatest challenges for MoD cyber specialists are in finding ways to deliver cyber consistently within a complex governance and ownership model, finding novel ways of continuing to secure legacy infrastructure, and assuring such a vast, distributed, and diverse supply chain.
Reorganising Defensive Cyber
Plans to create a new Cyber Command present Defence with an excellent opportunity to address complex ownership models throughout the CADMID lifecycle. The current model is hugely complex, with military platforms passing through many different owners as they are deployed and used in different contexts. This has the potential to confuse the cyber risk picture and make it difficult for operational commanders to assess the aggregated cyber risk position associated to their military assets and resources.
Whilst there have been efforts to centralise offensive cyber within the National Cyber Force (NCF), and defensive cyber within the Cyber Defence & Risk Directorate (CyDR), there remains a large number of distributed cyber teams working into various Top Level Budgetary areas across defence. Reorganising these under clear cyber mission command across Defence will clearly help unblock some of operational obstacles which cyber teams across Defence face on a daily basis and help ensure that the complex cyber risk facing defence is managed in the best way possible.
The MoD still has a fairly complex Security Operation Center (SOC) model, with many different organic and outsourced SOCs providing monitoring for various different parts of the estate – rationalising these will no doubt help finesse cyber mission command and also present a potential cost-saving opportunity to free up funds for other mission critical projects and initiatives.
Hardening critical defence infrastructure
Every day that legacy infrastructure remains in use, is another day it serves as a backdoor for cyberattacks. As with the broader industry, the widespread adoption of new technology means that the UK defence sector can no longer rely on traditional perimeter-based security and must start adopting a mindset from “if we’re attacked” to “we could be under cyberattack right now”. This demands a fundamental rethink in how we protect our most critical systems, integrate contemporary security best practice and advanced technologies into Defence, and ensure that the basics are done in a streamlined and consistent manner.
This approach must be multi-layered, threat-driven and operationally resilient. At its core lies Zero Trust Architecture, which operates on the assumption that nothing is safe. Every access request, whether from a general or a ground technician, must be rigorously authenticated and continuously validated.
But for the defence sector, with such high stakes, Zero Trust alone isn’t enough. Network segmentation acts as a digital equivalent of compartmentalisation. For example, on warships, if one section is compromised, blast doors contain the damage. By isolating critical systems like naval combat controls or nuclear command networks, we can dramatically reduce an attacker’s ability to move laterally through an infrastructure.
We also must turn into hunters ourselves. Security experts are proactive within the sector and actively hunt threats, emulating adversary tactics to expose vulnerabilities before they’re exploited. Those who study and watch threat actors move through systems are able to learn how and what they are doing and spot anything emerging by anticipating next moves.
If you liked this content…
Whilst it is easy to focus on cutting edge security practices, Defence should not lose sight of the fact that most successful security breaches are caused by the presence of unpatched vulnerabilities[3]. Patching systems across Defence can be challenging given the distributed and complex ownership model, but it is critically important that basic security hygiene — patching, hardening, access control, anti-phishing – is implemented across every system and platform.
Mitigating supply chain risks
The UK’s defence supply chain stretches across continents, weaving together thousands of vendors, from weapons manufacturers to software providers. This global network, while essential for maintaining military readiness, presents a dangerous paradox where every supplier represents a potential entry point for adversaries. A single compromised component, whether in communications hardware or logistics systems, could cascade into catastrophic vulnerabilities across our defence infrastructure.
The MoD faces a formidable challenge in taming this risk. This means moving beyond basic compliance checks and moving towards a model of continuous monitoring. Every vendor relationship must begin with uncompromising expectations baked into procurement contracts, adherence to these should be continuously monitored with clear metrics/KPIs, with clear consequences for failures to meet these requirements.
In addition to this the MoD should also look to build upon its existing SbD framework to implement its own organic hardware and software integrity checks at every stage of the supply chain. Building services and platforms to be “secure-by-design” must become non-negotiable, with built-in verification processes that can detect tampering or vulnerabilities before components enter service. Harnessing entities such as the Defence Cyber Protection Partnership will be key to defining and agreeing updated expectations between the MoD, the NCSC and its strategic suppliers.
Everyone across Defence has a part to play in supporting this, and the third parties within the UK Defence industrial base should be held to account for offering systems with known vulnerabilities. The introduction of SbD will in part help towards this but it is only the beginning and should continue to mature to the point where it is able to continuously monitor and remediated security gaps in systems, platforms and suppliers.
Finally, in an era of increasingly sophisticated state-sponsored threats, the MoD should deepen its collaboration with NATO and allied partners on threat intelligence sharing. Cyber adversaries do not respect national borders, and neither should our defences. By pooling knowledge and resources with trusted allies, we can stay ahead of emerging supply chain threats that no nation can combat alone.
Future-proofing defence cyber strategies
The rapid evolution of AI and quantum computing presents a double-edged sword for UK defence, offering transformative potential while introducing unprecedented vulnerabilities. As these technologies redefine the boundaries of modern warfare, we cannot afford to merely react, we must shape their development to secure our strategic advantage.
First, we should establish dedicated defence innovation labs where cutting-edge AI applications can be rigorously tested in controlled, operationally relevant environments. These facilities would serve as proving grounds for next-generation cyber resilience tools, allowing us to stress-test systems against sophisticated AI-powered threats before they emerge in the wild.
But the MoD cannot tackle this challenge alone. We need to break down traditional barriers between government, academia and industry, creating collaborative frameworks that harness Britain’s world-class research institutions alongside private sector innovation. The US model of rapid technology transfer between universities, tech firms and defence agencies offer a compelling blueprint and one we should adapt with British ingenuity.
Speed is of the essence. While some of our allies demonstrate remarkable agility in transitioning research into operational capabilities, the UK often struggles with integration and bureaucratic inertia. We must streamline procurement processes, empower rapid prototyping and create fast-track funding mechanisms for promising technologies. In the race for cyber superiority, the slow and cautious will find themselves outmaneuvered.
Integration is already a known problem area for defence, but one that can be overcome with reasonable and rational discussion. Promoting an accessible but secure network environment will be increasingly important requirement for the battlefields of the future as military forces continue to supplement their traditional capabilities with advanced technology.
Future-ready cyber defence
The SDR marks a turning point, cybersecurity is no longer just about prevention but active defence, resilience, and safety. As Defence Secretary John Healey MP stated, “Ways of warfare are rapidly changing, with the UK facing daily cyberattacks on this new frontline.”
The UK must remain vigilant, investing not only in technology but in operational mindsets that treat cyber as a warfighting imperative. Senior commanders, MoD civil servants, and executive teams must also play an active role in terms of governance and oversight in planning for an unpredictable future. Saying the phrase “I’m not technical” cannot and must not be acceptable in 21st century contemporary modern warfare.
However, by hardening critical systems, finessing existing governance models, securing supply chains, and embracing next-gen innovations, the defence sector can ensure it remains a step ahead of adversaries in an increasingly contested digital battlefield.