Cyber warfare is becoming the new home front, warns UK security chief

Britain’s cyber chiefs are warning that the country must stop thinking about digital security as a specialist technical issue and start treating it as part of national defence. At this year’s CYBERUK conference in Glasgow, National Cyber Security Centre chief executive Richard Horne is expected to argue that cyber operations now sit alongside drones and missiles as a core feature of modern conflict, with the online domain increasingly functioning as a new home front.

That shift in language matters because it reflects a broader change in how governments now understand warfare. Cyber attacks are no longer being framed simply as espionage, crime, or nuisance disruption. Instead, they are increasingly seen as tools that can shape public confidence, interfere with infrastructure, pressure political systems and unsettle societies without a single soldier crossing a border. In that sense, the contested digital space between peace and war is becoming one of the defining security realities of the decade.

The NCSC says it is currently handling an average of four nationally significant cyber incidents each week, a figure that suggests both the frequency and seriousness of the threat facing the UK. While the number of major incidents has remained relatively steady, the agency says the source of those attacks has shifted, with hostile state actors now accounting for much of the most serious activity. Horne is expected to single out China, Iran and Russia as key concerns.

What makes the warning especially striking is its timing. Europe is already living through a period in which military conflict, sabotage, information operations and cyber intrusion increasingly overlap. The lessons learned on the battlefields of Ukraine are not staying there. According to the NCSC, Russia in particular has been adapting and exporting cyber tactics honed during its invasion, moving them beyond the battlefield and toward targets across Britain and Europe.

The agency has already pointed publicly to recent Russian-linked activity affecting widely used internet infrastructure. Earlier this month, the NCSC said APT28, a group linked to Russia’s GRU military intelligence service and also known as Fancy Bear, had exploited vulnerable routers to carry out DNS hijacking operations. The purpose of those attacks was to redirect internet traffic and enable adversary-in-the-middle operations that could steal passwords, authentication tokens and other credentials tied to email and web services.

That kind of operation may sound technical, but its implications are straightforward. If hostile actors can quietly manipulate everyday digital pathways, they can gather intelligence, compromise organisations and prepare the ground for more disruptive actions later. The threat is not just to governments or defence contractors. It extends to businesses, public institutions and the ordinary systems modern life depends on. The NCSC’s recent public messaging has increasingly pushed this idea, arguing that cyber resilience is not a specialist concern but a board-level and national priority.

Iran presents a different but equally troubling picture. Horne is expected to highlight how Tehran uses cyberspace not only for espionage but also to support transnational repression, targeting individuals beyond its borders. That warning aligns with recent FBI messaging on the Iran threat, including cases tied to alleged hack-and-leak operations and broader concerns about intimidation, surveillance and pressure directed at critics of the regime.

Those concerns carry added weight in London, where recent violent incidents have intensified scrutiny of possible Iranian-linked activity. Police are examining claims surrounding a string of arson attacks, including a firebombing at the offices of an anti-regime Iranian television station and incidents affecting Jewish sites and the Israeli embassy. Authorities have not publicly confirmed a connection between the attacks, but senior Metropolitan Police figures have said they are looking closely at the claims and have warned that Iranian proxies may be using locally based criminals for hire.

Together, these developments point to a model of conflict that is more blurred, deniable and continuous than the wars many societies are used to imagining. It is not only about dramatic one-off attacks, though those remain possible. It is also about persistent probing, theft, coercion, influence and preparation. Cyber operations allow hostile states to test defences, unsettle institutions and build leverage long before a crisis becomes obvious to the public.

This is why Horne’s framing of cyber security as the home front is more than rhetorical flourish. It suggests that the UK government wants businesses and the public to understand cyber defence in civic as well as technical terms. If the country were drawn into a wider international confrontation, British organisations could be targeted at scale, whether because they are strategically important or simply because they are accessible. The NCSC’s message is that resilience now has to be built before that moment arrives, not after.

That does not mean every cyber incident should be treated as an act of war. But it does mean the old separation between battlefield conflict and domestic security is becoming harder to sustain. The digital systems that run transport, communications, healthcare, energy, finance and media are all part of the terrain. The more dependent countries become on interconnected infrastructure, the more attractive that terrain becomes to adversaries looking for influence without open confrontation.

For audiences outside the cyber world, the temptation is often to see this as invisible, abstract and therefore remote. Yet the NCSC’s intervention suggests the opposite. Cyber conflict is already part of daily national life, even when it remains largely unseen. The challenge for governments is to communicate that reality without causing paralysis. The challenge for companies is to stop viewing cyber preparedness as optional. And the challenge for the public is to recognise that the front line of modern conflict may now run through routers, servers, emails and networks just as surely as it does through airspace or territorial borders.

Photo Credit: DepositPhotos.com