Western nations including the U.S. and its allies are in an “arms race” against countries, organizations and individuals who could wield cyber capabilities to wreak havoc on critical infrastructure, a former top U.K. cybersecurity official has warned.
“The threat is always escalating,” Robert Hannigan, the former chief of the U.K.’s GCHQ cybersecurity and intelligence service, told Newsweek. “It’s an arms race, but it’s not one we are losing.”
NATO describes cyber threats to its members as “complex, destructive and coercive,” and increasingly common. Cyber attacks are sometimes referred to when talking about types of hybrid assaults, or tactics which aren’t open warfare but are designed to be destabilizing.
They can home in on critical infrastructure, such as energy networks and health care, or involve hacking systems and leaking information. They can also mean pushing disinformation campaigns, assaulting economic networks and disrupting vital communications.
Those mounting cyber attacks — often dubbed “malign actors” — share information and tactics, as well as weaponizing artificial intelligence in what has become an “arms race,” added Chris Inglis, who became the White House’s first National Cyber Director under former President Joe Biden in 2021 and previously served as deputy director of the National Security Agency (NSA).
“We have the means to do something about it,” Inglis told Newsweek. “Now, the question is, whether we will.” Both Hannigan and Inglis were speaking from the Global Cybersecurity Forum in Riyadh, Saudi Arabia.
Multiple European airports were hit with a cyber-attack last month using ransomware, according to the European Union’s cybersecurity agency, ENISA. Ransomware is a type of malicious software that can cut users off from systems, information or a network until a ransom is paid. The attack upended check-in desk operations and boarding information for flights in major airports such as London Heathrow and Brussels.
The U.K.’s National Crime Agency said a man had been arrested by investigators for the cyber-attack, which hit systems provided by Collins Aerospace, a major subsidiary of defense giant RTX.
In the past five years, over 80 percent of the attacks have come through third parties in supply chains, Hannigan said. This could include software providers, or companies offering IT services.
Other major targets in a slew of high-profile incidents have included British automobile manufacturer Jaguar Land Rover, which is still not up and fully running after a cyber-attack shut down its computer systems in four countries. Memorably, a malware attack on Ukraine in 2017, attributed to Russia, spread across Europe in what became known as NotPetya.
Assessments from a litany of intelligence agencies have in recent years said Russian state-linked cyber operatives have targeted Western logistics and technology companies in countries that have supported Ukraine’s war effort.
Attackers are constantly monitoring companies for vulnerabilities or holes in their cyber armor, Hannigan said. But there are “thousands of companies that are defending themselves well that, even if they have an attack, don’t get offline for weeks and months at a time,” which is a source of optimism for those fending off attacks, he said.
The European Union has introduced its Cyber Resilience Act, which obligates manufacturers and retailers to keep tabs on cybersecurity throughout the lifetime of products. The U.K. announced a Cyber Security and Resilience Bill last year, which the government said would make sure the country’s critical infrastructure and digital services are “secure.”
Western critical infrastructure is still “vulnerable,” Inglis said, but added: “The highest leverage form of arms in an arms race is the ability to make yourself a hard target.”
Governments are most concerned about protecting their critical national infrastructure when it comes to cyber attacks, said Gareth Mott, a research fellow in the cyber and tech team at the British defense think tank, the Royal United Services Institute (RUSI). With an arms race, you’d typically broadcast your capability buildup, but it’s more shrouded with cyber, Mott told Newsweek.
Cyber-attacks can come from lone hackers all the way up to national governments and their intelligence services. Russia, China, Iran and North Korea are most commonly named as the main state actors threatening Western nations and their allies in cyberspace. Each country has slightly different goals with their cyber attacks; North Korea, said Hannigan, has traditionally tried to use cyber operations to raise cash and lessen the strain of sanctions.
U.S. intelligence has said Chinese state-sponsored actors, identified as Volt Typhoon, are actively embedding themselves in U.S. IT networks, to launch “disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.” American agencies said in early 2024 Volt Typhoon had “compromised” the country’s critical infrastructure across communications, energy, transport, water and waste in the continental U.S. and its other territories. Canada, Australia and New Zealand could also be affected by state-sponsored Chinese cyber activity, according to multiple intelligence agencies.
Salt Typhoon, another cyber group linked to Beijing, managed to get inside the U.S.’s telecommunications infrastructure, and demonstrated the “growing breadth and depth” of China’s capabilities, the Office of the Director of National Intelligence (DNI) said in March this year. It was the “worst telecom hack in our nation’s history — by far,” Democrat Senator Mark Warner, currently the vice-chair of the Senate intelligence committee, said in November 2024.
“Over the past two years we have learned of a transformation of China’s cyber capabilities into a far more formidable strategic threat,” said one analysis published by RUSI earlier this year.
Cyber warfare “straddles traditional conflict and espionage,” Mott said. In the past, cyber operations were more tailored to stealing national security or social data, but now increasingly make use of espionage to set the scene for destruction, he added.
“There’s a very active war going on in the cyber space,” said Hannigan. “It’s basically a cyber confrontation.”