Report by Emily Claessen
Defence and Security Forum
Speakers: Lieut. General Tom Copinger-Symes CBE, Major Jack Sharpe, Fergus Hay, Lady Olga Maitland.
12th of November 2024
Why do we win battles but lose wars?
The modern age of warfare has revealed a critical disconnect: tactical victories on the battlefield are no longer sufficient to ensure long-term strategic success. This gap stems from an outdated approach to intelligence and information – one that has not fully adapted to the realities of an interconnected, digital world. While military forces achieve decisive wins on the ground, the broader dimensions of warfare – including information, infrastructure, and societal resilience – are often overlooked.
Cyberspace has fundamentally transformed modern conflict. No longer confined to land, sea, and air, the battlefield now extends into the digital realm, where nations compete for power in unseen but consequential ways. Cybersecurity, once considered a purely defensive measure, has become a crucial elementof offensive strategy.
Information warfare has now evolved beyond traditional espionage and signal interception, expanding into complex cyber operations that can influence the outcomes of entire conflicts. A military’s ability to project power now hinges on its digital capabilities, making cybersecurity as essential to modern warfare as tanks and aircraft. Strategic success now depends on how well nations can adapt to and operate within this rapidly evolving domain.
Digital vulnerabilities
The reliance on digital infrastructure has created an entirely new set of vulnerabilities. In the past, enemy attacks targeted physical domains – missiles, bombs, and troops. Today, the digital realm is a front-line battleground, with hostile actors exploiting gaps in critical systems. These attacks are no longer limited to disrupting military operations but extend to sabotaging essential civilian infrastructure like energy grids, water systems, and communication networks. This makes it harder than ever to distinguish between military and civilian spaces, with devastating consequences for society as a whole.
These risks are not theoretical. The very tools that militaries rely on – satellite systems, networks, and digital platforms – are the same ones vulnerable to hacking and manipulation. In this sense, the question is no longer whether cyberattacks will occur, but when, and whether nations will be prepared to respond effectively. Early-stage preparedness has become essential, requiring military forces to focus not only on “day one” of a conflict but on building resilience long before any confrontation begins.
The power of information in warfare
Controlling information has always been a decisive factor in war, from the strategic interception of the Zimmerman Telegram in World War I to the codebreaking at Bletchley Park in World War II. While the tools of information warfare have changed, the principle remains the same: whoever controls the narrative and access to information holds the upper hand. Today, this shiftis intensified by the digital age, where open-source intelligence (OSINT) and real-time data collection have revolutionised the intelligence community.
At the same time, cyber strategies are evolving beyond traditional espionage. Nations like China are embedding themselves in critical infrastructures – such as energy plants and water systems – not just to gather intelligence but to prepare for future sabotage. These actions create vulnerabilities that can be exploited long before physical military action occurs, fundamentally reshaping how conflicts unfold.
The talent crisis
As cyber threats escalate, the demand for cybersecurity professionals has surged. Yet the industry faces a severe labour shortage, with 4.5 million unfilled jobs globally – a number projected to rise to 12 million by 2027. This gap presents both a challenge and an opportunity, particularly for Gen Z, who now make up a significant portion of the global workforce. With their digital fluency and interest in technology, they are uniquely positioned to excel in this field, but proper guidance and opportunities are crucial.
Countries like the UK and the Netherlands have already established strong cybersecurity talent pools, but the global demand far outpaces supply. Engaging young people in meaningful, legitimate career paths in cybersecurity could be transformative. This generation’s skills in gaming, artificial intelligence, and cognitive strategies align closely with the demands of cyber defence. Esports, for example, have been recognised as a training ground for the fine motor skills and strategic thinking needed to counter advanced cyber threats. The challenge lies in channelling their talents away from cybercrime and toward protecting critical systems, data, and privacy.
The rise of young cybercriminals
While nation-states and organised gangs often make the news, a concerning newtrend has developed: the rise of teenage hackers. Research from the Tufin Policy shows that 80% of US teenagers have hacked someone by age 16, compared to 44% of British teenagers.
These young hackers often start innocently through gaming communities, only to be groomed into hacking squads where they earn staggering sums – sometimes as much as £50,000 per month by age 15. The cases of Gary McKinnon, Kane Gamble, and Junaid Hussain highlight how easily youth can be drawn into cybercrime, sometimes even serving as pawns for larger criminal networks.
The evolution of cyber threats
Cyber warfare has become a daily reality, affecting individuals, businesses, and governments. The digital economy, now the third-largest in the world, has made every nation a potential target. For instance, the UK faces thousands of cyberattacks annually, many linked to Russian-backed entities targeting its critical infrastructure. The financial toll of cybercrime is staggering, with global losses projected to reach $23.8 trillion annually by 2027. To put that in perspective, it’s the equivalent of the entire GDP of the United States in 2021, or twice the global cost of COVID-19 according to the IMF.
These attacks go beyond simple disruption; they undermine trust and destabilise economies and societal cohesion. Nations like Russia and China have perfected strategies that manipulate the cognitive domain, using social media and digital tools to shape public opinion, influence decision-making, and sow discord. This battle for hearts and minds is as much a part of modern warfare as traditional warfare.
Attacks on civilian infrastructure
Civilian infrastructure has never been so vulnerable. A strong example is the attack on the Viasat satellite communications network, which crippled Ukraine’s ability to coordinate its defence during a critical moment. Similarly, in Kyiv, a cyberattack on the Kyivstar mobile network left 24 million people unable to communicate, effectively silencing a nation.
Despite these challenges, Ukraine has shown remarkable resilience. With Western support, the country has become a cyber fortress, constantly adapting to fend off relentless attacks. The lesson here is clear: nations must prioritise robust digital defences to protect not only military operations but also civilian life.
Europe’s approach
Europe’s reliance on external powers has exposed its vulnerabilities in the face of modern threats. For example, Deutsche Telekom faces over 500,000 daily cyberattacks, yet German defence resources are alarmingly scarce. From 19,000 tanks in 1994, Germany now has fewer than 3,000.
Furthermore, in 2022, it spent just 1.4% of GDP on defence, well below NATO’s recommended 2%, with 60% of that funding allocated to salaries and pensions rather than equipment. Compounding the issue, Europe’s inability to develop independent satellite constellations highlights its dependence, as Europe has outsourced critical space infrastructure to private companies like Amazon. To secure its future, Europe must prioritise defence spending, invest in critical infrastructure, and reduce reliance on external powers.
The UK, on the other hand, plans to raise defence spending to 2.5% of GDP, yet it needs closer to 3.6% to meet NATO obligations. Beyond European security, the UK must address emerging threats, such as Russia’s influence in Africa and Asia.
Trust, resilience, and adaptability
Trust is a key element of society, but it often leads to complacency. People rarely switch banks or service providers, even when risks are evident. To remain resilient, we must think beyond rigid defences and embrace adaptability. Like bamboo that bends in the wind and springs back, resilience lies in creating systems that can recover and rebuild after attacks. The real challenge is not avoiding cyberattacks but responding effectively and communicating recovery efforts to maintain public trust.
Ransomware dilemma
Ransomware attacks exploit human vulnerabilities through social engineering. High-profile breaches, such as the Ticketmaster hack, which exposed 550 million records, illustrate the scale of the problem. Over five years, 22 billion records have been compromised, flooding the dark web with personal data. Current responses – paying ransoms or relying on insurance – are unsustainable. Insurance companies are increasingly unwilling to cover ransomware claims. To break the cycle, organisations must focus on prevention, strong backups, and public-private partnerships to address this growing threat.
Cybersecurity starts at home
Just as homes now commonly feature alarm systems, individuals may soon have their own personal cyber defence systems. This move would reduce reliance on large companies and push individuals to take control of their own cybersecurity. The ability to protect data from increasingly sophisticated attacks will become a part of everyday life, with encryption technologies at the forefront.
In Estonia, the government has successfully implemented a national digital identity system, allowing citizens to access a wide range of services online. This has had significant economic benefits for the country. Unlike the UK, where there is a reluctance to fully embrace digital identity, Estonia has integrated it seamlessly into daily life.
Preparing for tomorrow
As warfare evolves, so must our strategies. Cybersecurity is no longer just a technical challenge – it’s a societal imperative. To address these threats, nations must invest in talent, technology, and education, preparing not just for the conflicts of today but for the rapidly changing realities of tomorrow. Winning battles is no longer enough; long-term resilience and adaptability are the keys to winning wars.
Building resilient digital systems is essential for surviving and recovering from cyberattacks. Initiatives like the EU’s Digital Operational Resilience Act (DORA) set a precedent for mandating strong cybersecurity frameworks, starting with financial services and expanding to critical infrastructure sectors like energy and telecommunications.
On a global scale, we need international norms for cyber warfare, just like the Geneva Conventions for traditional conflict. Without these rules, cyberattacks could spiral out of control with devastating consequences. Citizens also play a role by practicing good digital hygiene and advocating for stronger security measures. Cybersecurity professionals must bridge the gap between technical expertise and business priorities, ensuring cyber resilience becomes a universal standard.
Warfare now begins at home, targeting us morally, physically, and literally. The greatest threat comes not from children experimenting with hacking, but from external forces seeking to exploit vulnerabilities and undermine our strength. To counter this, we must build resilient societies capable of withstanding and recovering from these attacks.