Towards a British Approach to Cyber Campaigning

In a recent parliamentary hearing on national security, Lord Sedwill, the former Cabinet Secretary and head of the UK Civil Service, cautioned that Britain cannot secure itself in cyberspace if it relies solely on resilience measures and argued in favour of ‘an offensive element to deterrence.’ His objective was to shift the government’s investment focus away from primarily resilience-building measures to meet the new defence spending targets set by NATO.

While we agree with that latter objective, we disagree with the proposed legacy approach of deterrence as the basis for British cyber strategy.

As the government releases a new National Cyber Action Plan in the spring, we urge a proactive approach be adopted that aligns with the operational reality of cyberspace. British cyber military and intelligence forces need to be postured on the front-foot, so they can out-think and out-manoeuvre those seeking to harm the United Kingdom. Such capacity should be developed under an operational and strategic framework of cyber campaigning, understood as continuous related cyber operations, which cumulatively and over time advance operational and strategic objectives.

Grappling as Security

A reactive deterrence posture does not align with the realities of cyberspace. These realities reward those who hold the initiative in anticipating exploitation of cyber vulnerabilities. Cyberspace is characterised by global interconnectedness and constant contact with the adversary in a technical environment of fluidity and change.

The analogy of wrestling is instructive. In a wrestling match, opponents are in contact for extended periods of time, grappling constantly to adjust their balance, grip and leverage. A competitor gains advantage by anticipating the opponent and forcing them into awkward positions, limiting their freedom of manoeuvre. Moments of significance happen in clinches that might look almost static. For the less informed spectator, it is often difficult to determine who is winning. For experienced participants, however, they know who has gained the initiative and is leveraging it for advantage. They know who is secure and positioned to win.

Cyber competition is similar. Actors operate in each other’s networks continuously, seeking to exploit vulnerabilities inherent to these environments. Securing one’s own networks through building resilience is, therefore, essential, but also insufficient, as the complexity of systems ensures a steady supply of unauthorised vectors of access opportunity. Somewhere, someone is seeking to exploit new and old vulnerabilities across the computer networks of the UK. Their efforts are persistent; so, our efforts must be as well.

The effective approach to this operational reality is a front-foot posture of constant cyber campaigning, seeking to widen the UK’s own freedom of manoeuvre through anticipation while narrowing the adversary’s, for example by creating dilemmas that force the adversary to divert resources, reveal information or accept other operational constraints. This front-foot posture foresees an outcome where an adversary is constantly reacting to your continuous operations, as opposed to you reacting to the adversary’s. Achieving such a state is indicative of advantage, which needs to be sustained. Security therefore flows from continuous activity, rather than the absence of it (as is the case in a deterrence framework).

This security advantage is a two-sided coin – campaigning must limit the capacity of having your own systems exploited through anticipatory resilience (resilience informed by what the most capable actors are capable of) and removing those vulnerabilities proactively before they are exploited. And, on the other side, exploiting adversaries’ vulnerabilities to put them on their back-foot.

In practice, you can create unfavourable conditions for your adversary by intentionally manipulating their operational and organisational environment to impede its normal functioning. We call this mechanism operational friction. It includes the technical and organisational complication of an adversary’s environment, for example, interfering with IT infrastructure and standard operating procedures, and a psychological dimension, which seeks to impact the perceptions of people within an organisation to create distrust, frustration, anger, fear and shame towards the technology the seek to use (which is now failing them) and the people with whom they need to operate (who are now appearing unreliable or incompetent). The National Cyber Force has called this layer the Doctrine of Cognitive Effect. It is a distinctive British capability that should be advanced in the refreshed National Cyber Action Plan.

While we lack examples of avowed National Cyber Force operations, a illustrative case of the application of friction was the National Crime Agency’s Operation Cronos. Law enforcement combined cyber campaign methods of technical and organisational disruption with a strong focus on eroding trust relationships within the LockBit group and undermining the LockBit brand. As a result, LockBit was unable to rebuild its credibility and legitimacy and never recovered effectively.

Sustainable Cyber Campaigning

Continuous cyber campaigning appears daunting, but it is less daunting than losing national economic power through IP theft, losing military overmatch and losing faith in political institutions – all of which will arise from not securing cyberspace. Getting on the front-foot costs less than reacting from the back-foot and picking yourself up off the mat. Friction from cyber campaigns can be sustained when it is targeted at an adversary’s pressure points – those dependencies where relatively small interventions can generate disproportionate effects.

In the Cronos example, the NCA chose to capitalise upon the already existing animosity within the cybercriminal community towards Dmitry Khoroshev, LockBit’s leader. His unmasking was met with visible schadenfreude and affiliates and peers distancing themselves in a largely organic manner, without the need for law enforcement to control the narrative and expend further resources.

Cyber means are good at such cumulative and compounding effects. For Britain as a middle power, determining which pressure points to prioritise is important in order to optimise cyber resource allocation. Doing so will enable it to move from a single campaign to a state of continuous campaign-ing, which counter-intuitively enables resource efficiencies.

A British approach to campaigning can thus treat it as a method for concentrating effort and unifying objectives across government agencies, rather than expanding coverage. It can be persistently purposeful against a relatively small number of targets that are deemed of highest significance to UK national security. Campaigning maximises limited cyber resource allocation through efficiencies gained through cyber activity – access begets access, for example. The alternative of ceding initiative to the other side and being placed on the back-foot is more costly in terms of economic losses, time to recover, and ‘fits and starts’ operational inefficiency. Small cyber forces can asymmetrically remain resilient even in the face of relentless attacks from larger powers if they adopt a campaigning approach – just observe Ukraine’s cyber campaigning for the last 12 years (from Crimea through the war).

Appreciating the importance of the psychological layer of operational friction aids the prioritisation exercise. British evolving expertise in cyber campaigning with a layer of cognitive effect can amplify pressure points into chokepoints. More thinking and effort need to be put into developing explicit prioritisation metrics for efficient cyber resource allocation, but one could start with a simplified three step framework: First, what UK security priorities would be advanced the most through complicating the operational environment of adversaries through friction. Second, what pressure points can be amplified through campaigning. Third, does the amplification of those pressure points carry manageable risk and meet the criteria of responsible cyber action.

Again, the importance of campaigning in an anticipatory way to advance resilience at home is essential and must be a concurrent element alongside the disruptive element. But herein lies the critical difference from a deterrence mindset that thinks about offensive action in reactive punishment to dissuade a committed adversary. A front-foot British cyber posture proactively engineers opportunities to complicate the operational environment because it accepts the cyber reality that adversaries will persist. It is not about dissuading opponent’s decisions, it is about securing your own networks and digital platforms through your own actions, both resilient and disruptive.

The benefit of such an approach is that it can help generate sustained friction. Existing uncertainty and distrust mean that complication of the operational environment lands on ‘fertile ground,’ making campaigning less resource intensive and propelling cognitive effects further, possibly even to create cascading effects within a wider ecosystem.

Britain’s Cyber Forces Need to be Agile

In reality, some of the most significant constraints to proactive and continuous behaviour in cyberspace are things like political authorisation, risk tolerance, legal review, deconfliction and generating a coherent approach across government agencies. A campaigning mindset aims to generate greater unity of effort and overcome this self-imposed friction, thus enabling one to set favourable conditions in one’s own operating environment and enhance the effectiveness of one’s own capabilities before even engaging the adversary.

Interconnectedness, constant contact and technological fluidity must be met with new forms of securing. Just as the emergence of the nuclear revolution required its strategic solution – deterrence – the cyber challenge requires its own as well.

Whoever knows where exploitation of cyber vulnerabilities is coming from before it occurs is winning; that is the new measure in cyberspace. Britian needs cyber forces to match this challenge because Britain’s economic, political and security future in the 21st century depends on a cyberspace that works for it, not against it. These forces need to be agile, on the front-foot, out-thinking and then outmanoeuvring adversaries. They need to be able to exploit opportunities when these arise. This anticipatory posture will enhance national resilience, but such resilience needs cyber campaigning that shifts operational environments in Britain’s favour through imposing complication and dilemmas on those that mean Britain harm. Inducing cyber friction in a calibrated and precise manner through cyber campaigning can be a British answer to a more secure digital future.

© Richard J. Harknett and Monica Kello, 2026, published by RUSI with permission of the authors.

The views expressed in this Commentary are the authors', and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.

Have an idea for a Commentary you'd like to write for us? Send a short pitch to commentaries@rusi.org and we'll get back to you if it fits into our research interests. View full guidelines for contributors.