Britain faces growing "grey-zone war" threat from Russia, Iran and China

03 July 2026 , 10:27
393     0
Britain faces growing "grey-zone war" threat from Russia, Iran and China
Britain faces growing "grey-zone war" threat from Russia, Iran and China

Britain is facing a major national security challenge from hostile states operating below the threshold of war, the country’s independent reviewer of terrorism and state threats legislation has warned.

Jonathan Hall KC told Media that grey-zone activity, including cyber operations, sabotage, espionage, proxy activity and influence campaigns, is now one of the major threats facing the UK.

He said the National Security Act 2023 was itself evidence of the danger posed by hostile foreign powers, but warned there is “no silver bullet” for dealing with states that use proxies, criminal networks and online tools to cause harm while avoiding direct confrontation.

Asked by Media whether grey-zone activity had become one of the major national security challenges facing Britain, Mr Hall said: “Absolutely.

“The relatively new and untested National Security Act 2023 is testament to the threat posed by grey-zone activity, which is being fired up by increasingly assertive foreign powers like Russia, Iran and China.”

Grey-zone warfare refers to hostile activity that sits between peace and open war. It can include cyber attacks, espionage, sabotage, disinformation, economic disruption and the alleged use of proxies or criminal networks to carry out operations on behalf of foreign states.

Mr Hall said Britain’s legal framework is in a stronger position than many countries, but warned that hostile states are constantly finding new ways to test it.

“There are no yawning gaps in the UK’s legal framework, and the government has committed to filling in some of the holes I identified in my review last year,” he told Media .

“We are a lot better off than some countries. But as they say, the enemy gets a vote.

“Foreign powers are endlessly inventive at finding new ways to cause harm to our national security, or using methods, like internet-recruited proxies, that are just difficult to deal with, whatever the legal framework in place.”

The warning comes after a new report claimed Putin’s shadow fleet was used to launch drones over nuclear sites, airbases and critical infrastructure in Britain and across Europe, the clearest example yet of how Russia is using deniable grey-zone tactics to probe Nato’s defences without triggering open conflict.

Cyber security and national security experts have told Media that Britain is already operating in a permanent state of grey-zone confrontation, with hostile states using cyber attacks, influence operations and economic pressure to damage the country without crossing the line into conventional war.

Craig Watt, senior threat intelligence specialist at Quorum Cyber, told Media : “Grey-zone warfare is a reality we’re already operating in.

“Hostile states have recognised that cyberattacks, influence operations and economic disruption can achieve strategic objectives without crossing the threshold into open conflict.”

He said hostile-state cyber operations, espionage and sabotage are now “among the most serious security threats facing the UK today” because they target “the foundations of our national resilience, economic stability and public trust”.

“A well-executed cyberattack or espionage operation can deliver strategic impact that once required military force,” he added.

Mr Hall said the problem is not simply a lack of law, but the nature of the threat itself.

Asked whether there are gaps in how the UK detects, deters or prosecutes hostile-state activity, particularly when attribution is difficult or proxies are allegedly used, he said: “It’s not so much gaps as the nature of grey-zone activity itself.

“Of course attribution is difficult. Of course intelligence officers would prefer to sit in Tehran directing intermediaries and proxies through Telegram.

“There is no silver bullet to this.”

That warning was echoed by experts who said hostile states are increasingly using deniable, scalable and often low-cost methods to target the UK.

Gary Barlet, public sector CTO at Illumio and a former US Air Force cyber operations officer, told Media cyber operations have become “the frontline of modern conflict”.

“Grey Zone warfare is conflict without declaration, and it’s the norm in the global cyber domain,” he said.

“The difficulty of attribution, blurred lines between civilian and government/military systems, and the sheer volume of data available for exfiltration make this inevitable. It’s just how modern conflict operates.”

He warned that Britain’s reliance on cyber systems across civilian and military life makes it an obvious target for states that cannot compete with the UK and its allies on a traditional battlefield.

“These are among the most serious threats the UK faces today,” he said.

“The UK’s deep reliance on cyber capabilities, across both civilian and military interests, makes it an attractive target for nations that can’t compete on a traditional battlefield.”

Travis DeForge, director of cybersecurity at Abacus, told Media  much of this activity is now carried out by state-aligned hacktivist groups rather than formal cyber units openly operating under a national flag.

He said the UK is seeing politically driven attacks designed to cause downtime and disruption, including high-volume distributed denial of service attacks, website disruption and crowdsourced botnets.

Mr DeForge said the threat is being made worse by the “industrialisation” of simple cyber tactics, including denial-of-service-as-a-service, website defacements and hack-and-leak operations.

“These attacks are not targeted at specific organisations but carry far-reaching operational and reputational consequences for any business that falls victim to them,” he said.

The military has pivoted towards drone warfare after the lessons of Ukraine qhxidiqxkiqxzinv

Experts told Media that the most exposed sectors include defence, energy, telecommunications, higher education, local government, ports, data centres and other parts of the UK’s critical national infrastructure.

Mr Watt said: “Any organisation that underpins national capability or holds valuable intellectual property is in the firing line.

“Defence, energy, telecommunications, higher education and local government are primed for targeting because they offer both strategic intelligence and opportunities for disruption.”

Darrel Lang, cyber threat intelligence analyst at Bridewell, said the danger is not always a single dramatic strike, but a “slow and steady erosion over a period of years” of the systems and structures that support the UK.

He told Media that the old distinction between “wartime” and “peacetime” has become less useful, with grey-zone activity now describing the middle ground between the two.

Mr Lang said threat actors are increasingly able to scale attacks through automation, ransomware affiliates, denial-of-service attacks and faster exploitation of software vulnerabilities.

Mr Barlet warned that “every sector is exposed and being actively targeted”, adding that artificial intelligence is making hostile activity faster and more effective.

He told Media : “Cyber has a low barrier to entry, and AI is making attacks faster and more effective, so there’s no limit to who will be targeted.”

Undersea cables and data centres were singled out as particular points of concern because of their importance to the UK’s economy, communications and government systems.

Mr Barlet said the UK is “extremely vulnerable” to attacks on the digital infrastructure that carries “everything from financial transactions to government communications”.

He added: “Critical infrastructure is deeply interconnected, relying on multiple providers, systems and countries.

“That complexity creates opportunity for attackers, who can exploit weaknesses in software, supply chains, or human error, even when core systems are secure.”

James Neilson, SVP of Global at OPSWAT, told Media the daily scale of hostile activity aimed at Britain is “vast”.

He said hostile actors now “routinely target the UK to undermine security, the economy and public trust”, with cyberattacks and cyber espionage proving “extremely effective ways of doing this”.

Mr Neilson said many critical infrastructure organisations face a particular problem because their systems mix traditional IT with operational technology — the machinery and control systems that keep essential services running.

“The challenge for many UK critical infrastructure organisations is that their environments include a mixture of IT and operational technology assets, but very few individuals possess deep expertise in both, creating knowledge gaps in threat assessment and defence development,” he said.

But Mr Hall warned that the public still does not properly understand the seriousness of the state threat facing Britain.

“My own sense is state threats are not really understood by the public at large,” he told Media .

“I found that there is still a lot more interest in terrorism than in state threats, and I am sure that this affects people’s lack of preparedness.

“We are far behind countries like Poland, which is physically on the frontline.

“I think that politicians still haven’t found the right language to communicate the threat, or to articulate our responsibility as individuals to look out and challenge it where we find it.”

Olly Maxwell, principal security analyst for EMEA at Huntress Labs and a former defence, national security and foreign policy practitioner, told Media that grey-zone warfare should now be treated as “an enduring condition rather than a temporary phase of geopolitical competition”.

He said hostile states do not divide cyber security, economic security, information operations and national security in the way Britain often does.

“They are increasingly employed as components of a single campaign designed to shape behaviour, create leverage and exploit vulnerabilities without provoking a conventional military response,” he said.

Mr Maxwell said the biggest concern is often not the attack that is visible, but the access hostile states may already have inside sensitive systems.

“The most consequential operations are frequently those that remain undiscovered,” he said.

“Persistent access to government networks, telecommunications providers, supply chains or critical infrastructure can provide intelligence value today and coercive leverage tomorrow.”

He added that hostile actors are often patient, sometimes spending years mapping networks, understanding dependencies and maintaining access.

“In many cases, they do not need to defeat sophisticated security controls if they can exploit complexity, legacy technology or organisational constraints,” he said.

The experts also warned that disinformation and online influence campaigns are now central tools of hostile-state competition.

Mr Watt said disinformation is designed to “shape perceptions, erode trust and influence decision-making without firing a single shot”.

“The objective is often not to persuade the population of a particular narrative but to undermine trust, deepen divisions and weaken confidence in our institutions,” he said.

Mr DeForge said information warfare often comes down to controlling what people see, hear and believe has happened.

He said hostile actors can use fabricated or misleading images and videos, then amplify them through online commentary, influencers, bot farms and social media engagement to push a chosen narrative.

Mr Lang said the aim of disinformation and online influence is often to “break down trust” in the systems that underpin public life, so that decisions made by those systems can be questioned, delayed or undermined.

Mr Maxwell said the goal of many influence operations is “not persuasion, but paralysis”.

He said hostile states use these campaigns to create confusion, amplify division and weaken trust in democratic institutions.

Mr Barlet warned that artificial intelligence is making the problem worse by enabling “fast, convincing deepfakes and automated propaganda”, making it harder for the public to tell what is real.

The experts said awareness of hostile-state activity has improved, but too many organisations still treat the problem as a narrow cyber security issue rather than a board-level national resilience challenge.

Mr Watt said: “Too many organisations still view hostile-state activity as a cybersecurity issue rather than a board-level resilience challenge.”

Mr Barlet said many organisations still underestimate both the scale of the threat and their own vulnerabilities.

“There is also a false belief that every attack can be prevented, which isn’t realistic,” he said.

“Too few organisations have the ability to limit or contain breaches, so when attacks succeed, services are disrupted and data is compromised.”

Mr DeForge said the issue has now moved from “high level policy discussion” to an “operational issue for board level debate”.

He said both government and industry increasingly understand that the threat has shifted from financially motivated crime towards “grey-zone hybrid warfare”.

The UK was described as having strong intelligence and cyber capabilities, including support from the National Cyber Security Centre, but experts warned that attackers are evolving quickly and may still hold the advantage.

Mr DeForge said the UK is well aware of the threat at national level, but business preparedness remains “more mixed”.

He warned that too many organisations still rely too heavily on a single cyber tool or provider.

“No single factor can be a ‘silver bullet,’” he said.

“Having a coherent, layered approach, a defence in depth model, has always been crucial but is more important than ever today because of the sheer volume of attacks that most businesses face.”

Mr Barlet said government plans, including the Cyber Security Resilience Bill and an AI cyber shield, should improve detection and response over time.

But he added: “Until then, attackers retain the advantage, with AI accelerating the scale and pace of threats facing the UK.”

He said Britain must move away from relying only on defensive walls and periodic fixes.

“Prevention alone is a losing battle,” he said.

“We have got to get to a place where every business can keep systems operating, recover quickly, and maintain essential services even under constant attack.”

Mr Watt said the UK needs to move “from a mindset of protection to one of resilience and active defence”.

“That means deeper public-private collaboration, faster intelligence sharing and sustained investment in the security of the systems that keep the country running,” he said.

Asked whether the UK needs further legislative, policy or operational changes, Mr Hall said he is waiting to see whether the government brings forward legislation to deal with all the points raised in his report last year.

“If the adversary is agile, and he is, then policy and operating practices will just have to adapt to meet the threat,” he told Media.

Mr Maxwell warned that deterrence also has to improve, arguing that “attribution without consequence rarely alters behaviour”.

He said effective deterrence requires sanctions, diplomacy, public attribution, intelligence disclosures and international coordination.

“Exposing hostile activity and removing deniability can itself be a powerful response,” he said.

He added: “The greatest risk is treating cyber security, resilience, economic security and information operations as separate issues. Our adversaries do not.

“The modern battlefield rarely begins with troops crossing a border. More often, it begins with a cyber intrusion, an espionage operation, an influence campaign or a quiet attempt to undermine confidence in the institutions that hold democratic societies together.

“These are not isolated incidents, but components of an enduring strategic competition that is already underway.”

Editorial Team

James Smith

Editor-in-Chief

National Cyber Security Centre, National Security, Artificial Intelligence, Nato, Critical Infrastructure, Disinformation, Sabotage, Espionage, Cyberattacks, Cybersecurity, China, Iran, Russia, Olly Maxwell, James Neilson, Darrel Lang, Travis DeForge, Gary Barlet, Craig Watt, Jonathan Hall

Read more similar news:

01.02.2023, 15:05 • Crime
Brit has fingertip bitten off by Russian woman in beach beanbag argument
02.02.2023, 16:53 • World
Russian admits troops guilty of torture including knocking prisoner's teeth out
02.02.2023, 17:44 • World
Russian soldiers must be on drugs to commit 'very violent acts' seen in Ukraine
03.02.2023, 06:54 • World
Russia threatens to ‘gain world’s attention’ on Ukraine invasion anniversary
03.02.2023, 14:56 • World
Vladimir Putin plotting ‘maximum escalation’ of war ahead of year anniversary
04.02.2023, 11:29 • World
World's coldest city where locals jump into river as temperatures drop to -62C
04.02.2023, 18:56 • Sport
Team GB 'unlikely' to support Olympics boycott over Russian athletes
04.02.2023, 20:56 • News
House where retired Russian spy was poisoned with Novichok is sold
05.02.2023, 12:27 • World
Dramatic footage captures plane on fire as tyres explode during take-off
06.02.2023, 11:14 • World
Putin’s rumoured lover hails Russia's war in Ukraine in rare public appearance