# UK Cyber Chief Warns: We Are Already Fighting Tomorrow's Conflicts Today Britain is already engaged in the opening exchanges of future conflicts in cyberspace, according to **Richard Horne**, chief executive of the **National Cyber Security Centre (NCSC)**. Speaking on Wednesday, Horne disclosed that hostile states are responsible for a staggering three-quarters of cyberattacks striking the country's critical national infrastructure. In the year leading up to May, Horne's teams handled over 200 incidents impacting critical infrastructure and its supporting ecosystem. Approximately 75% of these were attributed to state actors. This builds upon an earlier disclosure by Horne, which revealed the NCSC was managing four nationally significant cyber incidents weekly, predominantly traced back to hostile governments rather than criminal hackers. ## Adversaries Prepositioning in Critical Infrastructure Delivering the annual security lecture at the **Royal United Services Institute**, Horne emphasized that the NCSC is "regularly finding and stopping breaches, before their intent becomes clear." He warned that "kinetic targeting in any conflict tomorrow will be based on intelligence gathered today," and that adversaries are actively "prepositioning" within British critical infrastructure. Horne described these threats as "establishing footholds within technology that underpins critical national infrastructure that could enable rapid exploitation, to cause mass disruption in a time of conflict." He cited **Volt Typhoon**, the Chinese state-linked campaign exposed against U.S. infrastructure, as a clear example of this tactic. While specific details of these breaches were not provided, the reference to such intrusions is significant. British intelligence has historically been more reserved than Washington in publicly naming such incidents, partly to avoid inadvertently assisting perpetrators. Horne's unequivocal statement: "In cyberspace, we are not preparing for tomorrow’s conflicts. To some degree we are fighting them today," underscores the gravity of the situation. ## A Fundamental Shift in Vocabulary: From 'Risk' to 'Contest' Horne's speech notably departed from the NCSC's long-standing vocabulary. He argued that cybersecurity should no longer be treated as a "risk" to be managed and tolerated, but as a "contest" to be fought. For a decade, risk management terminology has been central to British cyber advice, with the NCSC's flagship guidance, the **Cyber Assessment Framework**, opening with an objective titled "managing security risk." This shift aligns the NCSC's language with a broader trend among Western governments. **NATO** declared in its 2022 strategic concept that cyberspace is "contested at all times," a sentiment echoed by allied officials who now view the domain as a permanently contested environment. Senior figures at **U.S. Cyber Command** have made similar arguments, cautioning that a steady pattern of attacks, though not outright war, is having "strategically consequential effects" on Western states. "When executives ask ‘when will we be done investing in cyber security?’ the answer is: never," Horne stated. He cautioned that benchmarking defenses against industry rivals, a common corporate risk management approach, is inadequate. "The only benchmark that matters is how your capability and performance compares to that of your opponent." ## The Widening Gap and the AI Threat Horne reiterated his concerns about a "widening gap" between threats and defenses, having previously warned that the country was dangerously underestimating the danger. He renewed his call for a "full court press" across the near, mid, and far spaces of cyberspace. The threat is further sharpened by artificial intelligence. A new NCSC assessment deems it "highly likely" that by 2028, AI tools will be used to exploit known weaknesses in aging technology across critical infrastructure – a concern the agency has frequently stressed in recent months. This reframing comes as the British government works to pass the **Cyber Security and Resilience Bill** through Parliament, which will mandate improvements for operators of essential services. The government also plans to introduce a new **National Cyber Action Plan**, expected to be published in early July. Horne concluded with a call to action: "In this great contest there are no spectators, we are all on the pitch. If we collectively embrace the contest, understand the urgency and believe we can be a match for any opponent, then we can and will prevail."