Skip to content
Commentary | 23 September 2024

Nuclear vs cyber deterrence: why the UK should invest more in its cyber capabilities and less in nuclear deterrence

The strategic environment after Russia’s full-scale invasion of Ukraine in 2022 presents a stark contrast to the Cold War era when nuclear weapons were the ultimate deterrent. Today, the threats that the UK faces are more nuanced and diverse, ranging from state-sponsored cyber-attacks to sophisticated disinformation campaigns. These challenges require a shift in focus from traditional nuclear deterrence to modern defensive and offensive cyber capabilities, arguably more effective in safeguarding national security.

The changing nature of threats

The primary argument against significantly enhancing the UK’s nuclear deterrent lies in the changing nature of global threats. Opponents of shifting investment from nuclear deterrence to cyber capabilities would argue that nuclear weapons provide a proven and robust deterrent against existential threats, with decades of strategic stability behind them. Indeed, the nuclear age has not gone anywhere: Russia continues using nuclear weapons for blackmail, has stationed nuclear weapons in Belarus, and some Russian experts are calling for a preventive nuclear strike. Even a slight reduction in nuclear deterrent investments could be considered as a vulnerability by allies and as an opportunity by adversaries.  However, we are now in the cyber age where there is another layer of competition and warfare between state and non-state actors –cyberspace. This has altogether evolved the threat landscape. Cyber-attacks, state-sponsored disinformation campaigns, and other non-kinetic forms of warfare have become more prevalent and pose a more immediate risk to national security.

Cyber-attacks, state-sponsored disinformation campaigns, and other non-kinetic forms of warfare have become more prevalent and pose a more immediate risk to national security. Nikita Gryazin

The UK has already experienced the consequences of these new types of threats coming from Russia and China. Recent cyber-attacks on the UK’s critical national infrastructure have highlighted the vulnerability of the UK’s digital systems. London’s Transport for London was subject to cyber-attacks twice in the last two years: in July 2023 and  September 2024. In May 2024, the target was the Ministry of Defence: the Defence Secretary confirmed that a ‘malign actor’ gained access to part of the MoD payment network, and in March, the Defence Secretary’s RAF plane’s GPS signal was ‘jammed’ near Russia’s Kaliningrad. Most recently, in July 2024, the Russian-based hacking group Qilin (believed to be part of a Kremlin-protected cyber army) stole patient data in a cyber-attack on NHS England systems, resulting in a major data hack and thousands of patient appointments and operations postponed.

These attacks on the UK’s critical defence and social infrastructure not only disrupt services but also undermine public confidence in the government’s ability to protect its citizens. Moreover, there is a strong nexus between cyberattacks and disinformation campaigns, as both are often used together in coordinated efforts to disrupt, destabilise, or manipulate targets. The recent disinformation campaigns about the Southport stabbing on 29 July, possibly linked to Russia-based actors, have fuelled far-right protests and nearly destabilised the country, underscoring the power of information warfare to disrupt society.

The diminishing utility of nuclear weapons

While nuclear weapons continue to serve as a deterrent against existential threats, their utility in addressing the challenges of the 21st century is limited. Nuclear weapons are primarily designed to deter or respond to large-scale military aggression, primarily from other nuclear-armed states. However, the likelihood of such conflicts is relatively low even in today’s geopolitical environment.

In contrast, cyber threats are far more immediate and pervasive. While nuclear weapon use in war happened only once in history, cyber-attacks have been recorded daily since the very first cyber incident in 1988. Cyber-attacks can be launched remotely, often with plausible deniability, making them an attractive option for state and non-state actors alike. Furthermore, the consequences of a successful cyber-attack can be devastating, ranging from the disruption of critical infrastructure and theft of sensitive information to the sowing of division and chaos in society. Unlike nuclear weapons, cyber capabilities are more dynamic, flexible, and efficient.

The case for greater investments in cyber capabilities

Given the evolving threat landscape, the UK would benefit from a greater focus and investment in its cyber capabilities rather than expanding and modernising its nuclear arsenal. There are several reasons for this:

  • Modernising nuclear weapons is an expensive and resource-intensive process. According to the Nuclear Information Service, the total cost of the UK’s nuclear weapons programme between 2019 and 2070 is £172bn. In contrast, the UK’s National Cyber Strategy 2022 is £2.6bn over three years. As cybercrime is estimated to cost the UK economy £27bn per year, some costs associated with maintaining and upgrading the UK’s nuclear arsenal could be better spent on enhancing cyber defences and developing offensive cyber capabilities.
  • The institutions are already in place. The UK has already embraced the use of offensive cyber capabilities, as outlined in its National Cyber Strategy, which sees these tools as essential for national security and deterrence. The UK’s approach has evolved from a largely defensive posture to recognising the need for proactive measures, such as disrupting adversaries’ cyber operations. The UK’s National Cyber Force (NCF), established in 2020, conducts offensive cyber operations under the authority of international law, particularly the UN Charter, and is subject to domestic legal frameworks like the Intelligence Services Act 1994 and the Investigatory Powers Act 2016, ensuring that operations are lawful and proportionate. The announced Cyber Security and Resilience Bill should further expand the scope of the current cyber regulations.
  • Nuclear weapons are inherently indiscriminate, causing massive destruction and inevitable collateral damage, both immediate and long-term. Even with advancements in technology, the lethality of nuclear weapons cannot be precisely controlled, and they are largely static in their role as deterrents. Cyber weapons, in contrast, offer precision and adaptability. Cyber operations can be designed to target specific systems, networks, or capabilities, avoiding widespread physical harm and ensuring minimal collateral damage. The flexibility of cyber tools allows the UK to respond to emerging threats with a degree of proportionality that nuclear weapons cannot offer, addressing security challenges in a measured, dynamic, and controlled way. By prioritising cyber capabilities, the UK can tailor responses to achieve strategic objectives without the humanitarian and environmental consequences that nuclear weapons bring.

The flexibility of cyber tools allows the UK to respond to emerging threats with a degree of proportionality that nuclear weapons cannot offer, addressing security challenges in a measured, dynamic, and controlled way. Nikita Gryazin

  • The rapid pace of technological advancement means that the nature of cyber threats is constantly evolving. Today, cyber is increasingly driven by AI, so investing more in AI-powered cybersecurity would make monitoring, analysing, detecting, and responding to cyber threats more efficient.
  • By prioritising cyber capabilities, the UK can position itself as a global leader in cybersecurity. For this, institutions are already in place, such as the National Cyber Security Centre (NCSC) and the CYBERUK annual conference, established in 2016. If better funded, it would enable the UK to play a more prominent role in shaping international norms and standards in cyberspace. In contrast, increased funding of the nuclear deterrent contributes to global instability and undermines efforts to promote nuclear disarmament.

The strategic environment has shifted, and the threats facing the UK today require a more nuanced approach. As a result, the new UK Labour government should focus on cyber capabilities over nuclear deterrence. Investing in cyber, both defensive and offensive, offers a more effective means of protecting the UK from the growing threats of cyber-attacks and disinformation campaigns. Unlike nuclear weapons, which are largely symbolic, cyber capabilities provide real-time, actionable solutions to the challenges of our cyber age.

The European Leadership Network itself as an institution holds no formal policy positions. The opinions articulated above represent the views of the authors rather than the European Leadership Network or its members. The ELN aims to encourage debates that will help develop Europe’s capacity to address the pressing foreign, defence, and security policy challenges of our time, to further its charitable purposes.

Image: Dmitriy Shironosov / Alamy Stock Photo