Cyber Doomsday Warnings Do More Harm Than Good

Uploaded on 2025-02-24 in TECHNOLOGY--Resilience, FREE TO VIEW

At a recent NATO cyber defence conference in London, British cabinet minister, Pat McFadden, warned that ‘Putin is ready to cripple Britain with cyberattacks’.

This sparked widespread reactions about the use of such cyber doom rhetoric, with many arguing that it does more harm than good, as such language can heighten fear unnecessarily and overshadow more tangible and current risks.

In his speech, McFadden did indeed highlight the real and significant risks posed by cyberattacks, noting that Russia could potentially ‘turn off the lights for millions’ by targeting critical infrastructure.

However, his remarks were framed in the context of Ukraine’s ongoing struggle against Russian aggression – not an isolated warning about the UK. He referenced Russia’s cyberattacks on Ukraine’s electricity grid, airports, and other critical national infrastructure, discussing the broader cyber warfare being waged against Ukraine, including cyber espionage.

It is unclear whether McFadden changed his remarks in response to the criticism, or whether the media failed to capture his words accurately. But this confusion highlights an essential point: the need for precision in public discourse when discussing cyber threats.

The way we frame and define these issues profoundly influences how we understand and respond to them. Our perceptions of threats, cyber or otherwise, shape the strategies and resources allocated to combat them.

The ‘cyber doom’ narrative, which emerged in the early 1990s in the US, used terms like ‘cyber-Pearl Harbor’ and ‘cyber-Armageddon’ to describe the potential for catastrophic cyberattacks that could disrupt economies, cripple military operations, and undermine national security. Over time, however, this rhetoric has drawn significant criticism for its role in shaping public perceptions negatively. It often distracts attention from more urgent and practical cybersecurity priorities. Rather than encouraging preparedness, this rhetoric typically leads to heightened fear, which can be counterproductive.

This rhetoric plays into the hands of adversaries like Russia, whose information operations seek to destabilise Western nations by projecting vulnerability and eroding trust in national infrastructure.

Critics argue that such fear-driven discourse undermines efforts to build resilience and manage the more immediate threats, such as ransomware, espionage, supply chain vulnerabilities, and growing criminal activities, that continue to evolve in complexity and scale. These threats are compounded by the proliferation of cyber intrusion tools, which are widely available on underground markets, and by the increasing use by states of criminal proxies for their cyber operations.

Building resilience in cybersecurity requires focusing on actionable, ongoing risks rather than sensationalised, worst-case scenarios. The constant escalation of doomsday language is a distraction.

Moreover, this rhetoric also plays into the hands of adversaries like Russia, whose information operations seek to destabilise Western nations by projecting vulnerability and eroding trust in national infrastructure. By framing the UK as being on the brink of catastrophic cyberattacks, this discourse unintentionally reinforces Russia’s narrative of cyber strength and influence.

It is important to note that while cyber threats from state actors are growing, none of the predictions of widespread, systemic collapse have come to fruition. Cyberattacks targeting critical infrastructure have occurred, but they have not resulted in the total disruption that some feared.

However, state-sponsored cyberthreats are increasing in complexity and frequency, particularly when it comes to targeting critical infrastructure. Here, not only Russia but also China, Iran, North Korea and others present serious and evolving threats. Several countries regularly share intelligence about the kinds of threats they face from other nation-states. For example, the US Cybersecurity and Infrastructure Security Agency (CISA) has highlighted how China engages in cyber activities to infiltrate critical infrastructure and advance its national interests. Similarly, CISA has reported that Iran uses sophisticated cyber capabilities to suppress dissent and target regional and international adversaries, while North Korea conducts cyber operations to gather intelligence, generate revenue and disrupt systems.

When it comes to the role of cyber in modern conflict, the war in Ukraine offers important lessons. While cyberattacks have certainly caused disruptions, such as disabling power grids and communication networks, they have not resulted in the total systemic collapse that some feared. The key focus of Russian cyber operations has been on espionage, information operations, and targeted attacks designed to gain a military advantage. Russia has sought to exploit vulnerabilities in specific targets, whether through cyber espionage or by disabling crucial infrastructure for short periods.

Cyber has also not been the dominant feature of the conflict as many predicted. Instead, traditional kinetic warfare has remained the primary mode of engagement, demonstrating that cyber capabilities, while impactful, are not a substitute for conventional military power – at least not yet.

While the UK has made significant progress in strengthening its cyber defences, the adoption of basic cybersecurity measures – including things like network security, malware prevention and user education and awareness – remains uneven across sectors.

Therefore, rather than preparing for a worst-case scenario, a more effective strategy would be to encourage the widespread adoption of these measures across government, industry and the public.

At the same time, governments must address the evolving threats posed by both state and non-state actors, by adopting a whole-of-society approach and engaging with allies and international partners to adapt to the constantly changing threat landscape.

While the risks are real, focusing on resilience-building and addressing current cyber threats will ultimately be more productive than indulging in doomsday scenarios.

Joyce Hakmeh is Deputy Director, International Security Programme at Chatham House

You Might Also Read:

The Impact Of Geopolitical Dynamics On The Evolving Cybersecurity Landscape:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.