The Council on Geostrategy’s online magazine

About | Contributors | Submissions

Cyber maritime: A priority for Britain

The era we live in is characterised by ‘strategic acceleration’, whereby increasing geopolitical instabilities, rapid technological change and budgetary constraints combine in making the world more dangerous for the United Kingdom (UK) and its allies and partners.

In the maritime domain, competitors, adversaries and their proxies are increasingly disrupting freedom of navigation and contesting Western maritime dominance, and the ocean has become ‘the biggest crime scene in the world’. Maritime preponderance has been instrumental in explaining Britain and then Western dominance of the global order. Sea power and the ability of the collective West to produce strategic effects at and from the sea is central to the impending global leadership challenge posed by forces of authoritarianism.

According to the House of Commons Defence Select Committee: ‘We’re going to need a bigger Navy’. Yet, state and non-state disruptors benefit from asymmetrical advantages whilst our resources are limited. In this context, creating affordable mass and ensuring the cyber resiliency of systems and platforms will be key for British sea power. Indeed, a cyber vulnerable force would degrade the capability and its availability for deployment and use. Similarly, an increase in the navy’s size must be cyber-secure and digitalised by design as a way of keeping the capability relevant to the requirements of the 21st century battlefield.

Fluid milieu
Information dependence
Grey zone
Systemic complexity
The way forward
Information resilience
Capital-power ratio


A fluid milieu: The maritime domain is characterised by its fluidity and unboundedness, which supports freedom of navigation while creating fuzzy borders, overlapping jurisdictions and contested sovereignties. The sea cannot be ‘occupied’. On the one hand, this grants naval forces unparallelled projection and theatre access capabilities, unhindered by legal or geographical constraints. On the other hand, the sea is not immune to the proliferation of disruptive actors and activities, including (but not limited to) espionage, terrorism, and crime, as well the rise of new powers pursuing maritime claims.

C4ISTAR (Command, Control, Communications, Computers, Intelligence, Surveillance, Target Acquisition and Reconnaissance): The acquisition, management and networking of information is crucial to naval operations. The sea is a vast space where platforms operate at a distance. Intra-platform systems integration combined with inter-platform interconnection creates a complex set of dependencies and an information rich environment. Intricate operations can therefore generate and require a constant flow and networking of data to obtain a common operational and intelligence picture. The search for information dominance, particularly in a multi-physical domain (air, land, sea, space) like the sea, engenders a strong reliance on ‘information’, ‘communication’, and ‘connection’. However, consolidating and expanding resilient and robust strategic communications in the maritime domain, particularly in the context of a highly congested and contested electromagnetic environment, remains a serious challenge. 


Information and connectivity dependence: Reliance on timely information, and the required interconnections to distribute it, creates both risks and opportunities. On the one hand, a network weak link (partner, platform, or operator) may generate information breaches or the malicious injection of poor-quality information, undermining trust and confidence in the information received and platform capabilities. The move to uncrewed/autonomous platforms and the increasing use of machine learning (ML) for enhanced situational awareness and decision-making support drives novel attack vectors. On the other hand, this affords new opportunities to conduct operations and exert influence in a variety of non-kinetic, but equally effective ways. 

In maritime spaces, cyber-attacks and information denial operations can degrade situational awareness quickly, and control systems on modern naval vessels, including navigation, propulsion and identification, are inherently vulnerable to exploitation. While cyber-attacks against civilian and military maritime assets have so far been directed mainly at their ground stations, this may be changing with increasing deployment of autonomous naval capabilities. Adversaries are increasingly aware of the tactical, operational, and strategic effects of degrading connectivity in maritime environments.

Grey zone: The sea is particularly prone to ‘below the threshold’ activities due to its jurisdictional fuzziness, geographical characteristics and inherent ambiguity (such as flags of convenience). This creates opportunities for disruptors, enables deniability and makes it more difficult to monitor potential perpetrators, enforce the rule of law, and trace responsibilities. In addition to an increase in espionage – such as Russia in the North Sea and Black Sea, Iran in the Red Sea and the People’s Republic of China (PRC) in the Indo-Pacific within the ‘second Island chain’ – there is a risk of kinetic and non-kinetic attacks on critical maritime infrastructures (undersea communication cables, but also, potentially, ports). The grey zone is also exploited by actors who can disrupt maritime trade and security using modern technologies, including autonomous capabilities. The recent attacks by Houthi rebels, the increased prevalence and challenge of maritime piracy, and the use of mercenaries and other non-state actors to achieve strategic effects in maritime spaces are all of increasing concern.

Asymmetry: Naval platforms are capital intensive and constrained by safety, resiliency, and longevity considerations, whereas asymmetric actors are driven by agility and cost-effectiveness and are largely unbounded by legal, ethical and moral constraints. They can pull together platforms (and systems) from what they can find, or purchase commercially, enabling rapid capability development. New technologies in the cyber, artificial intelligence (AI) and automation domains grant disruptors further asymmetrical advantage by enhancing the ratio between capital spent and power of disruption (e.g., maritime drones or any cyber technology). 

However, short of state-sponsorship and transfer of major conventional maritime capabilities to non-state actors, the capabilities of disruptors will be highly attritable and deployed in ‘swarm-like’ airborne, surface, and sub-surface formations to confuse and overwhelm naval platforms and port defences. For state actors, adoption of innovation is a perennial defence issue, and with large capital projects, the pace of digital technology outstrips the rate at which platforms are developed (or even updated). The procurement of large conventional naval platforms takes well over two decades on average in Western navies, creating a potential for vulnerabilities in newly commissioned platforms or the deployment of outdated technology and use of legacy software. 

Even when new technologies are deployed in a timely manner, such as AI-enabled situational awareness and networks of autonomous surface and sub-surface sensors, the threat of data poisoning or adversarial interference with AI models remains very high. The recent example of Russians strapping tyres to their bombers to potentially confuse Western AI classification models for situational awareness shows how unsophisticated adversarial methods may be interfering with the operation of one’s AI models. Similarly, as the United States Navy’s Task Force 59 experienced over the past two years in the Gulf, establishing reliable communications channels as well as secure and compatible data exchange protocols between autonomous surface systems deployed by several nations remains challenging. When coupled with connectivity and information dependency, this gives rise to potential fragility in the at-sea capability.

Systemic complexity: While much remains the same in the maritime environment, the effect of digital interconnectivity, new digital (ML/AI) and physical capability is increasing uncertainty in the way the maritime environment, as a system, functions. For example, remote monitoring of capital equipment, such as engines or stores, connects the sea to the air, land and space in ways not explored fully and not always visible. Cyber space is ‘stitching’ the maritime domain together in the name of seamless integration and efficiency, at the cost of increasingly hidden complexity. This gives rise to challenges related to systemic impact as faced by other industries and sectors.

The way forward

Information resilience: In addition to making systems and platforms resistant to cyber-attacks, it is imperative to become resilient in the face of information uncertainty. Warships may have to operate with limited or no access to external data, and perhaps even without using, or being able to trust, the on-board IT systems. To prepare for this, it is important to ask the right questions: How do we train crews to fight digital ‘fires’ as well as physical ones? What are the relative priorities of information and systems? How can the UK locally (e.g., at platform-level) verify the quality and accuracy of information received? Which system can and should be able to work offline? What other cyber security challenges come from the creep of autonomy (and ML) within systems and platforms? And what additional burden do post-cyber-attack technical failures impose on operators and sailors? 

The capital-power ratio: New and emerging technologies used by disruptors increases the cost of maintaining Western dominance of the maritime order (e.g., upholding freedom of navigation). There are two options: 1) to reduce the cost associated with the defence of Western interests at sea, and 2) to increase the cost for disruptors.

In both cases, mass will be central. Indeed, as with any period of intense technological and operational disruption, it is all down to the capital-power ratio which is increasingly advantaging disruptors. As recently demonstrated by maritime warfare in Ukraine, surface and sub-surface drones worth under £200,000 per unit may be successfully deployed to destroy and severely damage large surface combatants worth a hundred times more. How does the UK make sure that its ability to invest in targeted areas (e.g. AI/ML) will generate not only (affordable) mass, but also a better capital-power ratio while restricting adversaries’ asymmetrical advantages? For instance, AI-enhanced networking of information (i.e., increased quantity and quality of information and its fast and continuous sharing between systems and platforms) enables an integrated but decentralised C4ISTAR system and an enhanced ‘common operational picture’ as well as information dominance. This eventually improves combat efficiency (speed and precision) and enables the conduction of effect-based operations (e.g., strikes which will have a disproportionate effect on the enemy’s command and control structure and paralyse its decision-making cycle).


Uncertainty in the maritime domain is compounded by a sustained growth in maritime traffic and trade, technological disruption, environmental change, resource depletion, and the opening (or deliberate closing of) sea routes, as well as attempts to erode the liberal maritime order, including freedom of navigation and other maritime norms.  

Maintaining maritime preponderance is a priority for the UK, as well as its allies and partners. In doing so, Britain should maximise opportunities and address challenges created by new and emerging technologies. Given the complex physical environment and the differing connectivity seen in the maritime environment, it is important to develop contextually relevant approaches to maintain maritime cyber efficacy.

The proliferation and increasing ‘democratisation’ of advanced general-purpose technologies like AI and robotics will make it difficult to restrain adversarial access to new capabilities. In such cases, information superiority, more than mass, will play a key role. At the same time, the acceleration of great power competition with Russia and the PRC and to a lesser extent Iran makes ‘affordable mass’ a necessity whereby informational superiority may be a transient advantage against these competitors. A prioritisation of needs (in terms of systems to defend and information to obtain) and the timely adoption of relevant technologies, will enable warships to develop a large degree of communication, information, and cyber resilience, allowing C4ISTAR to be efficient even in the case of cyber-attacks. It is actually the ability to dominate across domains which is crucial. At the same time, the potential for affordable mass autonomy can increase the UK’s long-term force and capital ratio compared to its adversaries. This will ensure the Royal Navy maintains its competitive edge, is cyber resilient and ready for cyber operations in a rapidly changing geopolitical and technological context.

Professor Basil Germond is Chair in International Security and Co-Director of Lancaster University’s security research institute.
Prof. Joe Burton is a Professor of Security and Protection Science at Lancaster University.
Prof. Daniel Prince is a Professor in Security and Protection Science at Lancaster University.
Dr Simona R. Soare is a Senior Lecturer in Strategy and Technology at Lancaster University.

This article is part of a series of articles from British universities as part of the First Sea Lord’s Sea Power Conference 2024

Security Lancaster is one of the largest interdisciplinary security research institutes in the UK with 120 staff from 15 academic departments. It is home to Lancaster University’s Cyber Security Research Centre (CSRC), the Economic and Social Research Council UK national hub for social science research on security threats (CREST) and the Engineering and Physical Sciences Research Council Trustworthy Autonomous Systems Node in Security (TAS-S). As a University Institute, Security Lancaster draws on excellence from across the university to deliver world class research and education that challenges the way individuals, organisations, and societies secure and protect themselves.

Join our mailing list!

Stay informed about the latest articles from Britain’s World

Leave a Reply

Your email address will not be published. Required fields are marked *