Let’s be clear: the UK is no longer preparing for hybrid threats; we’re already living through them. What happened at RAF Brize Norton wasn’t just a protest gone too far. It was an act of sabotage against operational military aircraft, carried out using scooters, paint, and basic hand tools.
The fact that it succeeded tells us everything we need to know about the state of our national security posture: fragmented, reactive, and dangerously misaligned with the threat landscape.
If we neglect the physical layer, we risk undermining all the effort, investment, and capability built into our digital resilience. Security must be holistic—from the perimeter fence to the network firewall, from the patrol route to the SOC dashboard.
And right now? That cohesion simply doesn’t exist.
Partner at Avella Security.
Hybrid Threats Are No Longer Theoretical
Driven by geopolitical instability and evolving warfare tactics, hybrid threats, where physical and cyber attacks are combined, are becoming the norm.
Across the Middle East and Eastern Europe, digitally coordinated sabotage operations (like drone strikes on critical infrastructure) have exposed the weaknesses in siloed defenses. These aren’t one-off incidents; they’re deliberate, repeatable attack models.
And the UK is not immune. Intelligence sources point to repeated probing of our critical infrastructure, with Russia frequently suspected. Whether it’s energy, transport, or defense, our infrastructure is now part of the battlefield.
Why Security Must Be Holistic
Securing critical infrastructure isn’t just a technical challenge, it’s a leadership one.
You wouldn’t install a high-end alarm system at home and then leave the front door wide open. But that’s exactly what many organizations are doing: investing millions in cybersecurity while physical security is neglected or under-tested.
Across defense, utilities, transport hubs, and data centers, the weakest links are often the most mundane: an unchecked fence, a blind CCTV angle, an unmanned gate. These gaps may seem small until they’re exploited.
The reality is stark: we are now in the grey zone, where adversaries operate below the threshold of open conflict, using disruption, ambiguity, and deniability to advance strategic goals.
Brize Norton: Exposing Systematic Failures
The breach at RAF Brize Norton was not complex or sophisticated; it succeeded because no one expected it.
Two individuals, using basic tools and repurposed fire extinguishers, accessed an active runway, disabled aircraft engines with paint, and left undetected. These aircraft support critical UK combat operations, including missions in Ukraine.
This wasn’t symbolic; it had real tactical impact. And it exposed systemic failures, not just in physical security, but in how cyber and physical defenses fail to align.
This is exactly what modern adversaries exploit: seams, blind spots, and bureaucratic silos.
Heathrow: Civil Infrastructure, Same Problem
Just weeks earlier, a fire at a 1960s-era substation shut down Heathrow, cancelling over 1,300 flights and stranding 300,000 passengers.
The cause remains under investigation, but the implications are clear: fragile systems, single points of failure, and national disruption caused by one overlooked asset.
Whether accidental or deliberate, this is the playbook for hybrid adversaries: exploit basic vulnerabilities to cause disproportionate impact.
Commercial Organizations Are Not Exempt
It’s a dangerous fallacy to assume that only critical national infrastructure is being targeted. Commercial organizations—from logistics and manufacturing firms to data centers, retail giants, and tech companies—are increasingly in the firing line. The same hybrid tactics being used against government and military targets are being adapted and deployed against the private sector, often with devastating results.
Why? Because attackers don’t care about sector boundaries. They care about impact, access, and leverage. A warehouse fire, a compromised fulfilment center, or a disabled payment gateway network can ripple into national disruption. These aren’t just economic losses; they’re strategic vulnerabilities.
Commercial supply chains are deeply intertwined with national resilience. A major cyber-physical incident at a privately owned port, a cloud provider, or a high-throughput distribution hub could disrupt the economy, erode public trust, or even compromise defense readiness.
Yet too many businesses still view security as a compliance checkbox rather than a strategic function. The result is a security architecture that assumes peace while operating in a contested domain.
To ignore this is to misread the modern threat landscape. Commercial entities must be just as prepared, because when disruption is the goal, anyone with critical throughput becomes a target.
What the UK Is Failing to Grasp
The critical misunderstanding across much of UK security leadership is this: these threats don’t operate in silos. So why do we defend them as if they do?
Many boards still treat cyber and physical security as entirely separate disciplines, with different teams, budgets, and reporting lines. That’s not resilience. That’s friction. And attackers thrive in that friction.
Here’s what’s driving the risk:
Fragmented defenses: Physical security teams don’t have visibility into digital threats, and vice versa.
Poor system segmentation: A cyber breach often leads straight to operational control. A physical breach often exposes the network.
Leadership indecision: Waiting for a regulation to act is like waiting for a break-in to install locks.
What Must Change Now
We don’t need more strategy documents. We need decisive, integrated action. Here’s where to start:
1. Unify Security Governance
Cyber and physical security must be led from a unified framework. Shared threat models. Shared reporting. Unified response protocols.
2. Design for Containment, Not Just Prevention
Breaches will happen. What matters is whether they cascade. Resilience requires segmentation, isolated backups, manual overrides, and tested recovery drills.
3. Treat OT as a Primary Attack Surface
Operational Technology (OT) and Industrial Control Systems (ICS) can no longer be afterthoughts. They must be logged, monitored, and secured like your most sensitive data environments.
4. Train for Real-World, Blended Threats
Exercises must mirror reality: power loss during a cyberattack, disinformation campaigns during a physical breach. Complexity is the new normal. Ensure your teams are ready.
5. Conduct Regular Physical Penetration Testing
Just as networks are stress-tested through red teaming, physical sites must be tested through controlled breaches.
These exercises reveal blind spots in perimeter security, access control, and response protocols, and turn “security theatre” into actual resilience.
6. Act Without Waiting for Mandates
If Brize Norton didn’t drive change, what will? The next incident may come at a greater cost. Waiting for regulatory change is a dereliction of leadership.
Hybrid threats are real. The UK is already a target. Our critical infrastructure, both military and civilian, as well as commercial, is being tested.
Brize Norton and Heathrow are not anomalies. They are indicators of systemic failure: a lack of joined-up thinking, a failure to treat physical and cyber risk as inseparable.
If we don’t act now and build holistic defenses from the fence to the firewall, we are set to learn the next lesson at a much higher cost.
The best internet security suites and the best antivirus software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
