CYBERWARFrom Wadham to GCHQ and Back: Robert Hannigan on Cybercrime, Spying and the AI Tsunami Coming Our Way

Published 29 June 2023

Is the much-vaunted cyber-Armageddon likely or even possible? One experts says that “‘State cyber threats do get overplayed. They can’t do everything and countries over-estimate their cyber capabilities – just as they over estimate their military capability.” The expert  insists, however, that “The challenges are ‘moving very fast’, as potential attackers learn fast.”

There are many reasons to fear the consequences of cyber warfare. Digital attacks on infrastructure and systems could cause chaos, even deaths, while the attacker does not have to leave their coffee and computer screen. In response to such threats, governments around the world are equipping themselves for the cyber-front. But is the much-vaunted cyber-Armageddon likely or even possible?

Robert Hannigan, the University of Oxford’s Warden of Wadham College, should know. He was an early bellwether of cyber danger when, as head of GCHQ, he established, in 2016, the National Cyber Security Centre.  So, he is no cyber-sceptic, but he was not expecting a massive cyber-strike, which many predicted, a digital 9/11, to accompany the Russian invasion of Ukraine.

Since Russia developed, and encouraged, such an aggressive cyber-reputation, commentators have been left wondering why there was no massive digital attack. Hannigan points out, Russia had, in fact, been using Ukraine as a test-bed for cyber-attack for over 10 years and, in the run up to the invasion, had inflicted a ‘barrage of attacks’, softening up the target. But, once the ‘kinetic war’ had started – the one with bullets and bombs – a new stage had begun. Nonetheless, Russian state cyber attackers have continued to attack Ukraine and countries in the region, as well as mounting propaganda and fake news campaigns around the world.

And, he says, the Russians, anticipating an early victory, did not want to destroy Ukraine’s systems. They expected to be using the telecommunications and infrastructure. To have destroyed them would have been a self-inflicted wound. Also, cyber-attacks can have an unfortunate consequence of rebounding on the perpetrator – with digital fall-out causing systems to fail far beyond the original target.   

According to Hannigan, however, ‘State cyber threats do get overplayed. They can’t do everything and countries over-estimate their cyber capabilities – just as they over estimate their military capability.’

As is widely-believed, Russia’s kinetic invasion has not gone according to plan, although its military prowess had been long boasted of. Perhaps the threat of cyber is not as concerning as believed?

‘The whole conflict has not gone their way,’ Hannigan says bluntly. But, he insists, cyber warfare is very real and he adds, ‘Things can be done and are being done, to build a better defended society. Ukraine’s cyber defenses, helped by friendly governments and by the private sector, have been impressive and there are positive lessons to be learned.’