惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
SegmentFault 最新的问题
A
About on SuperTechFans
NISL@THU
NISL@THU
V
Visual Studio Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
B
Blog RSS Feed
Engineering at Meta
Engineering at Meta
GbyAI
GbyAI
美团技术团队
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Google DeepMind News
Google DeepMind News
小众软件
小众软件
博客园 - Franky
罗磊的独立博客
The Cloudflare Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
Hugging Face - Blog
Hugging Face - Blog
云风的 BLOG
云风的 BLOG
MongoDB | Blog
MongoDB | Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
B
Blog
The GitHub Blog
The GitHub Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
P
Proofpoint News Feed
有赞技术团队
有赞技术团队
Hacker News - Newest:
Hacker News - Newest: "LLM"
Cyberwarzone
Cyberwarzone
C
CXSECURITY Database RSS Feed - CXSecurity.com
Project Zero
Project Zero
Security Latest
Security Latest
L
Lohrmann on Cybersecurity
AWS News Blog
AWS News Blog
The Hacker News
The Hacker News
I
Intezer
J
Java Code Geeks
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Privacy International News Feed
月光博客
月光博客
A
Arctic Wolf
Apple Machine Learning Research
Apple Machine Learning Research
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园_首页
WordPress大学
WordPress大学
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
The Last Watchdog
The Last Watchdog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

RUSI: Latest Publications

Episode 21: Chinese Money Laundering and the ‘Flying Money’ Threat Armenia’s Election: A Win for Pashinyan, Yet the Kremlin Long Game Persists The Loyalty Trap: Trump and the Undermining of US Intelligence Power The End of Orbánism? Bosnia, Magyar and Europe’s Strategic Credibility The Curious Case of the Delayed Investment Plan The Energy Supply Cliff is Alarmingly Near Europe Means Business on Cloud and AI Sovereignty No-Rules Based Order: The World As It Really Is The Nathan Gill Case: Isolated Foreign Malign Interference Case or a Broader Hybrid Threat? Armenia’s Election and the Future of Security in the South Caucasus The DPRK’s Chemical Facilities: Sunchon Area: Site Profile 7 Reforming Defence: Lessons from the UK Defence Restructuring History The DPRK’s Chemical Facilities: 8th February Vinalon Complex: Site Profile 8 Power Under Dependency: Vulnerabilities in France’s Strategic Posture Re-Establishing Japan’s Intelligence Capability – ‘Spy Paradise’ lost? Episode 121: No Easy Off-Ramp: Iran, the US and the Search for a Deal Illegal High Street Enterprise. Closed for Business, Open for Crime Hollowing Out Lebanon: How Pressure on Hezbollah Could Save It Duke of Wellington Medal for Military History 2025 Episode 19: Adversarial Strategy: Russia’s Preparations for a Long War Who Rules Cyberspace? The Microsoft Approach to Cyber Diplomacy The Inextricable Link Between Geopolitics, Security and Humanitarian Impact Offshore Wind and Security in the North Sea: Key Findings from a Workshop The UK’s Chagos Islands ‘Deal’: Where are We Now? Integrating Hunt Forward Operations for Enhanced UK Cyber Campaigning Europe’s AML Package: A Strong Framework at the Wrong Time? How North Korea is Modernising its Defence NATO’s Rutte is Doing a Tough Job. Europeans Should Help The US Army’s Next Generation Squad Weapon and the Future of NATO Standardisation Episode 15: Integrating Today’s Forces for Air and Missile Defence RUSI Reflects: The Reality of an Extended Closure of the Strait of Hormuz Corporations Must Re-learn How to be Geopolitical Actors Operational Continuity in a Contested Energy Transition Why the US’s Financial Efforts to Keep the Hormuz Strait Open Failed The Real Test for Iran Comes After the War Nationalism and Defence Willingness: Mobilising for the Future Episode 16: Latvia’s Transformation: From Laundromat to Leader Four Alternative End States in Iran – the Only Good One Becomes Unlikely Crypto Moratorium is the Right Starting Point for Political Finance Reform UN Norms: Tackling the Rise of Cyber Capabilities Speaking Without Escalating: Why the UK Needs Public Responsibility Signalling in Cyber Policy The Gulf Does Not Want This War to Continue
Licence to Operate: Transparency and Responsibility in UK Offensive Cyber Power
2026-04-01 · via RUSI: Latest Publications

Concept image of an icon with a digital background. Image generated with Canva AI.

Recent Western approaches to cybersecurity embrace the notion that the best defence is a good offence.

Acting ‘swiftly, deliberately, and proactively to disable cyber threats’ is a main tenet of the new US Cyber Strategy. Germany is drafting legislation that could allow greater use of offensive cyber powers in peacetime. Denmark has made headlines for reopening applications to its Hacker Academy to support offensive cyber operations. In recent US military actions in Venezuela and Iran, offensive cyber capabilities have also drawn attention for their applicability alongside kinetic force.

The rapid adoption and expansion of offensive cyber powers reflect growing geopolitical uncertainty but raise questions about escalation and the risk of a ‘cyber arms race’. The responsible use of offensive cyber capabilities has therefore never been more critical for states seeking to develop offensive cyber power without undermining national or international security. Transparency and communication are key to developing offensive cyber practices that achieve effects while still protecting the security and freedom of the internet and its users.

The UK has already asserted its leadership in this regard, releasing its landmark public guide, Responsible Cyber Power in Practice (RCPiP), in 2023. Amid global instability, decision-makers should resist the urge to revert to secrecy; instead, the UK should double down on the doctrine’s ‘licence to operate’, promoting responsible offensive cyber practices at home and abroad through greater transparency and expanded public diplomacy initiatives.

Fostering Licence to Operate

RCPiP acknowledges that greater transparency is an ongoing challenge for UK offensive cyber operations – but one that must be addressed for a responsible cyber doctrine. Engaging with the public sphere gives the National Cyber Force (NCF) legitimacy – or its ‘licence to operate’ in the public mind – and demonstrates the UK’s commitment to responsible and democratic cyber operations. However, for the UK to secure this public mandate and promote responsibility, the NCF should fully embrace transparency as a strategic requirement, not just a challenge to be overcome.

Counterarguments highlight the need for secrecy in carrying out operations. Most states are opaque about offensive cyber practices out of justifiable concerns that transparency will give opponents a strategic advantage or make governments beholden to red lines. Transparency does not mean that governments must disclose every operation; rather, it is a commitment to ongoing public dialogue to foster trust and understanding with partners, allies, the private sector and the general public and to promote responsibility.

quote

Licence to operate should exclude licence to operate irresponsibly

Cyber attacks can transcend borders more easily than kinetic actions and the general public is likely to feel the effects of adversarial cyber activity, with the recent attacks on Marks & Spencer and Jaguar Land Rover notable UK examples. To better achieve RCPiP’s goal of ‘cognitive effect’, thereby changing adversary behaviour, the NCF should also consider the role of transparency and the need to protect against cognitive effects at home.

Clear, consistent communication and education on offensive cyber may help improve the UK public's collective resilience to the effects of cyber attacks. Not only may this reduce the negative cognitive effects of adversary activity, but it may also help change risk assessments for UK offensive cyber operators if the general public is more accepting of the risks associated with offensive cyber power. If more emphasis is placed on licence to operate and the importance of public support as a strategic centre of gravity, the UK may have greater freedom to employ offensive cyber power to counter threats.

Countering Irresponsible Narratives

Transparency and the promotion of responsible offensive cyber narratives are also necessary to help counter the proliferation of irresponsible offensive cyber practices. Licence to operate should exclude licence to operate irresponsibly.

Russia is continuously engaging in sub-threshold operations in Europe designed to challenge allied cohesion and test NATO and European red lines. Cyber capabilities have played both supporting and primary roles, with recent destructive cyber attacks on Poland’s energy sector attributed to Russian state actors. Moscow’s use of offensive cyber power threatens to cause physical harm to non-combatants, in addition to escalating tensions throughout Europe.

China has also been linked to irresponsible cyber power use, such as the mass targeting of network edge devices by Volt Typhoon. US and Five Eyes organisations assessed that the compromises were aimed at pre-positioning attackers to eventually conduct disruptive or destructive attacks. To counter the assertion, China’s Computer Virus Emergency Response Center in turn attributed Volt Typhoon to the US, calling it a ‘false flag’ operation, an assertion that is almost certainly false.

Enjoy our analysis and research? Ensure it shows up first on Google

Help your search results show more from RUSI. Adding RUSI as a preferred source on Google means our analysis appears more prominently.

As states seek to blur the lines between cyber and kinetic attacks, while muddying the waters of attribution and intent, transparency becomes even more essential for responsible cyber practices. A commitment to reliable communication from the UK around offensive cyber operations will help counter these narratives. This is essential to fostering trust not only with our allies and partners but also with the general public, to counter competing narratives and information operations.

A Cyber Influence Vacuum

Licence to operate also extends to public diplomacy efforts. The UK has an opportunity to promote its unique expertise and perspective on offensive cyber operations not only domestically but also worldwide. The US, often the norm-setter for states’ cybersecurity practices, has withdrawn from multiple diplomatic engagements and cyber organisations as part of the Trump administration’s ongoing rejection of soft power approaches to international affairs. A normative power gap is therefore emerging in cyberspace, which states like China and Russia may fill without counterefforts by Western states.

The UN Convention on Cybercrime, which opened for signature in October 2025, may be considered both a successor to the Budapest Convention on Cybercrime set out by the Council of Europe and a rejection of the Western-led approach to countering cybercrime. Sponsored by Russia in 2019, with support from countries including China, Iran, Belarus, Venezuela and Syria, the treaty is an example of authoritarian leadership in cyberspace, a trend that the UK should seek to counter through public diplomacy and communication on responsible offensive cyber practices.

Multistakeholder initiatives on responsible cyber power, like the Pall Mall Process, are one such approach, as are reciprocal agreements to restrict the use of certain offensive cyber techniques, following in the footsteps of agreements like the Anti-Personnel Mine Ban Convention. The UK should also consider establishing centres of excellence for domestic and international partners to enhance responsibility in offensive cyber doctrine. The UK has already demonstrated leadership in knowledge sharing and development with the NCF’s sponsorship of the Cyber Effects Network; the next step is to expand knowledge sharing to others to ensure that they develop responsibly.

Capacity Building and Deterrence

The UK should also seek to foster responsible licence to operate to support capacity building at home and abroad. Reliable engagement with the private sector may reduce duplication of effort in countering cyber adversaries while increasing support for government engagements.

Subscribe to the Cyber & Tech Newsletter

Stay up to date with the latest publications and events from the Cyber and Tech Research Group

Subscribe to the RUSI Newsletter

Get a weekly round-up of the latest commentary and research straight into your inbox.

Offensive cyber powers may also be considered defensive tools. Although, as RCPiP acknowledges, ‘evidence is limited for cyber operations being a primary contributor to deterrence’, capacity building – and the communication of capacity – can nevertheless serve as a deterrent. This is particularly true for cybercriminal activity. For example, out of fear of law enforcement reprisals following the 2021 Colonial Pipeline ransomware attack, the Russian-language cybercriminal forum XSS banned ransomware discussions, while many ransomware operators publicly disavowed attacks on critical infrastructure.

In light of global instability, other countries are also likely to develop offensive cyber programmes with or without Western support. Collaborating and communicating earlier is necessary to ensure that development follows internationally supported principles of responsible use. The UK should therefore take a leading role in promoting the development of responsible offensive cyber programmes worldwide.

Today, many states outsource cyber capabilities to private sector offensive actors (PSOAs), who often operate in legal grey areas with little oversight and accountability. Their operations also arguably inherently make the cyber landscape less secure: in Google’s latest zero-day review, the company for the first time attributed more zero-day exploit development to PSOAs than to traditional state-sponsored actors. The development of homegrown offensive cyber programmes, subject to robust legislation and accountable decision-making processes, may reduce the reliance on PSOAs.

Pragmatically, the UK is also in a position to be listened to by other states in the development of responsible offensive cyber programmes. The UK’s offensive cyber doctrine is, for one, more applicable to most countries than that of the US, as few countries can underpin their offensive cyber strategy with the same level of military power. The UK should therefore seize this opportunity to support other states in developing responsible offensive cyber doctrines and best practices.

The proliferation of offensive cyber capabilities poses a growing threat to security in cyberspace, underscoring the urgent need for credible cyber powers to model restraint and responsibility. The UK’s doctrine of responsible offensive cyber operations offers a vital path forward, but must be anchored in the principle of transparency, as it is the foundation of the UK’s domestic licence to operate and the source of its international credibility. In doing so, the UK can do more than improve its capabilities at home; it can help forge a more stable and responsible order in cyberspace worldwide.

© RUSI, 2026.

The views expressed in this Cyber Effects Perspectives are the author's, and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.


WRITTEN BY

Riam Kim-Mcleod

Cyber Effects Fellow

View profile