Critical National Infrastructure

Attacks on critical national infrastructure are often coordinated at a strategic level but are frequently executed by non-professional operatives beyond the control of any single organisation. This leads to  messy, unprofessional and dangerous sabotage or cyber operations can pose knock-on threats to businesses across a wide range of sectors. Protecting CNI in this environment therefore requires a coordinated national approach, including increased defence and security spending and stronger public-private integration to build resilience - and it starts with your organisation.

For owners and operators of CNI, these evolving threats mean that resilience cannot be achieved by operational measures and private investment alone. It requires engagement in the broader national security framework within which your assets function, with action required now to not only safeguard your critical business operations but our society’s security as a whole.

What The Resilience Imperative will do

We will advance the need for action to protect our CNI in three ways:

1. Raising public awareness of the hybrid threats facing the UK’s CNI

2. Building a public mandate for increased defence and security investment

3. Fostering closer collaboration across industry, government and the public

We need your support to do this.

The value of joining The Resilience Imperative

By becoming a corporate member of The Resilience Imperative, your organisation will help strengthen the UK’s resilience to hybrid threats, bolstering the security environment that underpins your operations, while accessing the following strategic value:

• Insight and Forecasting: receive fortnightly resilience and hybrid threat reports delivering structured, sector-specific analysis alongside macro-level assessments of the UK threat environment, through our relationship with Sibylline. This reporting aims to improve awareness and inform resilience planning for organisations operating across the UK’s CNI sectors.

• Leadership Forum and Strategic Dialogue: participate in senior-level forums and cross-sector engagement through our relationship with Resilience First), to foster strategic dialogue and share best practice to assist with benchmarking exercises.

• National Security Leadership: demonstrate your organisation’s active contribution to strengthening UK national resilience and security. By supporting this initiative, you signal to government, industry peers and the public that your organisation recognises the increasing threats and is committed to safeguarding the infrastructure upon which the UK economy and wider society depends.

Recent examples of hybrid attacks that could affect your business

We include examples from the UK and also from across the continental Europe, as a likely foreshadowing of what attacks the UK can anticipate in the coming months and years:

• Data cables - in 2025 a Russian intelligence-gathering vessel, Yantar, was highly likely mapping subsea communications cables and other critical infrastructure in UK and adjacent waters. It mirrors a pattern already observed in the Baltic Sea, where suspected Russian-linked operations have progressed from surveillance to physical interference. We assess that Russia is conducting these operations to identify vulnerabilities and set conditions for possible future attacks should the Kremlin wish.

• Satellites – in 2025 European security officials assess that two Russian space vehicles, Luch-1 and Luch-2, have repeatedly manoeuvred in close proximity to European satellites, likely intercepting their “command links” – the data beams connecting satellites to ground control stations. It is believed this activity has provided Russia with data on how such systems could be exploited for targeted jamming and cyber interference operations, which would materially affect civilian and military communications, financial networks and GPS-dependent technologies.

• Rail – in 2025 an explosion on the Warsaw–Lublin rail line (a key logistics route supporting Ukraine) led to arrests of suspects accused of acting on behalf of Russian intelligence. This incident highlights vulnerabilities relevant to the UK, where aging, highly interconnected rail networks reliant on legacy signalling and power systems increase exposure to disruption from low-cost interference.

• Air transport – in 2024 the GRU, Russia’s military intelligence agency, concealed a magnesium-based incendiary compound inside electric massagers. These devices detonated at DHL logistics facilities in the UK, Germany and Poland, and were assessed as test runs for potential future attacks on cargo planes and flights to the US and Canada. The impact on logistics would be profound if such attacks proceed successfully.

• Energy – wind – onshore and offshore wind farms have been targeted with numerous cyber attacks in recent years; while the decentralised nature of renewables nominally limits the impact of attacks on the wider grid, Russia has shown the ability to target multiple wind and solar farms at once during attacks in Poland in December 2025.

• Energy – interconnectors – in December 2024 the Russia-linked tanker Eagle S was suspected of severing the Estlink 2 subsea electricity interconnector in the Gulf of Finland with its anchor, with other dangerous manoeuvres by shipping threatening other connectors across various seas.

• Energy – gas – in 2022 the Nord Stream pipelines were severely damaged by underwater explosions in the Baltic Sea, likely by Ukrainian operatives. While Ukrainian attacks against UK infrastructure is highly unlikely, Russia retains extensive undersea capabilities and has likely mapped this infrastructure. The incident demonstrated that subsea gas pipelines are highly vulnerable to deliberate attack. This vulnerability is strategically relevant as the UK relies heavily on subsea gas pipelines from Norway for energy security, but without sufficient naval ships to effectively protect these attacks, this represents a critical vulnerability.