In this SJUK exclusive, Paul Feenan, Chief Revenue Officer at Arqit discusses how cyber-warfare is reshaping the defence strategy.
Cyber-warfare is fundamentally changing the way we approach modern conflict. Traditionally, militaries thought about warfare across the physical domains including land, sea, air and space.
In the current landscape, cyber has now become a domain in its own right and for good reason. Adversaries no longer need to physically attack to cause harm.
They can cross borders in the cyber domain in ways that are impossible in the physical world, using cyber operations to pre-empt phases of conflict or as a core part of war fighting.
What they target are networks, data systems, communications and command-and-control as they are the lifeblood of operations across all physical domains.
This has changed the mindset around protection.
We can no longer rely on perimeter defence, because networks are now organic and fundamental to how all operations are conducted.
We must assume that networks will be targeted first. If you degrade the networks, you undermine command and control and limit the ability to leverage digital assets across the battlespace. Cyber therefore becomes a critical pillar.
Another shift is that cyber is no longer viewed merely as a technical afterthought. Military planners now think about cyber resilience from the outset.
They consider how to design operational layers with resilience built in, how to protect data rather than just network edges and how to prepare against future threats such as quantum-enabled adversaries that could undermine information superiority.
There are two key drivers. First is the threat environment. Both state and non-state actors are better funded and have invested heavily in cyber capabilities because they deliver disproportionate impact.
These threats are persistent and increasingly sophisticated.
Secondly, perimeter defence is no longer viable. Once an attacker gets inside, they can move freely and cause catastrophic damage.
Zero trust assumes that attackers will get in. No device or actor is inherently trusted. Every node, endpoint and user must be continuously verified to ensure identity, intent and appropriate access.
This creates a dynamic, network environment that is continuously monitored.
Stronger encryption is equally important, especially in relation to quantum security. Encryption is the foundation of trust within military and government networks.
Historically, it was simply a question of whether something was encrypted.
Now it’s about the amount of protection and the vulnerabilities associated with current algorithms.
In a post-quantum world, current public-key encryption will be vulnerable. Even today, adversaries are harvesting data to decrypt later when quantum capabilities mature.
This makes stronger, quantum-resistant encryption essential.
Modern defence systems also rely heavily on unmanned platforms, AI at the edge and devices that may not support traditional hardware-based encryption.
Defence organisations are therefore turning to software-based, quantum-resistant solutions that can be deployed at scale across lightweight, dynamic systems that are able to integrate effectively with zero trust architectures.
Historically, military systems were designed as hardened, closed environments with encryption as an unbreakable layer. Today’s threat landscape requires something different.
Three major gaps stand out. First, many legacy systems remain in use and rely on outdated cryptographic methods such as RSA and elliptic-curve cryptography.
These remain common in supply chains, back-office functions and across wider defence estates. They are vulnerable to both current high-performance computing and future quantum capability. This gap needs immediate attention.
Second, fragmented trust models. Modern defence networks span multiple domains, partners, coalition forces and alliances with each bringing its own standards, policies, systems and legacy risks. This results in a fragmented trust landscape with higher vulnerability.
Closing this gap requires dynamic, unified trust architectures that enable secure and interoperable communications across national and coalition networks.
Lastly, the lack of constant readiness. Continuing to operate without quantum-secure networks is unacceptable as data is already being harvested for future decryption and once lost, it cannot be recovered.
Militaries must adopt quantum-secure encryption now.
Alongside this, they need to accelerate zero trust adoption and build resilience by design engineering systems to be secure from the outset rather than retrofitting protection later.
Harvest now, decrypt later refers to an adversary capturing encrypted data today and storing it until they have the capability, such as quantum computing and how it decrypts it.
The risks fall into four areas: long-term sensitivity of data, exposure of network vulnerabilities, erosion of strategic trust and irreversibility.
Military and government data remains sensitive for decades and decrypting it 10 or 20 years from now could have a huge impact.
Once the data is decrypted, stolen data may reveal how systems are protected, exposing methods, architectures, access patterns and other details that adversaries could exploit, creating new attack vectors and enabling more advanced threats.
If diplomatic communications or allied discussions become exposed, it could severely damage alliances and partnerships.
Once adversaries have captured encrypted data, it cannot be re-encrypted meaning that if it becomes decryptable in the future, it is permanently compromised. This makes inaction today a serious strategic failure.
Quantum-safe solutions are the only way to protect against harvest-now, decrypt-later risks and against increasingly sophisticated adversaries.
This isn’t just about future quantum threats as many networks are vulnerable today to non-quantum adversaries due to weaknesses in existing algorithms or increases in computing power.
Data sovereignty adds another dimension. Shifting geopolitical alliances and legal frameworks mean nations must retain control over their own data, even when using cloud providers or allied infrastructure.
Cloud vendors may be compelled by their home jurisdictions to release data, creating risks even between friendly nations.
Strong encryption with sovereign control of encryption keys ensures that data remains secure regardless of where it is stored.
This also applies to enterprises, critical national infrastructure, telecoms and any organisation that handles sensitive information.
As AI use increases, sovereignty becomes even more important. Data used to train or operate AI models must remain protected.
Technologies such as confidential compute and trusted execution environments allow data to be processed securely with only the results being exposed rather than the raw data itself.
This enables trusted collaboration with allies while preserving full sovereignty over the underlying information.
Several major trends will define the next decade. I believe that quantum-secure cryptography will become standard as adoption is already underway and it will soon become the norm across the defence industry.
I think we will also see that AI will be used as a cyber-defence where it will detect anomalies and pre-empt attacks, whilst also automating responses.
This includes scanning networks for cryptographic vulnerabilities and applying fixes automatically.
Zero trust will become baseline architecture and the continuous authentication of nodes, users and devices will become standard practice.
I also think that systems that support cryptographic agility will integrate seamlessly with zero trust principles.
As militaries deploy autonomous and AI-driven systems at the edge, protecting command-and-control networks becomes even more critical, I think that this will cause the greater fusion of cyber and kinetic capabilities.
Overall, the defining feature of the coming decade will be ensuring the integrity and trustworthiness of information whether used in AI models, shared between partners or relied upon for operational decisions.
Data sovereignty, confidential computing and secure processing for AI will be increasingly important.
This is already being flagged by Gartner as a Top 10 strategic security trend for 2026.
Systems must be secure not only against today’s threats but those of the next decade and beyond, requiring the adoption of advanced encryption, quantum-safe methods, zero trust and resilient designs from the outset.
