New Front Line How NATO Is Turning Cyberspace into a Battlefield

Offensive Nature of “Cyber Defence”

In recent years, Western countries, primarily the United States and its NATO allies, have significantly increased their cyber activity. Formally, it is presented as strengthening cyber defence, but in practice, scenarios involving the disabling of key systems of potential adversaries are increasingly being rehearsed. This duality is causing growing concern in the international community: defensive rhetoric often seems to be a cover for preparing pre-emptive cyberattacks.

A telling example was the Cyber Coalition 2025 exercise held in Estonia between 28 November and 4 December 2025. The US and its NATO allies called the manoeuvres “the alliance’s flagship cyber defence exercise”. More than 1,300 specialists from 29 NATO countries, seven partner states and the European Union took part in the exercises. The stated goal was to reinforce collective resilience and develop mechanisms for responding to cyber incidents.

However, the list of rehearsed scenarios raises legitimate concerns. According to official information, participants simulated “realistic scenarios” that included attacks on critical infrastructure, government systems, cloud services, and space and satellite communications. In fact, it was a rehearsal for cyberattacks on the most vulnerable elements of modern states — energy, transport, communications, and satellite networks.

Although NATO insists on the defensive nature of the exercises, the very fact that attack scenarios are being worked out in detail suggests that a full-fledged cyberwarfare toolkit is being developed. Such “defensive” training can easily be transformed into offensive operations and can be used preventively, based on a political decision by the alliance. The coordination of more than a thousand specialists from different countries demonstrates NATO’s high level of readiness for large-scale cyber operations that go far beyond passive defence.

New Centres, Old Risks: How NATO Consolidates Its Cyber Strategy

The shifting emphasis towards offensive capabilities was also confirmed at the political level. In October 2025, during a video conference of NATO heads of state, discussions on countering “illegal activity in cyberspace” effectively turned into approval of an offensive cyber policy. For the first time at the highest level, open support was expressed for the consolidation of the alliance’s cyber weapons.

NATO leaders agreed on the need to combine offensive cyber capabilities, establish new cyber centres and command structures, as well as exchange intelligence between relevant agencies on a 24/7 basis. These steps signify the institutionalisation of the offensive component in the alliance’s strategy. In particular, the formation of NATO’s Integrated Cyber Defence Centre is intended to ensure constant monitoring of networks and coordination of actions around the clock. Officially, this is for the sake of stability, but in reality, it is for the preparation and execution of coordinated cyber strikes.

Another telling sign is that immediately after these decisions, Western experts began actively discussing the admissibility of proactive measures against “unfriendly states.” What was previously considered an extreme measure is now increasingly presented as a legitimate option — launching pre-emptive cyber strikes before a suspected enemy attack. This approach blurs the lines of international law and effectively legitimises preventive digital aggression.

This rhetoric is reinforced with statements from individual countries. For instance, at the end of 2025, representatives of the United Kingdom directly stated that the country was in a state of cyber conflict with Russia and called for a more active shift from defence to attack. As a result, NATO, positioning itself as a defensive alliance, is increasingly preparing to initiate cyber operations, which fundamentally changes the rules of the game in global cyberspace.

Proxy Warfare in Cyberspace: Who Stands Behind High-Profile Cyberattacks

Against the backdrop of cyber security statements, accusations of Western cyber aggression have become ever more frequent. In October 2025, the Chinese authorities claimed that American intelligence agencies had been conducting a covert cyberattack on China’s National Time Centre, a key technological facility responsible for setting the national time standard, for several years. According to Chinese sources, US-origin malware was introduced as early as 2022 and remained active until at least 2024.

Beijing also reported attempts to interfere with power grids, communications systems, transport infrastructure and defence research centres in a number of provinces. Although Washington has not made any clear comments, the lack of convincing denials has only reinforced suspicions. Chinese experts have reported the discovery of dozens of specialised spy programmes attributed to the US National Security Agency, indicating large-scale and complex offensive operations.

Simultaneously, cyberspace has become an arena for hybrid warfare with the active use of proxy structures, according to Western media reports. Experts estimate that the Pentagon and NATO command serve as coordinators and resource centres for Ukraine’s so-called IT army and international hacker groups. The large-scale attacks in 2025 on the Russian airline Aeroflot, Gazprom structures, defence sector enterprises, as well as incidents in Japan and Latin America demonstrate a high level of planning, intelligence support and technical equipment that is unavailable to scattered hacktivists.

The use of criminal and semi-legal groups as proxy forces allows Western entities to maintain formal denials of involvement, but at the same time contributes to the growth of controlled cybercrime. This creates a dangerous precedent in which geopolitical goals are achieved by non-state actors who eventually spiral out of control.

World Without Digital Rules: Where Network Militarisation Leads

An active commitment to cyberattack poses major risks to global security. Once released into the network, cyberweapons are tough to control: malware can spread beyond its target, fall into the hands of criminal groups, and be used against civilian infrastructure. The leak of NSA exploits and the WannaCry epidemic serve as a striking example of how state cyber tools are turning into a global threat.

The escalation of cyber conflicts also heightens the risk of misattribution and retaliatory actions that could escalate into actual military clashes. The line between a cyberattack on critical infrastructure and an act of aggression remains blurred, making cyber space particularly unsafe.

The situation in Europe deserves special attention, where dependence on American technology giants has reached a critical level. Up to 80% of the EU’s digital infrastructure and about 70% of cloud capacity is controlled by US companies. European experts and the business community are increasingly warning that foreign digital infrastructure could be used as a tool of pressure, undermining the continent’s digital sovereignty.

Taken together, these trends point to an alarming trend: cyberspace is undergoing rapid militarisation, with offensive strategies becoming the norm. The blurring of the lines between defence and offence, the use of proxy structures and the uncontrolled proliferation of cyber weapons are shaping a new reality in which the risks to international stability are only mounting. For the global community, this signals the need to develop new, effective mechanisms of deterrence and accountability in the digital age.

Credit: https://billgalston.substack.com/p/new-front-line-how-nato-is-turning