Become a TechRadar Insider
The UK’s critical national infrastructure (CNI) is entering a converged threat era - one where cyber, physical and aerial risks are overlapping attack surfaces targeting the same high-value assets. Furthermore, data centers have been formally designated as CNI, elevating both their strategic importance and their exposure to attack.
Historically, organizations responsible for critical assets have approached security in distinct domains, silos maybe. Cybersecurity teams protect networks and data, physical security teams manage access control and perimeter protection and airspace, in most cases, has remained largely ungoverned - until the past decade or so.
Director of sales & marketing at PFL Access Management.
But the structure, and manner of threats, has evolved somewhat. According to the UK’s National Cyber Security Centre, (NCSC) the country is now facing around four nationally significant cyber incidents per week, many linked to hostile state activity. At the same time, geopolitical tensions are increasingly playing out through infrastructure disruption - both physical and digital.
We are living in the converged threat era, and attackers are not constrained by organizational silos any longer, rather they are actively exploiting the gaps between them, and hybrid threats - whether state-backed, or criminal - are combining multiple factors to achieve their objectives.
Hybrid threats in practice
A typical campaign might begin with cyber reconnaissance, identifying vulnerabilities in IT infrastructure or operational technology (OT) environments. This may be followed by physical surveillance, potentially conducted via drones, to map access points, movement patterns, or security weaknesses.
Drone incidents near sensitive UK sites have more than doubled year-on-year, demonstrating low-cost, accessible technology can now bypass traditional perimeter controls entirely. And the physical infrastructure underpinning the digital economy remains exposed - with 95% of global data traffic dependent on subsea cables vulnerable to disruption.
Securing distributed, high-value infrastructure
For CNI environments, which are often lightly staffed, and in remote or hard to reach locations, the security challenges have escalated. Data centers are a prime example. While they underpin the digital economy, many operate with minimal on-site personnel, relying on remote management and automation.
There are now between 11 and 12,000 data centers globally, supporting everything from financial services and cloud computing to AI workloads and critical government systems. In the UK alone, the sector generates around £4.7 billion in annual gross value added (GVA) and supports more than 43,000 jobs, with projections suggesting it could unlock a further £44 billion in economic impact by 2035. However, this has also made them increasingly attractive targets.
Recent incidents highlight this growing risk. In 2024 and 2025, several high-profile cyberattacks targeted data center operators and cloud providers, disrupting services and exposing vulnerabilities in interconnected systems.
Many modern facilities are designed to run on remote monitoring, automation and centralized control systems. While this delivers efficiency, it also creates conditions where threats can go undetected for longer periods. This is the same with other areas of CNI, including energy infrastructure, transport networks and logistics hubs with remote assets and reduced human presence all contributing to expanding risk.
State-backed groups increasingly operate through intermediaries, such as criminal networks, to allow them to obscure their involvement while still achieving their objectives. Likewise, those with a purely criminal intent are adopting techniques traditionally associated with nation states, further blurring the lines.
To combat this, we are now seeing how organizations approach potential threats that are coordinated, adaptive, and designed to exploit both technical vulnerabilities and organizational blind spots.
Despite this shift, many security strategies are fragmented, and physical security systems often operate independently of cybersecurity platforms. Access control data is not always integrated with wider threat intelligence, and airspace monitoring, where it exists, is rarely connected to ground-based systems outside governmental and military circles.
In converged threat environments, this becomes a liability, because an isolated access control system may detect unauthorized entry, but without integration into broader monitoring frameworks, it cannot provide context. Furthermore, a cybersecurity platform may identify unusual network activity, but without visibility of physical access points, it may miss a critical link in the chain.
The same applies to drone activity; detection alone is insufficient if it is not connected to incident response protocols or wider security systems.
A multi-layered, intelligence-led model
We’ve moved forward rapidly to tackle this, however, and security is evolving into a multi-layered, intelligence-led model, reflecting the reality of hybrid threats and converged risk.
At ground level, this now looks like robust perimeter protection and intelligent access control. Modern systems go beyond basic entry management, incorporating real-time data, identifying verification, and integrating with wider security platforms. The goal is a 360 view of control access, where we have a full understanding of it, who is on site, why, and whether that activity aligns with anticipated patterns.
The CNI community and security suppliers are also on the front foot in addressing the growing airspace gap. Counter-UAS (unmanned aerial systems) capabilities, including drone detection and mitigation, are becoming essential to CNI security.
Equally important is the digital layer, with continuous network monitoring of IT and OT environments providing visibility into network activity, system performance, and potential compromise. In sectors such as energy, transport and data centers, where operational systems are increasingly connected, this visibility is essential to maintaining both security and resilience.
This enables organizations to achieve real-time situational awareness, where data from multiple sources is collected and analyzed to provide a comprehensive view of risk. An access control event can be linked to network activity and drone detection can trigger automated responses across physical and digital systems - and ultimately, patterns can be identified.
This approach is increasingly aligned with the direction of policy and regulation across governments and international bodies. This includes NATO and the EU, which are placing greater emphasis on the protection of CNI, given the economic and political importance of such assets.
Perimeter defense alone is no longer sufficient, nor is a purely cyber-focused strategy. Instead, organizations will continue to adopt a layered approach that recognizes the interconnected nature of modern, hybrid threats, and infrastructure.
Protect yourself with the best firewall software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit