CyberEM: The Invisible Domain Where Defence Fights Every Day

Overview

Most people think of warfare in terms of tanks, ships and aircraft. But there is a domain where the UK is already under daily attack — where adversaries probe, exploit and disrupt Defence networks, infrastructure and supply chains every hour of every day. The Cyber and Electromagnetic domain — CyberEM — is that domain, and the MOD regards it as foundational to modern warfare and Defence strategy.

CyberEM integrates two closely related areas of operations. Cyberspace operations encompass offensive actions such as disrupting or degrading adversary networks through the National Cyber Force, and defensive operations that preserve the MOD’s freedom of manoeuvre and protect critical infrastructure. Electromagnetic warfare covers operations across the electromagnetic spectrum, from signal jamming and directed-energy attacks to command and control suppression, signals intelligence and drone and missile disruption. Together, these capabilities — often termed Cyber and Electromagnetic Activities, or CEMA — are essential to all-domain information operations and a critical enabler of the Digital Targeting Web.

The MOD’s strategy positions CyberEM at the heart of digital transformation and warfighting advantage. It sees CyberEM as the contested, first-to-fight domain where adversaries — notably China and Russia — launch daily attacks on UK Defence, infrastructure, government and supply chains through espionage, sabotage and information manipulation. The domain is inherently dual-use, spanning both military and civilian spheres, and technological advances in AI and quantum computing continuously reshape the threat landscape.

Strategic Purpose and Objectives

A New Command for a New Domain

The MOD is addressing legacy risks in the cyber and electromagnetic space through major organisational reform. A new CyberEM Command is being established under Strategic Command, with initial operating capability targeted for the end of 2025. This new command will provide domain coherence for national cyber priorities and National Cyber Force tasking, command defensive operations and set the demand for offensive cyber operations, govern cyber and electromagnetic warfare capability and standards for the whole force in alignment with NATO, and provide conceptual and force development insights at the MOD’s main strategic headquarters.

CyberEM Command’s whole-force model will leverage military, civilian and Reserve skills, with personnel trained as part of the new Digital Warfighter group. The command structure reflects a recognition that cyber and electromagnetic operations cannot be managed as a niche specialism bolted on to traditional force structures — they must be integrated into the fabric of Defence at every level.

On the acquisition side, the Digital Backbone and the Digital Commercial Strategic Roadmap drive secure, integrated cyber capabilities. Procurement prioritises rapid adoption and cyber resilience as the licence to participate in modern Defence — codified through standards such as DefStan 05-138, DefCon 658 and DCC certification. Major investments in the pipeline include cyber platform as a service, SIEM re-procurement, advanced countermeasures for vehicles and dismounted forces, and substantial investment in CyberEM skills and education.

Budget and Financial Structure

Programme Value

CyberEM does not carry a single, discrete public budget figure. It forms part of the MOD’s multi-billion-pound annual cyber, digital and electromagnetic warfare investments. Major contracts in the pipeline include cyber platform as a service, SIEM systems, CyberEM support contracts, electronic countermeasures procurement, education and upskilling, and offensive and defensive operational procurements. The combined scale positions CyberEM as one of the most significant and fastest-growing areas of Defence spending.

Budget Division and Holder

Budget responsibility is distributed across several organisations. MOD Defence Digital owns strategy, commercial oversight and cyber programmes. Strategic Command leads through CyberEM Command. DE&S manages CEMA platform and equipment acquisition. The National Cyber Force handles offensive operations. MOD Commercial and the CIO provide governance and standards. Budget holder responsibility is shared between Defence Digital, Strategic Command’s CyberEM Command leadership, the National Cyber Force for tasking and delivery, DE&S for equipment and countermeasure procurement, and MOD Commercial for contract management.

Procurement and Acquisition

Acquisition Pipeline

CyberEM programmes are tracked in the acquisition pipeline under several headings: CyberEM Command establishment in 2025, the cyber resilience programme, SIEM re-procurement, cyber and electromagnetic warfare support contracts, vehicle and dismounted countermeasures, and digital backbone cyber enablement. The breadth of the pipeline reflects the domain’s cross-cutting nature — CyberEM touches every aspect of Defence from platforms and communications to personnel and supply chains.

Tender Information

CyberEM Command is targeted for initial operating capability by the end of 2025. Platform and SIEM re-procurement is planned for 2025–2027. Vehicle and dismounted countermeasures contracts are ongoing. CyberEM support partner contracts are tendered through the Defence Sourcing Portal, with a continuous cyber and electromagnetic warfare capability refresh cycle. Tender references are held within Defence Digital, Strategic Command, SIEM and cyber resilience procurement lines, with DefCon, DefStan and DCC certification requirements embedded in all tenders.

Why It Matters

CyberEM is critical for the MOD’s warfighting agility, capability development and national resilience. It directly supports lethal, integrated and deterrent operations, provides the foundational underpinning to the Digital Targeting Web, and represents the initial and persistent battleground in modern conflict. The creation of a dedicated CyberEM Command reflects the MOD’s recognition that this domain is no longer a supporting function but a warfighting domain in its own right — one that requires the same organisational weight, investment and attention as land, sea, air and space.

The implications for the wider Defence programme are profound. Every digital system, every network, every cloud platform and every data service that the MOD fields is a potential target for cyber attack. CyberEM is the domain that defends them all. Its success or failure will determine whether the MOD’s broader digital transformation delivers operational advantage or creates new vulnerabilities for adversaries to exploit. Rapid capability adoption, advanced workforce development and adherence to cyber resilience standards are not optional extras — they are foundational to securing operational and national advantage.

For industry, CyberEM represents one of the fastest-growing and most consequential areas of Defence procurement. Demand spans cybersecurity services, SIEM platforms, electronic countermeasures, offensive and defensive cyber tools, AI for threat detection, workforce training, secure communications and supply chain security. The domain’s cross-cutting nature means that virtually every Defence programme has a cyber dimension, creating opportunities for specialist cyber companies, established defence primes and innovative technology firms alike. The establishment of CyberEM Command and the associated procurement pipeline signal that this market will only grow in scale and significance.

‍