By Isabella Egerton
Western governments and NATO allies remain dangerously exposed because cyber security, counter-drone operations and missile defence are still being treated separately, despite modern warfare increasingly merging all three domains, a new report has warned.
The report, entitled Converging Defences, argues that the war in Ukraine and the ongoing war between Iran, Israel and the United States have exposed how cyber-attacks, drones and missile strikes are being used together to overwhelm both military and civilian infrastructure.
Published by the defence and security company Collective Defence, the report states: “The electromagnetic spectrum is now a battlefield. Jamming a Starlink terminal, spoofing a drone’s GPS signal, and launching a cruise missile at a power substation are not separate events; they are acts in the same operational sequence.”
The paper describes the Russia-Ukraine war as “the world’s first hybrid air-cyber campaign”.
Russia launched more than 14,000 drone and missile strikes against Ukraine in 2024 alone, including around 11,162 drones and 3,063 missiles, while simultaneously maintaining cyber access to Ukrainian energy, telecommunications and railway networks.
Russian operations repeatedly combined cyber intrusions with kinetic attacks to degrade Ukraine’s situational awareness and slow recovery efforts.
The paper highlights the October 2022 assault on Ukraine’s energy infrastructure, when Iranian-supplied Shahed-136 drones and Kalibr cruise missiles damaged around 30 per cent of the country’s energy network in a single day.
Cyber intrusions into Ukraine’s grid management systems had reportedly been active for weeks before the strikes took place.
Ukrainian units integrating cyber threat intelligence directly into air defence command systems were reportedly able to recover faster following electronic warfare disruption.
“Domain fusion is not a theoretical benefit; it is a measurable operational advantage,” the paper states.
The whitepaper also examines Iran’s April 2024 attack on Israel involving more than 300 ballistic missiles, cruise missiles and drones.
The Israeli Defence Forces report an interception rate exceeding 99 per cent, but the operation exposed the scale and cost of defending against integrated attacks.
The interception effort required Israeli Arrow, David’s Sling and Iron Dome systems operating alongside United States Navy destroyers, Jordanian air defences and coalition intelligence networks.
Bloomberg and Reuters estimates suggest the defensive operation cost around $1 billion, substantially more than the estimated cost of the Iranian strike itself.
Later regional escalations were also linked to Iranian cyber operations targeting United States and Gulf defence contractor networks.
Groups including APT33 and APT34 allegedly sought access to logistics timelines and system vulnerabilities ahead of physical military operations.
“The lesson is not that layered missile defence is ineffective. It demonstrably works,” the paper states. “The lesson is that it works only under conditions of complete integration: shared intelligence, unified command architectures, and cyber security hardening of every node in the kill chain.”
The document identifies a “convergence gap” across Western defence structures.
Cyber security agencies, missile defence operators and aviation security bodies often operate under different ministries, rely on separate intelligence streams and function at different classification levels, creating delays during fast-moving attacks.
The paper cites the 2022 cyber-attack on Viasat’s KA-SAT network, which disrupted Ukrainian military communications during the opening stages of Russia’s invasion, as an example of how cyber operations can undermine wider defence systems.
Electronic warfare has also emerged as a major vulnerability because counter-drone systems rely on the same radio frequency environment used by cyber monitoring systems and missile defence communications.
Critical infrastructure has emerged as another major weakness.
Energy grids, telecommunications networks, water systems and transport hubs are increasingly targeted because attacks can trigger wider political and economic disruption.
Much of that infrastructure remains privately operated and was not designed to withstand sustained nation-state cyber and kinetic attacks.
“National resilience cannot be built on the assumption that critical infrastructure operators will self-organise their defence,” the paper states. “The threat they face is state-grade. The response must be state-coordinated.”
The whitepaper proposes a framework centred on intelligence sharing, hardened missile defence systems and deeper cooperation between governments and private infrastructure operators.
Recommendations include combining cyber, missile and counter-drone intelligence into a single operating picture and expanding exercises simulating coordinated cyber and missile attacks.
NATO’s Integrated Air and Missile Defence framework, the European Union’s NIS2 Directive and the United Kingdom’s proposed Cyber Security and Resilience Bill are highlighted as steps towards greater convergence.
Collective Defence says governments and critical infrastructure operators must move towards integrated defence architectures capable of responding to simultaneous cyber, drone and missile threats.
“The nations that build converged defence architectures now will not merely be better protected,” the paper concludes. “They will define the standards, the doctrines, and the industrial partnerships that shape collective security for the next generation.”
