Britain Rewrites Its Crisis Playbook: AI Crime and Extreme Heat Force a Two-Decade Overhaul
The UK government is updating classified national emergency plans last revised in 2004 and launching a public awareness campaign to prepare citizens for cyber-attacks, extreme weather, and AI-assisted crime.

Britain's government announced in mid-2025 that it is overhauling the country's classified national crisis plans and launching a wide public awareness campaign to help ordinary citizens prepare for cyber-attacks, severe weather disruption, and other emergencies.
Why Now?
Two threats pushed officials to act. First, the UK recorded broken temperature records in May 2025, only for those records to fall again in June. Second, ministers flagged that artificial intelligence is giving criminal groups new capacity to run cyber-attacks at greater scale and speed than human operators alone could manage. Neither threat was adequately anticipated in the plans currently on the books.
Those plans, known internally as "war books," are the UK's step-by-step instructions for how officials respond when a crisis gets bad enough to require coordinated national action. The last revision happened in 2004. To put that in context: YouTube launched in 2005, the first iPhone shipped in 2007, and modern cloud infrastructure barely existed. The threat landscape those plans were written for is unrecognisable today.
Operation Albiston Shadow
Alongside the public campaign, ministers are running a multi-day exercise called Operation Albiston Shadow. Its purpose is to stress-test how effectively the UK can respond to a hybrid attack, one that combines physical disruption with simultaneous digital sabotage. Think: a power line is cut at the same moment an attacker compromises the control systems used to reroute electricity. Each action makes the other harder to recover from. That kind of coordinated assault is not a theoretical scenario. The Verizon 2024 Data Breach Investigations Report noted that system intrusion and social engineering remain the dominant attack patterns against critical infrastructure, and the gap between initial compromise and full impact keeps shrinking.
What a Cyber-Attack Looks Like From the Kitchen Table
It is easy to think of a cyber-attack as something that happens to a company's servers in a data centre. The public campaign is designed to change that perception. When attackers hit energy grids, water treatment systems, or telecoms networks, the consequences show up in homes: no power, no running water, no phone signal, no ability to pay for food electronically. You do not need to have clicked a bad link for your daily life to be seriously disrupted.
The government has not yet published the full preparedness guidance, but the framework mirrors international norms. Practical steps typically include keeping a small reserve of bottled water, holding some physical cash, owning a battery-powered or hand-crank radio for emergency broadcasts, and having a simple plan for how your household communicates if mobile networks go down. The UK government's own preparedness pages at gov.uk/prepare are expected to carry more detailed guidance once the campaign launches formally.
The Control That Failed Long Before the Attack
From a security perspective, the more instructive story here is not the new campaign itself. It is what the 2004 war books reveal about planning hygiene. Organisations, and governments, routinely treat foundational documents as one-time deliverables rather than living controls. A crisis response plan that has not been tested, challenged, or updated for 21 years is not a plan. It is a historical document. The same failure pattern appears in corporate incident response playbooks, network architecture diagrams last touched during a previous IT refresh, and business continuity procedures that still reference telephone trees instead of encrypted messaging platforms.
The gap between the threat environment those plans were built for and the threat environment that exists today is precisely where attackers operate. AI-assisted attack tooling did not exist in 2004. Cloud infrastructure was not a target. Ransomware as a service was not a business model. Every year that a foundational control document goes unreviewed, the distance between what it prescribes and what defenders actually need grows wider.
The Human Layer Is Still the First Line
Governments cannot harden every individual home, but they can raise the baseline awareness that makes populations harder to manipulate and faster to recover. That is the explicit goal of the public campaign. The connection to organisational security is direct: employees who understand how a cyber-attack disrupts critical services are employees who take phishing simulations, password hygiene, and MFA adoption more seriously, because the stakes feel real rather than abstract. Security awareness training that contextualises threats, rather than simply drilling compliance checkboxes, consistently produces better outcomes. Train2Secure's scenario-based modules are built around exactly that principle: making the real-world impact of a breach tangible before an attacker does.
What Defenders and Organisations Should Take From This
The UK government's move is a signal, not just a policy announcement. If national crisis plans needed a 21-year update, ask when your own incident response plan was last reviewed. Ask whether it accounts for AI-assisted phishing, for ransomware that encrypts backups before encrypting production data, for supply-chain compromise routes that bypass your perimeter entirely.
The NIST Cybersecurity Framework prescribes continuous improvement of preparedness controls, not a set-and-forget approach. "Recover" and "Respond" functions are only as good as the last time they were exercised under realistic conditions. Operation Albiston Shadow is a government-scale tabletop exercise. Every organisation above a certain size should be running something equivalent, with cross-functional participants and scenarios that reflect current attack techniques, not the ones that were common two decades ago.
Four practical actions sit at the top of the priority list. Review and update your incident response plan against current threat intelligence, at minimum annually. Run a hybrid-scenario tabletop exercise that combines a technical breach with a physical disruption, because attackers increasingly combine both. Audit whether MFA is enforced across every privileged account and every identity provider in your environment. Train staff on AI-generated social engineering, because the volume, personalisation, and grammatical quality of AI-assisted phishing has already erased many of the traditional warning signs people were taught to look for.
Britain's decision to rewrite its war books is overdue. The harder question for every CISO, IT manager, and operations lead reading this is whether their own playbooks are any more current.
Is your incident response plan as outdated as Britain's war books were?
- Review your incident response and business continuity plans against current AI-assisted attack techniques, not just the threats that existed at last revision.
- Run a hybrid-scenario tabletop exercise combining a cyber breach with a physical disruption to expose gaps that single-vector simulations miss.
- Deliver contextual security awareness training that makes the real-world impact of critical infrastructure attacks tangible for every employee, not just the IT team.
Train2Secure's scenario-based training modules are built to close the human awareness gap before an attacker finds it.
Start free, no card requiredSources & further reading
Frequently asked questions
What are the UK 'war books' and why are they being updated?
War books are the UK government's classified, step-by-step instructions for managing national crises. They have not been revised since 2004, predating smartphones, cloud infrastructure, and modern ransomware. The update is being driven by AI-assisted criminal activity and increasingly severe weather events recorded in 2025.
What is Operation Albiston Shadow?
Operation Albiston Shadow is a multi-day government exercise designed to test the UK's ability to respond to a hybrid attack, one that combines physical infrastructure disruption with simultaneous cyber sabotage of the systems used to recover from that disruption.
How does a national cyber-attack affect people who have not been directly targeted?
Attacks on critical infrastructure such as energy grids, water networks, and telecoms can cut off power, running water, and phone signal for entire regions. Citizens do not need to have interacted with malicious content for their daily lives to be severely disrupted.
What should organisations do in response to the UK government's announcement?
Review and update your incident response plan against current threats, run hybrid-scenario tabletop exercises, enforce MFA on all privileged accounts, and train staff to recognise AI-generated phishing, which no longer carries the grammatical errors that older awareness training used as warning signs.



