At a time where the lines between the digital realm and physical warfare are becoming increasingly blurred, the role of cybersecurity in the defence sector has never been more critical.
This month Cyber Magazine speaks with a number of industry experts - Bernard Montel of Tenable, Mark Hughes from DXC Technology, Lauri Almann of CybExer Technologies and Elliott Wilkes at Advanced Cyber Defence Systems — each of whom offer an in-depth exploration of the multifaceted challenges and evolving strategies in fortifying the defence sector against cyber threats.
The need for cybersecurity in defence
“The defence industry is not the image of the armed forces that comes to mind,” begins Bernard Montel, Technical Director of EMEA for Tenable, emphasising that today's defence landscape is a far cry from traditional warfare. “Today our on-the-ground troops deployment is backed with high-tech technologies such as drones, used for surveillance, communications systems that allow data to be shared securely, satellites powering these channels and more.” Montel's words serve as a stark reminder that the defence industry has evolved into a complex technological ecosystem. “It’s akin to a house of cards. Any weakness can and will bring it all tumbling down,” he warns.
Mark Hughes, President of Security at DXC Technology, echoes this sentiment, adding a layer of urgency and outlining four pillars of cybersecurity in defence: maintaining operational integrity, protecting classified information, supply chain security, and deterring industrial espionage. “The defence industry is responsible for developing and maintaining critical military systems, infrastructure and communication networks. These systems are essential for national security, and any breach or compromise could have devastating consequences, including the potential for espionage, sabotage or theft of sensitive military information.
“A strong cybersecurity posture can serve as a deterrent against cyberattacks,” Hughes describes. “Knowing that a defence organisation has robust defences and the capability to retaliate in cyberspace can discourage potential adversaries from launching attacks. As defence systems become increasingly reliant on advanced technologies, such as artificial intelligence, IoT, and autonomous systems, the attack surface for cyber threats also expands. Keeping pace with technological advancements and securing these technologies is crucial.”
Lauri Almann, Co-founder of CybExer Technologies, brings another dimension to the conversation. “A tank, for example, is no longer just an armoured vehicle; it's also an intricate information system,” he notes. Almann underscores the need for heightened cybersecurity measures, especially in cloud solutions and electronic warfare systems.
“Several threat vectors underscore the crucial role that cybersecurity plays, including command and control systems, remotely piloted systems and various electronic warfare systems, all of which are pivotal on the modern battlefield.
“Moreover, cloud solutions are a critical consideration in defence operations, demanding heightened cybersecurity measures.”
Elliott Wilkes, Chief Technology Officer at Advanced Cyber Defence Systems, meanwhile offers a sobering perspective which sums up the levels of criticality in cybersecurity in defence. Quoting a senior US General, he says: “The next war won’t be won with cyber investments but if we don’t invest, the next war will absolutely be lost due to cyber.”
The dangers of insider threats
As Montel cautions, when we talk about insider threats we automatically think of rogue employees, but the danger is far more sinister, with external threat actors often exploiting privileged positions within organisations. “It's imperative organisations understand the threat from privileged user accounts and take steps to identify the potential attack path routes through the environment attackers could use to successfully infiltrate critical systems and steal sensitive data.
“By combining risk-based vulnerability management and active directory security, security teams can eliminate attack paths, ensuring attackers struggle to find a foothold and have no next step if they do.”
Hughes discusses the multi-pronged strategies employed to mitigate insider threats. “Organisations across the defence industry are using a diverse strategy to strengthen their defences against insider threats. Some of these strategies include implementing strong access controls, such as multi-factor authentication, role-based access control, and the principle of least privilege.” Hughes also mentions the importance of monitoring employee activity, supported by user behaviour analytics (UBA) systems.
“Additionally,” he adds, “frequent security awareness training for army personnel is becoming more common, equipping them with the skills to recognise and report suspicious conduct as well as grasp the intricacies of insider threats. Beyond training, organisations across the defence industry are establishing a security culture in which staff are encouraged and empowered to report any abnormalities and security is embedded as a top organisational priority.”
Almann adds that the defence industry employs a spectrum of strategies to safeguard against insider threats, from traditional IT solutions like data leak prevention to more complex counterintelligence operations.
Global collaboration: The new norm
As Almann notes, in the context of global cyber threats, defence agencies worldwide are increasingly collaborating and sharing intelligence to counteract shared threats.
Improvements in global intelligence sharing are clear, for example in the case of initiatives like the European Defence Agency’s MilCERTs exercise. “The exchange of information has improved, and initiatives are actively addressing information-sharing challenges, working toward greater efficiency in this crucial aspect of cybersecurity.”
Wilkes discusses the surge in multilateral organisations like NATO. “An interesting result of Russia’s invasion and the war in Ukraine is that multilateral organisations like NATO have had a surge in interest, energy, and funding, in the past two years,” he observes.
“What is also interesting is looking towards the US and UK partnerships in Asia, as the West looks to bolster relationships with countries in the region, to provide a counterbalance to China.”
As Wilkes explains, the great majority of intelligence sharing, by its very nature, won’t be public. “That said, there are more and more instances of multilateral attribution notices in which a variety of cyber security organisations, across a number of countries, jointly call out criminal or malicious behaviour in cyberspace. We saw this a few months ago with efforts by China to infiltrate critical systems in Guam and elsewhere, publicly named and called out by five countries.”
Preparing for the cyber frontier
Almann concludes that the defence industry is preparing for potential large-scale cyber conflicts through extensive exercises, meticulous planning, and the implementation of innovative solutions like cyber ranges and digital twins.
“Exercising is a critical aspect, and it's crucial to understand that throwing money at the problem won't suffice,” he says. “Instead, smart solutions like cyber ranges, digital twins, and capability development are being employed. Cyber ranges, in particular, enable realistic simulations of cyberattacks, providing invaluable experience to enhance readiness when real cyber threats arise.”