Project Officer of Cyber Defence Technology at the European Defence Agency, Salvador Llopis Sanchez, provides a detailed look at the landscape of military operations in the age of digital transformation, in light of cyber crime and cybersecurity breaches.
The rapid adoption of information technologies has led to increased risks of cyber-attacks and, with thus, an increased awareness of cybersecurity concerns; defence measures need to keep up with the pace of this fast-evolving environment. Cyber defence for the armed forces aims to ensure the availability and access to a secure cyberspace by providing robust and resilient capabilities. Cyber capabilities are focused to prevent, detect, defend and respond to cyber-attacks that may affect military networks and systems and which effects may change the course of military operations. Cyber defence is more than simply protecting Communications and Information Systems (CIS).
A military response to cybersecurity
As defence capabilities are increasingly interconnected, the need for improved resilience becomes ever more important. Military platforms in the maritime, land, air and space domains require an assessment of their specific threats and the development of appropriate protective measures within current and future capabilities. Cyber defence must become mainstream and be a “first thought” when addressing capability projects, for instance, to be included in the systems engineering approach already in the design phase. Failing to do so will most likely result in increased costs due to retrofitting efforts and increased likelihood of system vulnerabilities.
The military is taking steps to increase their understanding of cyber defence challenges, leading to better integration into the operational planning process. This understanding can be improved through the assignment of resources to education, training and exercises at all levels, addressing the lack of understanding of cyber defence operational implications.
Ensuring the progression of cyber defence projects
Cyber defence research activities are influenced by several differentiating factors. On one hand, embracing innovation means accepting the risks of failure. Mistakes have, in the past, sometimes lead to successful achievements in the long run. This does not mean that the innovation process is out of control: there is a traditional assumption that errors should be avoided, leading to a cultural risk avoidance. As a result, projects are not started, and ideas are not developed unless there is a high certainty of achieving success.
On the contrary, some research projects should be taken to the end with a failure: unexplored approaches may solve common problems from a different perspective, resulting in tangible results and disrupting innovation, against all initial forecasts.
Cybersecurity research and technology
The main purpose for the cyber R&T is, therefore, to mitigate possible risks in addressing full operational capabilities, maintaining a highly open mindset. Technology demonstrators are one possible approach; when designed as experimental testbeds, technologies can mature up to a high-enough technology readiness level to assess the impact and inform follow-up capabilities.
The military must incorporate cyber defence aspects in their thinking and work. The digital transformation of the armed forces is a much-needed process and there is no turning back. Cyber defence is an important field to operations, but it will still take some time to build a military doctrine in support of operations in cyberspace, due to its novelty. In understanding the operational implications of cyberspace, we must fundamentally rethink the meaning of cyber defence and which military research activities will be required to provide solutions to the challenges ahead of us.
Salvador Llopis Sanchez
Cyber Defence Technology
European Defence Agency
This article will appear in Government Europa Quarterly issue 26, which will be published in July, 2018.