Salvador Llopis Sanchez, project officer of Cyber Defence Technology at the European Defence Agency, discusses how rapid technological advancement has impacted on Europe’s cyber defence strategies.
To ensure that the work on cyber defence is entirely aligned with member states’ needs and requirements, the EDA Project Team Cyber Defence (PT CD) was established in 2011 – a group of governmental representatives responsible for driving a portfolio of activities coming out from the cyber defence strategic context case and endorsed by the EDA’s Steering Board – its governing body. The PT CD is a capability expert group which assesses and agrees common requirements, identifies shortfalls and contributes to collaborative projects.
In 2016, EDA committed dedicated resources to also address cyber threats in the air domain, in the background of Single European Sky and the increase of digitisation in air capabilities. An integrated approach ensures that cyber defence and domain-specific cyber defence efforts for the air domain stay aligned. In the same year, member states established a Cyber Research and Technology Working Group within the EDA framework, focused on developing and keeping a Cyber Defence Strategic Research Agenda (SRA) up to date.
Working in response to the Cyber Defence SRA
The Cyber Defence SRA is a document that introduces a technical field; it is linked to the military capabilities and the technical base required to provide future solutions and is intended to provide strategic guidance for research and technology (R&T) priorities.
The EDA Capability Development Plan in 2014, currently under revision, established a priority action “countering cyber threats”, recognising the importance of cyber defence in two main work strands:
- To build a military cyber defence workforce; and
- To ensure the availability of state-of-the-art cyber technology.
The CDP led to the promotion of activities to address the challenges on education, training and exercises, along with the preparation and subsequent launch of collaborative projects on capabilities and research.
Fostering cyber defence research and innovation
In 2016, a major EDA initiative started to link capability development with research efforts. The Overarching Strategic Research Agenda (OSRA) is a prioritisation instrument to harmonise strategic research agendas with member states’ operational needs and requirements. In addition to the bottom-up process of identifying common areas of R&T interests – the so-called technology push process – a top-down capability pull process is foreseen, linking operational requirements directly to technologies in a systematic and traceable manner and, moreover, leads towards the development of a European OSRA.
Cyber defence contributed to that approach with the identification of R&T topics and their translation into technology building blocks, as a cluster of technologies and technological developments that together enable functionality and provide a solution for one or more capability gaps. To complement this, EDA is pursuing technology foresights as a tool to identify new technology trends by providing detailed analysis in a specific research area.
The availability of complete data sets to test and validate cyber defence applications, prior to operational implementation, is a recurring shortfall; Considering the rapid pace of technological evolution, speed is a critical factor for fielding emerging technologies contained within the cyber defence SRA in a timely response to operational needs. The availability of complete data sets to test and validate cyber defence applications, prior to operational implementation, is a recurring shortfall; using complete and readily available data sets is a key element to establish further implementation.
Leading projects for military forces
EDA’s ad hoc projects are underway to ensure that EU military forces are well-equipped to conduct CSDP missions and operations. Examples of collaborative research activities are Cyber Situation Awareness Packages (CySAP), malware detection and deployable cyber forensics.
CySAP aims to integrate a group of technologies into a single platform to provide situation perception, understanding and future projection. It will provide military commanders with a cyber decision-support analysis tool to manage risks and cyber threats during the planning and execution phases of an operation. It will also enable headquarters’ staff to better visualise and interpret the threat landscape, as presented by the Security Operation Centre (SOC). The CySAP requires a collaborative interface arrangement with a SOC. Information provided by a SOC will feed a cyber operational picture, as defined within information exchange requirements and open interface standards.
The Malware Detection project aims to develop an operational prototype for early detection of Advanced Persistent Threats (APT). Digital Forensics for Cyber Defence comprises technologies that enable cyber defence analysts to collect information and conduct investigations in response to cyber-attacks.
The Cyber Ranges project will improve the use of existing and future facilities for conducting cyber defence training, exercises and testing. The latter is particularly interesting for research. Creating a simulation environment to test cyber products and services is paramount. Just as flight simulators train pilots on best practices about landing, taking off or managing unexpected situations, a cyber range can provide a hands-on learning experience to a cyber defender. Enhanced cyber situation awareness could make use of cyber range functionalities in modelling and simulation.
The Cyber SRA calls for research in emerging technologies such as artificial intelligence, or cyber resilience to name just a few; given their disruptive potential, it would be daring to predict their impact on defence.
Other promising candidates include machine learning – to increase resilience of command and control systems – and blockchain – to ensure confidentiality and integrity of military logistics, e.g. asset management and maintenance tasks, as well as to provide robust and secure tactical communications. Human factors are also considered a key research area because it deals with cyber operators’ cognitive and behaviour aspects, e.g. attention and stress management. Research findings may improve incident handling processes and provide more insight into the human-machine interaction.
The central role of the European Defence Agency
The EDA is a central hub for co-operation which connects different stakeholders including innovators performing cutting-edge research activities with the aim to inform them about the real and future challenges facing the EU military forces. Consequently, EDA organises regular “Cyber Innovation Days” to provide expert working groups representatives with some examples of European research efforts in the cyber defence domain and to foster discussion between and within academia, industry and the armed forces on relevant research and emerging research topics. It is considered as one of the initiatives which facilitates necessary innovation in the cyber field. A series of workshops on specific technologies are held to keep member states’ representatives abreast of the state-of-the-art commercial and academic research.
Salvador Llopis Sanchez
Cyber Defence Technology
European Defence Agency
This article will appear in Government Europa Quarterly issue 26, which will be published in July, 2018.