Writing for Defence Online, Charles White, CEO of Information Risk Management discusses the evolution of cyber security.
Do you remember the first time you heard the term “cyber”? It used to be a thing of the future – a word used in the realms of science fiction that conjured up images of droids and driverless vehicles when it first appeared more than half a century ago. The term “cybersecurity” initially involved rudimentary firewalls and security for programmes on CD-ROMs. How things have changed. Fast forward to today and the term is synonymous with use cases around hacking and dangerous confrontations.
In the world of cybersecurity and defence, the industry is rapidly seeing the convergence of internet technology with operational technology. Manufacturers, businesses and the armed forces globally are harnessing the benefits of rapid automation to improve productivity and defence. By enabling devices and the proliferation of the Internet of Things (IoT), the defence industry has harnessed the power of connectivity to massively increase functionality and make improvements to almost every facet of defence strategy.
Planes, drones and submarines
Innovations in hardware and software, along with artificial intelligence (AI), have paved the way for the development of powerful technology-driven tools such as the dramatic advancements in drone technology. Airborne military drones have helped nations gain aerial intelligence while fully autonomous underwater submersibles laden with sophisticated systems have delivered cargo to naval crews.
Modern weapons contain highly advanced computer systems to enable their functionality and to make them more automated, easier to control, more accurate and more effective for operational requirements. However as new devices and technologies come online and are adopted by the military establishment, they are subjected to cyber threats alongside traditional physical security threats. This new invisible form of warfare has already commenced.
As recent as last month, the world witnessed this in full effect when the United States launched a cyberattack on Iranian weapon systems. There have been reports of previous cyber incursions, but this was widely seen as a game-changer. A nation state was actively looking to exploit vulnerabilities in military equipment and where warfare could increasingly look like a loss of connectivity — rather than a loss of life.
Now you see me…
Cyberattacks are now seen in the same light as acts of war and have driven the need to create cyber units in the military, such as the UK’s Joint Cyber Reserve Force. Indeed, this was the first offensive show of force since the U.S. Cyber Command, part of the U.S. Department of Defense, was elevated to a full combatant command in May this year after being given new authority by President Trump.
The offensive cyber-strike that disabled Iranian computer systems were used to control rocket and missile launches. This is a real example of how the military has adapted to technological advances, underscoring the essential need for armed forces to develop robust cyber offensive and defensive capabilities as part of their arsenal.
There are other high-profile examples of where cyberattacks may be considered an act of war, and this is currently an area of great debate. The Stuxnet code was almost certainly created by a nation state and was touted by many as the first cyber weapon. It was written with the sole purpose of disrupting a uranium enrichment programme.
To withstand these variants of attacks, every facet of the military now needs to ensure that the tools and techniques at their disposal are designed and built with cybersecurity threats in mind. The design and assurance activities that were applicable to traditional IT need to be adopted where these architectures are now a part of complex weapon systems and other military devices that are becoming heavily reliant on technology. It is an absolute given that cyberattacks are here to stay. Nations will exploit online vulnerabilities.
With the adoption of technological advances, such as IoT and AI, come new cybersecurity considerations that need to be controlled and mitigated. Alarmingly, security experts have found that even modern military devices such as drones have security flaws in critical mechanisms that could be exploited by an adversary. Even communications systems – via the internet, radio and other airborne transport mechanisms – have shown vulnerabilities. The speed of adoption of new technologies should not come at the expense of cybersecurity, especially in defence.
Peekaboo – now I don’t see you
“Cyber” has entered the lexicon of modern warfare through the use of cyber Tactics, Techniques and Procedures (TTPs). And in many ways, the evolution of how “cyber” has been used in both defence and offence mirrors the evolution of warfare and weapons themselves. Initially it was hand-to-hand combat. Then, as gunpowder gave rise to more powerful weapons that could be shot from a distance, adversaries began moving farther and farther away from the battleground. With cyber threats, the theatre of war continues to change.
Cyberwarfare is truly invisible. An attack can be carried out from anywhere – thousands of miles away or a few doors away. The future of warfare now depends on a military’s ability to rapidly modernise and meet a series of invisible threats. For military decision makers, out of sight is not out of mind.
If you would like to join our community and read more articles like this then please click here.