The impact of cybersecurity on the defence industry

We suggest that defence companies, contractors, and subcontractors invest in technologies at every level of the value chain to ensure they have unique and watertight cybersecurity products and strategies. This involves building cybersecurity into the design of systems, utilising AI to enhance analytics and threat detection, and training personnel to ensure they are not targeted.

The fierce competition for budgets means cost savings have never been more essential. A cyberattack that threatens to steal or leak sensitive defence information, or disrupts operations or supply chains, is not only damaging to reputation and national security, but is also expensive. The time and expertise needed to try and remedy a cyberattack can be financially devastating for defence companies and militaries. 

In 2021, Air Marshal Edward Stringer told Sky News that a cyberattack on the UK’s Defense Academy resulted in “costs to … operational output. There were opportunity costs in what our staff could have been doing when they were having to repair this damage”. In May 2020, EasyJet admitted a cyberattack had affected approximately nine million customers. It is only the deterrent of reputational damage to, and heavy fines for, large companies over GDPR breaches that will force organisations to better protect their customers’ data. 

In an IP commission report, the Director of National Intelligence estimated in November 2015 that all cyber-enabled economic espionage costs $400bn a year. Ensuring there are watertight cybersecurity systems and operations in place could, in the long term, save organisations a lot of money whilst also protecting national security. This is why many organisations are implementing a zero-trust security model as a long-term solution. 

Source: GlobalData Thematic Intelligence

The increasing array of sensors and other data streams that make up the OODA loop means there is an increasing number of connected devices which need to be cyber-secure. The Director of Operational Test and Evaluation in the US Department of Defence confirmed that “almost every weapon in the warfighter’s arsenal is software‐defined, and we are more likely to improve system lethality by installing new software than by modifying hardware”.

However, each software update can come with its own cybersecurity risk. Data in any format has always been a key discriminator on the battlefield, however, as it is increasingly relied upon in strategy and planning, any data breach would be a significant intelligence coup by an enemy force. The increasing collection and collation of data also mean that companies and militaries are outsourcing some of their data management and storage needs. This will accelerate the need for cybersecurity as bad actors which strategically hunt for potential intelligence, prefer to target smaller suppliers who feed into the largest defence contractors, rather than attempt to attack the larger companies which can have more established cybersecurity. 

Another area where cybersecurity will play an important role is in unmanned systems. The expansion in their use will require additional investments in cybersecurity to harden these systems against cyberattacks, especially now that their use is becoming more complex (e.g. swarms or manned-unmanned teaming). More specifically, controlling them is a process that includes data being received and sent to and from a control station, quite often with the use of satellite telecommunications. 

In some cases, these systems have to operate in areas with no signal (e.g. mountains, under the water surface, etc.) and will have to rely on their onboard computers to continue the mission. Therefore, securing them against cyberattacks is critical, not only for the information they possess but also for the fact that many of them are platforms for weapon systems. That effort will be assisted by the development of artificial intelligence and machine learning; two technologies that are used in locating threats among large volumes of data, such as malware. 

In every sector, Covid-19 demanded a necessary shift to remote working—and defence was no different. Although many workers have now returned to work in person, many have continued to work remotely as there are still lockdowns occurring, while many have decided out of personal preference. The Covid-19 lockdowns highlighted new ways of working in the forms of remote collaboration and showcased enabling technology that allows militaries and companies to adapt and work remotely from all over the world. 

However, this remote working hangover from Covid-19 does come with cybersecurity challenges. The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March 2020 to more than 60% six weeks later, according to cybersecurity company Darktrace. 

The quick adaptation of organisations to the pandemic meant that a lot of the online tools, solutions, technologies and services implemented for remote working were integrated in haste and therefore could have overlooked cybersecurity in favour of speed. Home networks are also less secure and more easily accessed by bad actors immensely accelerating the need for cybersecurity. 

Cyberattacks can also have profound effects on civilians as critical infrastructure is often seen by threat actors as a primary target. All industries are vulnerable, including transport, public sector services, telecommunications, and critical manufacturing industries—however, the energy sector is the biggest target. The first known power outage caused by a malicious cyber-attack happened in Ukraine in 2015.

BlackEnergy malware hit three utilities companies and left hundreds of thousands of homes without electricity for six hours. More recently, on March 21, 2022, President Biden said intelligence indicated Russia was exploring a cyberattack against the US. He urged critical infrastructure owners and operators to “accelerate efforts to lock their digital doors.” 

As the modern soldier becomes more connected, all devices need to be secured. 5G is an integral part of machine-to-machine telecommunications and edge computing. However, without proper cybersecurity, units are left open to attack. Companies like Booz Allen Hamilton are providing services that ‘formulate customised 5G strategies that fit their missions and mitigate cybersecurity risk’. Their services support an array of use cases for 4G, 5G Non-Standalone (NSA), and 5G Standalone (SA). Their cybersecurity offerings include 5G risk management and reduction, 5G vulnerability assessments, secure by design 5G network architectures, mobile AI/ML for 5G implementations, and research and analysis of emerging IoT solutions.

Cyberattacks can further disrupt supply chains. If operating systems (which any company in the supply chain is using) are compromised by cyberattacks, it will delay processes significantly. This causes a knock-on effect that snowballs to create serious issues for both companies and militaries. More and more technologies used in defence need semiconductors to operate, including some missiles. This demand has outstripped supply, hitting the defence industry hard. 

Supply chains are of great significance because they can be seen as vulnerable points of access in terms of cybersecurity. Cyberattacks are increasingly being launched through the supply chain. A 2019 report from VMware Carbon Black claimed that 50% of attacks use the method of targeting the networks of organisations that work with large defence contractors or militaries. These smaller companies do not have sufficient bandwidth to effectively monitor, correlate and respond to the volume of data necessary, in a cyber secure fashion. Limited resources and a severe industry-wide shortage of trained cybersecurity experts only add to this pressure.