In the third in our special features marking Cyber Awareness Week, Stephen Tsirtsonis, Director of Defence EMEA at Endace, examines the potential cyber dangers facing military bodies and the challenges in maintaining an agile defence against cyber threats.
When a nation is posturing on a global scale, there are many ways in which it could damage a foe, or gain prestige with an ally, through the sharing of intelligence. In the cyber world, targets are many and varied; from critical national infrastructure, to central government, to a nation’s corporations.
When looking at high–profile targets you have to consider the military who are faced with securing a multifaceted, global infrastructure encompassing land, sea, air and space.
Considering the challenges of military information security
The nature of the military means that it faces numerous challenges when it comes to protecting its information infrastructure. With a huge range of assets to protect, many extremely valuable targets under constant attack, and multiple parties responsible for constructing, maintaining and defending infrastructure, there is a lot to take into consideration. Many military bodies also use a mix of legacy and new information infrastructure, with multiple suppliers / system integrators adding to the complexity.
The issue is further exacerbated when you consider that this infrastructure is under constant attack by highly motivated nation states with significant resources, capability and expertise at their disposal.
Example – a naval destroyer
A naval destroyer is a highly complex, high–profile, mobile target that another nation state’s cyber and intelligence services might constantly observe and seek to infiltrate. They might be able to obtain records of the crew, the crew’s families, off–ship contractors and their families, and a multitude of other information, as material that could be used to compromise the vessel and its staff.
This constant intelligence gathering and probing of targets over many years could help rogue nations identify a range of individuals susceptible to blackmail or compromise, either directly or via their families, or even their children’s schools, for example.
Any cyber capability, in this highly complex arena, needs to look for sophisticated threats across both the cyber and physical domains.
Facing the threats and becoming adaptable
It goes without saying that the military must keep pace with the latest threat intelligence while defending against constant attack by highly motivated and competent state-sponsored actors – but this is a tough challenge in the defence and security environment. The ideal solution would provide ubiquitous and dynamically adaptable protection – including surveillance, threat detection and countermeasures – across this diverse and extensive infrastructure.
Terms like adaptability, dynamism and responsiveness typically don’t fit well when operating at global scale. Trying to adapt a global deployment, including mobile assets, in line with the latest threat intelligence – while operating under ‘Secret’ classification – is not something to be undertaken lightly.
The conundrum is: how can military bodies protect themselves from cyber threats while remaining agile and having the ability to adapt as needed? And how can the military enable agile cyber defence when having such a highly distributed and complex infrastructure and such an extremely broad technology set to protect makes rapid change extremely difficult to achieve?
Adapting infrastructures
The biggest challenge is that hardware is still frequently a key component of cyber security infrastructure, and one that is difficult and slow to deploy, particularly in a military environment. The implementation of this hardware is a slow and expensive process. It can take months or years to deploy a new solution to counter specific threats, especially given that any new capability needs to be implemented across such a wide variety of locations: headquarters, the battlespace, sandy places, cold places, even in mobile assets under an icepack.
Virtualising analytics functions gives organisations the ability to continually evolve at pace to keep up with new threats. By hosting ‘virtualised’ analytics functions on a common hardware platform, organisations can deploy new or upgraded analytics tools in hours and reap significant cost savings (both CAPEX and OPEX).
Capabilities that previously would have required deploying multiple hardware appliances can now be deployed in software onto a single, common hardware platform, resulting in substantial savings in hardware purchase costs, space requirements and management costs.
The challenge is making this capability adaptable enough to work across the entire domain – data centres, frontline operations and mobile assets – and for it to be able to adapt as required.
Our approach to solving this challenge is to enable customers to deploy a network-wide monitoring and recording fabric – a hardware layer that provides recording of network traffic and can also be used to host network security analytics applications from commercial vendors as well as open-source or custom applications. This common hardware layer can be overlaid with a range of solutions, such as IDS and AI, hosted directly on the same hardware, allowing multiple functions to be consolidated onto a single platform which can be remotely reconfigured as required.
Having a ubiquitous hardware platform that is capable of hosting a wide range of security solutions means that as soon as a new tool is approved to counter the latest threat it can be remotely deployed and activated globally. What would have taken months, or even years, can now be done in hours.
Laying the foundations for agile defence
Using this virtualised approach, military bodies gain the ability to deploy the latest threat detection capabilities quickly, on demand; to accurately detect, play back, analyse and counter attacks; and to dynamically adapt threat detection capabilities.
Building this agility and flexibility into their underlying security infrastructure enables military bodies to take a significant step forwards in addressing the conundrum of military cyber defence.
If you would like to join our community and read more articles like this then please click here.
Cyber Essentials is a government-backed, industry-supported scheme. It helps businesses win more public sector contracts, by ensuring that they comply with mandatory requirements for cyber security. To learn more click here.
Cyber Awareness Week Endace Stephen Tsirtsonis
Post written by: Matt Brown
RELATED ARTICLES
March 8, 2019
Homeland - Cyber Awareness Week: UK’s biggest firms still lacking cyber awareness
A new government report has suggested that boards at some of the UK’s biggest companies still don’t fully understand the
March 7, 2019
Cyber Awareness Week: Why enterprise has a crucial role to play in cyber warfare
In the fourth in our special features marking Cyber Awareness Week, David Atkinson, CEO of cyber security start-up Senseon, discusses how private companies
