In June, the Ministry of Defence (MoD) announced the creation of a “cyber regiment,” whose role will be to protect the UK’s armed forces from cyberattack, while also working with the Navy and Air Force to provide secure networks for all military communications. Launched as the reformed 13th Signal Regiment, it will focus on front line operations and provide personnel operating at home and abroad with “digital armour” to help secure their information and safety.
In doing so, it comes up against a range of significant challenges. The threat landscape that the military faces changes constantly, as new risks emerge, and adversaries continually test the effectiveness of information security defences. Whether cyberattacks on UK armed forces are motivated by intelligence gathering or to disrupt operations, announcing the cyber regiment betrays the serious levels of risk posed by potential security breaches. Tobias Ellwood, Conservative MP and Chairman of the Defence Select Committee underlined this point when he recently said, “We are playing catch-up with our adversaries.”
With the announcement made, the MoD must immediately tackle a range of issues if it is to successfully establish and then effectively operate the cyber regiment in the short and long term.
Cybersecurity Is a Tough Battlefield
One of the most serious problems is talent acquisition, management, and development. Cybersecurity worldwide already faces a chronic and growing skills shortage. The 2019/2020 Official Annual Cybersecurity Jobs Report estimated there will be 3.5 million unfilled cybersecurity jobs globally by 2021, up from one million positions in 2014. The U.K. government’s own analysis says, “High proportions of U.K. businesses lack staff with the technical, incident response and governance skills needed to manage their cyber security.”
For public sector organisations, this issue is exacerbated by the clear pay differential across these highly skilled roles when compared to the private sector. In reality, the MoD can never hope to match the salaries on offer from enterprises, service providers, and security consultancies, and will need to factor this into its long-term planning and recruitment strategy.
Even when they develop talent from within, the private sector will always be an attractive option for military personnel with cybersecurity training and experience. Indeed, businesses increasingly view the armed forces as a valuable talent pool as part of their approach to recruitment. As a result, the MoD faces the very real prospect of an ongoing “brain drain”: they invest in training and development to fill highly skilled positions within the regiment, only to see some of those people leave for much better-paid private sector jobs.
The issue of talent is clearly a priority for military leadership, as explained by Brigadier John Collyer, Commander 1st (U.K.) Signal Brigade, who said at the regimental launch: “The stakes are high and our success is increasingly and critically reliant on focusing our brightest men and women onto the opportunities and risks that underpin our operations—both home and away.”
There’s also the wider question of investment and funding. Building any cybersecurity team at scale is a costly undertaking, requiring a long-term commitment to technology and training. Since the threat landscape is constantly changing, the MoD will need to allocate significant resources—both financial and management—to build not just the specialist teams but also the IT infrastructure within the regiment to keep ahead of the digital threats faced on the modern battlefield.
An alternative could be to contract out some aspects of the requirement to the private sector, but given the sensitivity of the challenge facing the MoD, is this practical? Granted, the military buys weapons systems from many private sector companies all the time, but it remains to be seen how well this could translate to the provision of cybersecurity on the front line.
Part of the challenge is—in contrast to the criminal motivation behind many of today’s cyberattacks—the military must counter malign activists and foreign governments. This takes significant and targeted resources, often relies on international cooperation, and relies on an agile organisational structure with the ability to respond to threats quickly and effectively.
Given the widespread international political uncertainties at present, robust agreements will be required to ensure countries with common security and military interests remain in close cooperation with each other.
So, in common with almost every other country, the UK faces significant challenges in protecting its armed forces, their operational effectiveness and sensitive data from cyberattack. Establishing a specialist team in the form of the cyber regiment is no doubt a step in the right direction for the MoD and certainly mirrors the focused approach seen across the private sector. It will be interesting to see how they address the challenges they face and to what extent we get to follow their work in the future.
If you would like to join our community and read more articles like this then please click here