With many countries focusing on developing offensive cyber capability, Dr Mary Haigh examines what needs to be done to stay ahead of adversaries
My Grandma worked at one of the listening stations, Beaumanor, relied on by Bletchley Park in the Second World War.
The pioneering code-breaking work which took place at Bletchley Park sparked a revolution in computing and intelligence gathering that underpins my cyber work today. And again we find ourselves in a race, not to break Nazi codes, but to achieve supremacy in the cyber battlefield.
A new battlefront emerges
Within the next decade it is reasonable to assume that, for developed nations, offensive cyber will not only be part of weapon systems but will also form part of their defences in fixed and mobile platforms.
Offensive cyber will also be a powerful enabler for deception and misinformation. For example, factors like climate change driving global migration are likely to create strong opportunities for creating unrest via some targeted misinformation.
We mustn’t forget, though, that it's not just developed nations that will be affected. Less developed nations, non-state groups and terrorist groups will also find it very attractive. Compared to large platforms like aircraft, ships and tanks it’s inexpensive and there are very low barriers to entry.
This means each nation is going to need its own legal frameworks in which to operate, true to their own values and ethics. And each nation is going to have to have freedom to act and so should consider the development of their own sovereign cyber capability. The economic benefits of doing so are significant, even in industries outside of the military space.
As this arms race accelerates, militaries will need to shift their strategies around three core principles – the interdependencies between offensive and defensive cyber, the need to be secure by design and secure in operation; and the recognition that some penetrations will occur and therefore they need to be ready to respond and recover.
A tapestry of interconnections
I read some fascinating research recently on the fungal networks that exist beneath the forest floor. Above ground trees appear separate, distinct and discrete. But below ground the entire forest is connected and interdependent through fungal networks which spread for miles.
I think cyber can learn from this. We need to stop thinking of offensive and defensive, friendly nation to friendly nation, army, navy and air as separate and isolated. To have a healthy, strong ecosystem we need to create the linkages – the invisible far reaching fungal network that maintains the health of the whole cyber forest.
Take training, for example. Militaries should train offensive and defensive response together in order to recover in the field and as best as possible from attack and possibly counter-attack. Conversely, if militaries want cyber weaponry to be a useful part of their arsenal, they have to train troops on its usage and the likely retaliations – both offensively and defensively.
This requires widespread connections (the fungal network) between services, departments and allied nations, underpinned by things like cross-skilling, sharing resources and combined methodologies, tooling and tradecraft.
Secure by design and secure in operation
We can’t design secure platforms and then just sit back and relax – technology changes way too fast. But we have to do the basics right.
Secure architectures, patterns and standards are necessary for fixed, mobile and autonomous platforms. And militaries have to assess vulnerability regularly on all their technologies and be able to deploy the required mitigations rapidly. This requires a good understanding of what is critical, and what is not, at any point in time.
Automation technologies, particularly artificial intelligence, also have a role to play. We don’t have the luxury of a SOC in the back of a fighter jet or a drone, but we must have visibility of what is attacking all our platforms. In these platforms we need to be able to automatically respond to cyber-attacks and be able to recover ourselves with minimal human input.
An unwelcome reality
But even when militaries have done all this they will still get hit by cyber-attacks. Cyber weapons, defences and response plans can be rendered completely useless overnight by potentially one small penetration. This means militaries need to be ready to deal with completely unforeseen and unplanned changes.
And let’s not underestimate the step change in agility we need here.
Building a new plane or aircraft carrier would probably take 10 years in order for building, testing and deployment to be completed. By contrast, militaries need to be able to do a cyber-defence upgrade in hours if required and should expect to be doing it approximately every month. This is going to mean quite a shift in culture and procurement behaviour, not to mention policies, processes and procedures to enable the necessary speed and flexibility.
But this just reiterates why it’s an absolutely fascinating time to be working in cyber. Just like my Grandma before me, I really hope that the work we are doing now will lead to a similar technological leap forward and help propel the growth of our economies in a digital world. This is a race truly worth winning, and it’s one I’m proud to be part of.
Stepping up on Cyber Defence. Christine Maxwell is a woman on a mission – a cyber mission. She tells Mivy James about overseeing the ever evolving challenge of Cyber Defence and Risk at the UK’s Ministry of Defence
The Cyber Threat: before, during and after lockdown. No sector of society has proved immune to the spiralling effect of Covid-19 – and that includes cyber security. With the kaleidoscope shaken and pieces still in flux, Adrian Nish examines its impact so far