Cyber defence in the ‘New Normal’

The Coronavirus crisis has increased the risk exposure of being targeted by sophisticated threats, warn Wolfgang Roehrig and Mario Beccia.
Photo credit: Adobe Stock

By Wolfgang Roehrig & Mario Beccia

Wolfgang Roehrig is head of the Information Superiority Unit at the European Defence Agency; Mario Beccia is Cyber Defence Officer at the European Defence Agency

08 Jul 2020

The COVID-19 pandemic is having a massive societal and economic impact, although the full effects have yet to unfold and be fully assessed. Such an analysis should take into account several factors, including a stronger and better preparation for the next ‘unknown unknown’.

Adopting a defence-minded approach, built on consolidated doctrines and innovative technologies, can be beneficial in many respects. For example, preparedness and contingency management are key pillars in any military doctrine, and the pandemic has demonstrated the need for better preparedness at national and EU levels.

Rethinking ways of working in many industrial, administrative and educational sectors, integrating concepts such as flexibility and rapid response, situational awareness and ubiquitous access to information will be essential ingredients for success in the post-COVID-19 world.

“From a cyber defence perspective, adopting a more integrated and interconnected model comes with a price, with exposure to potentially malicious users. Not only criminals, but state-sponsored actors can leverage this increased technological dependence”

The pandemic has greatly accelerated adoption of the most recent and innovative communication technologies and highlighted the importance of well-functioning telecommunications. Without these new ways of working and learning, which were quickly adopted at the start of the pandemic, the economic impact could have been much bigger.

Concepts that previously applied only in selected domains - working with geographically dispersed teams, video teleconferencing as the default communication mode, or decentralised decision-making with information gathered via online tools - will constitute the future norm in many areas of our societies and economies.

From an enterprise perspective, applying defence-minded thinking implies reviewing key internal processes in light of changed scenarios and adopting more robust and effective strategies. The European Defence Agency (EDA) was one of the first EU entities to adopt cloud computing technology for most of its internal processes.

This improved preparedness, allowing it to switch almost seamlessly from the traditional ‘work-in-the-office’ approach to a much more flexible ‘work-from-anywhere’, without compromising the required security. Identifying new business models from emerging technologies and adopting them in a safe, secure and scalable environment is a key tenet in this dimension.

From a cyber defence perspective, adopting a more integrated and interconnected model comes with a price, with exposure to potentially malicious users. Not only criminals, but state-sponsored actors can leverage this increased technological dependence.

An efficient threat assessment, a highly skilled and threat-aware workforce and dedicated technology are essential for successful cyber defence. EDA’s cyber defence programme includes an element that is constantly monitoring technology to identify possible advantages and a coordination element to constantly improve cooperation with other EU and non-EU entities.

There is also a harmonisation initiative to establish a common framework for cyber defence programmes. In addition, there is training and education along with steps to specifically address cybersecurity challenges in traditional domains - land, air, maritime and space.

An example of collaboration in a key area is the Collaborative Cyber Ranges Federation Project, which provides participating Member States with a capability to organise and execute testing sessions and exercises within weeks rather than years, if done nationally in isolation.

“Concepts previously applied only in selected domains - working with geographically dispersed teams, video teleconferencing as the default communication mode, or decentralised decision-making with information gathered via online tools - will constitute the future norm in many areas of our societies and economies”

This can validate the cybersecurity risk level of new equipment, test new procedures and train users in real-world scenarios, such as using specific applications, personally identifiable information handling or adopting new communication platforms.

Another key EDA project is in digital forensics for military operations. This provides a reduced response time when a cyber-attack occurs in theatre, giving a tactical advantage. This can also be easily transposed to other settings, including non-military ones, where forensics analysis has to be performed remotely or with few on-site resources available.

EDA’s cyber defence programme includes projects to tackle additional challenges such as cyber situational awareness, advanced persistent threat protection, systems engineering for cyber defence, cybersecurity awareness, cyber defence training courses design and many others. The COVID-19 pandemic has highlighted the need for trustworthy and scalable solutions that provide reliable, ubiquitous and secure communications.

It has also increased the risk that our societies and business actors are targeted by sophisticated threats. Consequently, we must step up defence capabilities in the cyber domain of operations as well as leverage and amplify the developments observed in cybersecurity in the civilian world. This will require greater investment across all cybersecurity areas and increased attention to cooperation and coordination of efforts between military and civilian institutions both nationally and at European level.

The pandemic has shown that our Member States’ armed forces play an important role in internal crisis management in Europe - under the principle of subsidiarity. Cyber defence is an area where this approach could provide immediate and solid benefits: EDA stands ready to provide its expertise and experience to support and enhance the security posture of the EU and its Member States.

Categories

Security & Defence
Share this page