Fighting and Winning Wars in the Cyber Age

Preparing to Win in the Cyber Age

The unprecedented challenges and complications posed by the vulnerabilities of cyberspace demand extraordinary measures by the governments and militaries to prepare and win wars in the cyber age.  While most of the militaries operate on closed-loop networks with limited connectivity to the outside world, still military systems continue to be vulnerable to cyber-attacks. Insider threat, compromised hardware/software, non-adherence to the Sops and policy guidelines, a possible breach through the wireless nodes and portable devices, continue to be the major vulnerabilities in the military systems requiring a continuous effort by the cyber professionals to secure military operations.  Although many militaries have their own cyber warfare departments and commands working round the clock to ensure security of the military cyberspace, yet there always remains a room for improvement and frequent incidents of cyber-attacks against military systems across the globe bear witness to it. In light of the most common vulnerabilities of military cyberspace, following are few recommendations that can help in securing military operations in the cyber age: –

(a)  Comprehensive Cybersecurity Strategy and Foresight History is a witness that success of military operations has always depended upon the quality of military strategy, strategic guidance and strategic foresight of military leadership to predict threats and challenges and be prepared for them through employment of smart strategies. Similarly, preparing to counter threats in cyberspace requires a comprehensive cybersecurity strategy that combines the strengths of all available capabilities to address existing vulnerabilities through state-of-art technical and policy solutions implemented by the best available cyber professionals. The cybersecurity strategy must be a living organism that needs to be updated and modified depending upon the changing environment in the international cyberspace where new technologies, new threats and new attack mechanisms are born on almost daily basis. Military leaders must foresee future trends based on available information and start preparing for them now instead of waiting for something to happen and then embarking upon a firefighting mission when the damage has already been done. A comprehensive cybersecurity strategy formulated after involvement of all the stakeholders and implemented across the board with frequent feedback mechanisms, shall decide the level of cybersecurity in a military organization.  A proactive cybersecurity mindset coupled with a sound cybersecurity strategy shall prove to be of immense value for any military today.   

(b)  Staying Abreast with Technological Evolution   The pace of technological evolution in cyberspace is mindboggling, and keeping up with it or trying to stay ahead of it is extremely challenging but a key to success and security. Military organizations must try to stay abreast of the technology curve and should keep on frequently assessing the technical quality of the existing hardware and software both in offensive and defensive realms of cybersecurity. Employment of the latest available technologies that cater for the existing and foreseeable threats should keep military operation safe and resilient in cyberspace. Round the clock monitoring systems supported by latest firewalls, encryptions, and intrusion detection systems coupled with regular vulnerability assessments and rapid response mechanisms shall keep the military operation up and running while considerably reducing the effectiveness of a cyberattack. Maintaining offensive cyber capabilities is also vital as it not only prepares you to mount a formidable defense but also equips you with the latest offensive techniques that may be put into action when required. For example, employment of AI is seeing an exponential rise and AI-driven cybersecurity systems are revolutionizing both offensive and defensive cybersecurity. While machine learning algorithms can help in detecting anomalies in real time, predict potential threats, and automate responses, AI can also be utilized to launch sophisticated phishing campaigns, develop deepfake technology, and automate cyber-attacks, which would make security of cyberspace extremely complex and challenging. Militaries should also develop elaborate forensics facilities to scan the newly procured hardware and software that have been procured off the shelf for critical infrastructures and systems. Militaries must always be on the lookout for latest technologies, invest in innovation and R&D, indigenize where possible and get help from the private sector professionals to stay abreast of the latest trends and maintain technological superiority as far as possible.

(c)  Education / Training   Regardless of the rapid advances being made to incorporate AI in the offensive and defensive cybersecurity realms, need for highly qualified and trained cyber professionals shall remain of pivotal importance to ensure success of modern military operations. Establishment of cyber warfare academies and cyber commands across many militaries across the world are the steps to keep military cyber professionals abreast with latest offensive and defensive cybersecurity methods and technologies. However, militaries must engage private sector experts and employ latest cyber security training platforms (Cyber Ranges) specifically designed for imparting near-real-time offensive and defensive cybersecurity trainings. Platforms that are not only capable of meeting the latest cybersecurity education and training requirements but are also ideally suited for conducting live simulated cyber exercises and wargames at organizational as well as national level.  While most of the Cyber Range Platforms (Cyberranges, Circadence, Cyberbit etc) available in the market today are generally cloud-based and may not address the security concerns of militaries. On-premises platforms (PriviaHub etc) could be an ideal solution for educating and training cyber professionals through near-realistic simulations and exercises. Peace-time proactive training and preparation are the key to safeguarding cyber space in the current volatile digital environment. Therefore, militaries should not shy away from investing in the latest education and training platforms as it could make a difference when it comes to winning wars in the cyber age.

(d) Cybersecurity awareness and Policy Implementation Military organizations must run elaborate cybersecurity awareness programs across the organization to educate common users of the potential cost of carelessness, and non-adherence to the laid-out Sops, policies and best practices. Similarly, policies and procedures must be frequently revised and updated in consultation with the experts keeping in view the latest changes across the organization and introduction of new technologies.  There must be clear policies and rules on how the defaulters would be dealt with and those contributing positively would be rewarded to motivate common users to adhere to the existing policies and guidelines. There must also be an elaborate intelligence and monitoring mechanism to cater for the insider threat which happens to be one of the most lethal threats in cybersecurity. Regular cybersecurity audits conducted by reputable professional organizations and periodic cybersecurity exercises can be tremendously helpful in determining the robustness of existing protocols and policies and identifying vulnerabilities.

Conclusion

Owing to the ongoing technological revolution, the world has witnessed an incredible transformation in warfare over the past few decades.  One of the major elements responsible for this transformation is the advent of cyberspace, as a vital domain of warfare, which today is the driving force behind all the conventional domains. Warfare in the cyber age has shifted from physical battlefield to digital battlefields. Success on the digital battlefield is now the guarantor of success and victory on the physical battlefield.  Military success in the cyber age has come to depend on mastering this new domain, the cyberspace. A combination of measures, including a sound cybersecurity strategy, strategic foresight, technological superiority, proactive approach, training, education and private-public-partnership are some of the key elements that would help in fighting and winning wars in the cyber age.