In the ever evolving landscape of modern warfare and national security, operational technology (OT), is playing an ever more important role. Operational technology encompasses the hardware and software systems that control & monitor physical processes and equipment such as those found in military installations, weapons systems, and critical infrastructure, both military & civilian controlled.
However, as these systems become increasingly digitized and interconnected, they also become more vulnerable to cyber threats. This article examines the cybersecurity issues facing defence operational technology, the potential consequences of these vulnerabilities, and the strategies being employed to fortify these critical systems against cyberattacks.
The Growing Cyber Threat to Defence OT
The proliferation and digitization of operational technology has brought about significant efficiencies and capabilities in defence, from remote control of unmanned systems to real-time data analytics for decision-making. This digital transformation, however, has also opened the door to a range of cyber threats. Adversaries, ranging from nation state actors and state-sponsored groups to terrorist organizations, are actively seeking to exploit vulnerabilities in defence OT for espionage, sabotage, or to gain a strategic advantage.
One of the primary cybersecurity issues in defence OT is the integration of legacy systems with modern technologies. Many defence systems have very long life spans and were not originally designed with cybersecurity in mind. Integrating these systems with newer, interconnected technologies creates vulnerabilities that can be exploited by malicious actors.
Another significant challenge is the complexity and specificity of defence OT systems. These systems are often custom-built with unique configurations, making it difficult to apply standard cybersecurity solutions. The bespoke nature of defence OT also means that knowledge of a particular system's vulnerabilities can provide a significant advantage to adversaries.
Potential Consequences of Cyber Vulnerabilities
The implications of a successful cyberattack on defence operational technology are profound. Compromised defence operational technology can lead to the loss of sensitive data including classified information about military operations and technology. It can also result in the physical compromise or destruction of critical infrastructure, potentially leading to serious tactical disadvantages and significant economic damage. In the context of military operations, cyberattacks can disrupt communication, navigation, logistics supply chains and weapons systems, thereby undermining military effectiveness and seriously impacting strategic advantage.
National Infrastructure
If history teaches us anything, it’s that conflicts are not only won on the battlefield but also on the home front. Operational technology is prevalent in many aspects of critical national infrastructure, for example water, power, transport & telecommunications. These OT systems have been built by profit making entities with a bottom line to consider.
We have already seen many civil OT networks effectively targeted by threat actors such as the Ukraine Power Grid Attack in 2015i, and the Stuxnet attack in 2010ii which was able to traverse air-gapped systems to cause physical damage to Iran’s Uranium enrichment facility. The 2017 WannaCry attackiii caused serious harm to the systems of UK medical facilities, not necessarily the OT systems themselves but the supporting technology, nevertheless causing significant impact and rendering the vital systems unusable.
Psychological Operations (psyops)
Although psyops is an extensive battleground, disruption to key national infrastructure and local services can have significant impact and contribute to undermining the public confidence and ‘breaking the will’ of the population. When used in conjunction with propaganda and disinformation campaigns, this kind of demoralization can have dramatic effects on the national psyche.
Strengthening Cybersecurity in Defence OT
Tackling the many cybersecurity challenges in defence operational technology requires a multi-faceted approach. This includes both technological solutions and organizational strategies:
Technological Innovations
Security by Design: Incorporating cybersecurity features at the design phase of new defence OT systems can significantly reduce vulnerabilities.
Regular Updates and Patch Management: Ensuring that systems are regularly updated and that security patches are promptly applied is crucial in defending against known vulnerabilities.
Advanced Threat Detection: Employing advanced cybersecurity technologies such as artificial intelligence and machine learning can help in the early detection of potential threats and anomalous behaviours within defence OT networks.
Organizational Strategies
Training and Awareness: Regular training programs for personnel involved in the operation and maintenance of defence OT can help in recognizing and mitigating cyber threats.
Collaboration and Information Sharing: Collaboration between defence departments, government agencies, and allied nations is vital for sharing threat intelligence and best practices in OT security.
Incident Response Planning: Developing, regularly updating and, critically, testing an incident response plan ensures that defence organizations are prepared to respond effectively to cyber incidents.
Capacity planning, training & retainment: Due to the nuances of military recruitment, training and career management, western militaries in particular have struggled with retaining the right talent. The British Army is developing multiple strategies to attempt to deal with these issues.
One example is the unified career management (UCM)iv which aims to centralise career management for soldiers in specialist roles so that they can continue to develop their careers in a specialist pathway like cyber security without the constant threat of ‘posting out’ which has previously seen talent posted to non-related roles leading to misallocation of resources and, more often than that, soldiers ‘signing off’ out of frustration.
Cyber security is currently a trending profession where talented individuals can earn very respectable salaries and progress quickly. This naturally draws talent away from governmental roles, including military posts which could never offer the same rewards. Western militaries are already considering other strategies for recruitment and retainment for example, the use of specialist reserves and also ‘Professionally Qualified Officers’ in the same way Doctors, Lawyers and Veterinarians are currently employed.
Conclusion
In the civilian domain, operational technology has long suffered from a lack of cyber security readiness which stems from traditional and longstanding architectural practices which did not anticipate the need for advanced security principles. This led to unsafe practices such as shared admin accounts, lack of credential strength and other safe practices such as multi-factor authentication.
As the reliance on operational technology in defence continues to grow, so too does the importance of robust cybersecurity measures. The unique challenges presented by defence OT require not only innovative technological solutions but also a comprehensive organizational approach to cybersecurity. By prioritizing the security of operational technology, defence organizations can protect the critical systems that underpin national security and military effectiveness. In an era where cyber warfare is an ever-present threat, the resilience of defence operational technology is paramount.
The defence establishment now has a real opportunity to take a lead in improving the architectural practices of operational technology in its system development and to influence the civilian industry both by example and by commercial imperative for its defence contractors.
References
Zetter, K. (2016, March 3). Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid. WIRED. Source »
Zetter, K. (2014, November 3). An Unprecedented Look at Stuxnet, the World’s First Digital Weapon. WIRED. Source »
National Audit Office (NAO). Investigation: WannaCry cyber attack and the NHS - NAO report. (2023, May 30). Source »
Strategic Command. (2021, June 3). Ministry of Defence launches Unified Career Management. GOV.UK. Source »
