Cybersecurity is growing in importance in contemporary military operations, driven primarily by both internal and external factors. Internally, western militaries are refocussing on multi-domain operations, where equipment can be as much a sensor as a weapon. For example, the F-35’s stealth and sensor abilities are as important as its combat ability in planning for its use. This can also be seen in the British Army AJAX programme, whose mission statement includes all-weather intelligence, surveillance, target acquisition and reconnaissance capabilities.
This is not limited to large platform programmes; the US Army’s Next Generation Squad Weapon Fire Control device includes a ballistic computer, which automatically adjusts the point of aim. The system also allows one soldier to send their data to the remainder of the unit through intra-soldier wireless technologies. All of these technologies require large amounts of data transferred over digital communication systems, which requires robust cybersecurity to effectively operate.
Externally, Information and Influence Operations are becoming as important as the application of kinetic force by states. Examples of this include Russian information operations around Wagner activities in Africa, and narratives used by NATO regarding the accession of Sweden to the alliance. Again, these require communication to be always operating effectively, which is underpinned by the successful application of cybersecurity.
This growing importance presents challenges, mainly the securing of the communications infrastructure which would be required to effectively exploit data-driven operations. Whilst militaries across the world have robust expeditionary radio frequency capabilities, secure 4G and 5G capabilities in the whole are lacking, therefore limiting the ability to take advantage of advances in communications equipment. This challenge is compounded with research now starting into the application of 6G within telecommunications, likely furthering the gap between what it utilised within the military to what is available theoretically or commercially.
There is also the growing gap both in industry, as well as the military, of skilled personnel to maintain the required cybersecurity infrastructure. The British Army has set up the National Cyber Force (Reserve) partly to bridge the gap using cybersecurity experts in a part-time capacity.
These challenges are also set against a background growing cybersecurity threats to military operations. Potential future threats are the growth of quantum computing which has seen rapid development, with China using quantum computing to create a secure data link between two ground stations via a satellite. Alongside its application to secure transmission there is the risk of quantum computing being used to attempt to hack communication networks. Whilst there is little threat of this occurring in the near term, given some of the results of Western ‘high tech’ development programmes (such as the USS Zumwalt Guided Missile Destroyer) it is likely organic attempts by the military to mitigate these threats will not keep up with developments.
Alongside the speed of computer technical development, there is also the growth of non-state cyber actors. Whilst traditionally the main threat has arisen from other nation states, non-state actors, or those only linked to a state by outside sources (such as the COZY BEAR cybergroup stated to be linked to the Kremlin), have been growing in strength. This leads to the issue of attribution, where without a clear external aggressor the state attacked can take very little retaliatory action.
Due to the growing requirement for secure bulk data transfer in military operations, innovative solutions will be required, many of which could come from the defence or wider industry. Solutions to bandwidth issues have already been seen in the use of Elon Musk’s Starlink satellite system to provide connectivity to Ukraine. While this embryonic state-private link has not been without controversy - with Elon Musk suggesting previously that Ukraine may have had to pay for access - it does show the ability of private suppliers to facilitate state military operations. It is highly likely, however, that any company providing innovative capabilities will become a target for the adversary. While we have already seen this with weapons development (for example Lockheed Martin’s development of the F-35), this would move from research and development to direct support of military operations.
Alongside supplying large-scale secure data infrastructure, as well as providing robust and secure 4/5G nodes for deployed military units, the defence industry also has the potential to support multi-domain communications through supplying equipment. An example of this could be ATAK, whilst this was created by the US Air Force research lab, the defence industry could support a rapid growth in secure data handling devices down to the tactical level, using commercially available products to link into military communication networks.
These solutions should be scalable to include support staff in the rear to allow military personnel to focus on accomplishing their objectives. This is eminently achievable: the nature of what is to be supplied could be novel, and companies such as KBR have already proven the ability of contractors to operate in relatively benign environments (as seen in their long-term support to Camp Bastion in Afghanistan).
Finally, and perhaps most importantly, the defence industry could commit resources to research and development creating secure transmission and processing equipment that can exploit future developments in telecommunications. In the future, militaries will need effective encrypted and portable 5G networks which are man or vehicle portable, and to exploit 5G communications.
Future challenges present the opportunity for the defence industry to offer innovative solutions - but it does come with risk. While traditionally the defence industry has provided support to military operations, providing solutions for the challenges posed in this paper will place the industry on the cyber front line where attacks will likely result in reputational and financial loss, rather than the loss of life, but could still be as damaging to the defence industry.
The views and opinions discussed in this piece are the views of the author and are not those of, or endorsed by, the British Army or Ministry of Defence.