Building a Resilient and Secure Digital Battlespace

The digital battlespace encompasses many systems-of-systems, ranging from handheld devices to enterprise-level intelligence and data architectures. As these technologies become increasingly connected to each other as part of modern warfighting systems, they provide more data and more mobility—both key to achieving overmatch. 

While these systems grow more connected, it becomes more critical to make sure they are as secure as possible to protect the system as a whole. That’s because, in the digital battlespace, information superiority wins. But this influx of data comes with increased vulnerabilities for adversaries to exploit. 

Making these systems secure and resilient requires a multifaceted approach that begins with understanding the threat landscape. 

The digital battlespace makes more information accessible to warfighters than ever before. Ground station analysts, forward-operating warfighters, policymakers, and many others in the decision chain benefit from this multidirectional data mobility. 

To support independent yet coordinated decisions and effective action, information needs to go where the warfighter is: on the battlefield, in the air, on or below the sea, in space—wherever the mission leads. 

Information that was once available only to satellite data analysts, for example, is now increasingly being relayed directly to operators in the field, empowering them with more data and context for making critical mission decisions.  

What makes this information available is the transfer of data between these disparate systems in various ways, ranging from wireless, to cellular, to more traditional wired networks. But each system, along with each transmission point, presents opportunities for an adversary to exploit the data or deny communications. Every time data moves from one system to another, the number of attack surfaces increases—giving adversaries more opportunities to compromise the data. 

And these adversaries are bringing sophisticated techniques and methods to attack data on the battlefield. Their technology advances move quickly—in contrast with the sometimes slow acquisition processes followed by U.S. and allied militaries. 

The result is compromised, untrusted, or degraded data—which can damage the warfighter’s understanding of the battlefield situation and limit their ability to make the most effective decisions. 

As the attack surface grows with the number of devices, systems, and connections, so, too, should the focus on protecting them. 

As adversaries look for new ways to infiltrate national systems, they often look to the third-party suppliers and vendors that provide services and equipment to the military. These third-party vendors follow varied security protocols—which may not be rigorous enough to protect critical defense data. Because their approaches to security differ, adversaries have a wider breadth of potential vulnerabilities to exploit.

With devices ranging from handheld cellular phones, thin client workstations, and small internet of things (IoT) sensors to multi-terabyte data servers, and even satellite or flight computers, there are thousands of devices in the nation's warfighting networks. Each of these systems’ electronic components were likely manufactured by a different vendor—possibly in different nations and to different standards. 

Supply chain vulnerabilities extend beyond just hardware. Software as a service (SaaS) is a growing trend in the defense sector. SaaS systems are used in a variety of applications like network monitoring and even collection planning. These platforms, while powerful, are also vulnerable to compromise via backdoor attacks, insider threats, and more.  

A critical component of securing the digital battlespace is securing the supply chain. The risks of supply chain attacks are greater now than ever before. Without visibility into your suppliers and their own security protocols—and into their entire supply chain—it’s difficult or impossible to understand how the service or hardware they provided may be compromised. 

Protecting this complex and networked landscape of systems and actors requires an intentional approach to cybersecurity and electronic counter-countermeasures. Addressing cybersecurity as a component of mission readiness can help make a system more resilient by focusing decision makers’ attention on the impacts: what happens to my mission if this system or data is compromised? 

It is virtually impossible to give any system 100-percent protection from attack. As a result, operating through the attack and successfully carrying out the mission—despite disruption—must be seen as a necessary attribute of any critical system in development.

Here are three key components to building more resilient warfighting systems:

1. We must embed advanced cyber protections into solutions as they are developed, rather than bolted on later. It is very difficult to “improvise” resilience once an attack has already compromised a system. Furthermore, adding or updating new cybersecurity protocols can often add their own challenges—from creating new data silos to unintentionally opening new vulnerabilities. The most effective approach is to map out the cyber landscape as a system is being built and proactively develop methods and back-stops to make the system resilient should individual components be compromised. Then, applying an agile approach to refining and updating protections helps keep the systems and all their components resilient to even the latest attacks. 
2. Use zero-trust and mesh network paradigms to create systems that are resilient against cyber attack. Zero-trust is a concept within cybersecurity that requires all users’ identities be validated prior to accessing a network. This is increasingly seen as a necessary minimum to system access and must be employed on all critical defense systems. Complementing zero-trust networks in protecting against attack and improving resilience are mesh networks—networks with multiple nodes that can connect dynamically. Each node expands the network’s breadth and stability. In turn, if any given network node is removed, perhaps because of adversarial attack, the rest of the network can still operate, cooperatively compensating for one node’s removal by rerouting data through other nodes. 
3. Data scientists must team with machines to augment human expertise with advanced artificial intelligence (AI) to protect models and systems. Advanced analytics and AI can provide game-changing capabilities in the cyber and electronic warfare landscape. Understanding how the myriad number of systems interface with each other to find and then understand and prioritize vulnerabilities is an immense task. But this comprehensive inventory is necessary to creating a secure and resilient system. One key to addressing this is using advanced analytics, which can provide insights into the entire attack surface. After the threat inventory is complete, AI can also be used to automate vulnerability scans, anomaly detection, and incident responses. 

The result is a system-of-systems with a more comprehensive approach to cybersecurity and electronic protection that anticipates attacks and provides mechanisms for resilient operations. 

Making more secure and resilient warfighting systems requires more than a check-the-box approach to cybersecurity and electronic protection. By building systems that anticipate attack and can use the latest in AI and advanced analytics, Department of Defense organizations can move toward significantly reducing the threat surface—and create ideal conditions for system and mission resilience.