Public Services > National Security

Preparing defence networks for cyberwarfare

Published 16 November 2017

Joe Kim, EVP, Engineering & Global CTO for SolarWinds argues that military IT professionals can and should adopt a more proactive approach to combatting cyber attacks

 

Much has been made in recent years of the escalating level of threat that government agencies now face from cyberattackers, and with good reason. Cyberattacks are no longer singular events perpetrated by standalone rogues with a tooled-up basement and too much time on their hands. Attackers are now part of a large, intelligent, and perhaps most dangerously, incredibly profitable industry.

These attacks can come in all shapes and sizes and impact every type of government organisation. Just this year, for example, several websites for government departments were hacked to display pro-ISIS propaganda. 

In 2015, attackers breached the U.S. Department of Defence (DoD) network and gained access to approximately 5.6 million fingerprint records , impacting several years' worth of security clearance archives. This level of threat isn't new, but has grown noticeably more sophisticated—and regular—in recent years. 

In fact, it could be argued that cyberwarfare is now being waged against the government, and attacks against defence organisations, like the DoD incident, are particularly startling. So why are defence organisations so vulnerable?

Brave new world

Military organisations, just like any other organisations, are susceptible to the changing tides of technology, with Warfighter information Network-Tactical (WIN-T) offering an example of the challenges it faces.­ WIN-T is the backbone of the U.S. Army’s common tactical communications network, and is relied upon to enable mission command and secure, reliable voice, video, and data communications at all times, regardless of location. 

This is no easy feat, and WIN-T has to navigate both technological and regulatory minefields to maintain communications with tactical warriors. To help ensure “always on ”communications, network connectivity must be maintained to allow WIN-T units to exchange information with each other and carry out their mission objectives.

WIN-T was facing bandwidth delay and latency issues, resulting in outages and sporadic communications, so a solution was sought. After evaluating products and establishing the best offering suited to WIN-T's needs, a network performance monitor tool was deployed to help track network connectivity issues.

For WIN-T, the solution was not only ensuring that the chosen product was an exact fit to suit its needs, but one that it felt comfortable working with. This is an important lesson for IT professionals tasked with adopting new and unfamiliar technology. This lesson was re-emphasised when WIN-T required detailed records of their VoIP calls to comply with regulatory requirements.

Unfortunately, the solutions on the market that provided VoIP call records were expensive and cumbersome, which presented another challenge for these military IT professionals to overcome. This was only done so when WIN-T worked with its solution provider, SolarWinds, to develop a low-cost VoIP tool that met their technical mission requirements.

The WIN-T use case emphasises the fact that as much as businesses are now aiming to cope with the next great wave of innovation, so too are defence departments looking to expand and diversify their networks and tools. This has created a new challenge for military IT professionals, who not only have to be incredibly diligent in making sure that the organisation is secure, but now must seamlessly incorporate complex new technologies that could potentially expose the organisation to new vulnerabilities.

The result is that resources become stretched, which is a dangerous position for military organisations to be in because it could result in an increase in major breaches happening in the near future. The solution, according to WIN-T, is a thorough evaluation and understanding of your organisation's needs, and complete trust in the solution you are opting for.

Impact of a breach

Impartial observers may wonder why government organisations are being targeted, especially given the fact that many of these organisations are resource-strapped. The answer: it's all about the data.

Military organisations contain incredibly sensitive information. From national security details, to personnel information, to the existence of aliens (that last one I sadly can't confirm), so while a security breach can often be financially devastating for a business, it can have far greater implications for a military organisation, and society as a whole.

If a military organisation were breached, for example, and the sensitive data contained within fell into the wrong hands, the issue would go beyond financial loss and could become a matter of national security, where lives, rather than bank balances, are put at risk.

The value of this data is astronomical, which is why attackers are growing more focussed on waging cyber warfare against military organisations. The higher the prize, the greater the ransom.

However, it's not all doom and gloom, and military IT professionals do have defences to help turn the tide in the fight against cyber attackers. The trick is to be proactive.

Be proactive

Far too many organisations rely on reactive techniques to deal with cyber attacks, essentially accepting the inevitability of being breached and only clearing up the mess after it occurs. This begs the question: wouldn't it be far less damaging to be proactive, rather than reactive? Of course, this is easier said than done, but there are ways in which military IT professionals can take a proactive approach to cybercrime.

First, they should apply cutting-edge technology. This may seem counter-intuitive given the earlier discussion of the pressures new technology places on IT professionals, but this is certainly a risk/reward scenario, and outdated technologies are essentially an open door for well-equipped attackers to walk through. IT professionals should be given the support needed to implement this technology, if military organisations are serious about safeguarding against cyber attacks.

By procuring the latest tools, ones that can be customised and adapted to every possible situation and threat, and ensuring internally that departments are carrying out system updates when prompted, military organisations can protect themselves against the sophisticated techniques of cyberattackers.

Second, automation should be employed by military organisations as a security tool. By automating processes—from patch management to reporting—they can help ensure an instantaneous reaction to potential threats and vulnerabilities, instead of relying upon staff to catch the infringement after it has occurred. Automation can also help safeguard against the same type of breach in the future, providing an automated response should the same issue occur. 

Third, all devices should be tracked within a military organisation. This may sound paranoid, but many breaches are a result of insider threats, whether it's something as innocent as an end-user plugging in a USB, or something altogether more sinister.

Automation can be used to detect unauthorised network access from a device within the organisation, enabling the system administrators to track and locate where the device is, and who may be using it.

Despite the fear surrounding data breaches, military organisations are capable of standing firm against the next wave of innovative, ingenious cyber attacks. They just need to learn that sometimes, attack is the best form of defence.

Joe Kim is executive vice-president for Engineering & Global CTO for SolarWinds








We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.