Cyberspace is understood as the fifth domain of warfare equally critical to military operations as land, sea, air, and space. Success of military operations in the physical domains is increasingly dependent on the availability of, and access to, cyberspace. The armed forces are reliant on cyberspace both as a user and as a domain to achieve defence and security missions.
Since 2008, the European Defence Agency (EDA) has been producing a Capability Development Plan (CDP) to answer the question, “how will Europe retain and develop the capabilities needed to react to the threats that may arise in the coming decades? It looks at future security scenarios and makes recommendations about the capabilities European militaries will need to react to different possible developments. Cyber security is also one of the priority actions underlined by the EDA’s Capability Development Plan. The European Defence Agency (EDA) is an intergovernmental agency of the Council of the European Union.
The Cyber Security Strategy for the European Union, which was released in February 2013 and endorsed by the Council in June 2013, emphasises, “Cyber security efforts in the EU also involve the cyber defence dimension.” Consequently, the European Council adopted a “Cyber Defence Policy Framework” in November 2014, highlighting five priorities:
- Supporting the development of Member States’ cyber defence capabilities related to CSDP;
- Enhancing the protection of CSDP communication networks used by EU entities;
- Promotion of civil-military cooperation and synergies with wider EU cyber policies, relevant EU institutions and agencies as well as with the private sector;
- Improve training, education and exercises opportunities;
- Enhancing cooperation with relevant international partners.
The updated EU Capability Development Plan (CDP) endorsed by the EDA Steering Board in June 2018 reconfirmed cyber defence as a priority for capability development in the EU. The CDP recognises the need for defensive cyber operations in any operational context, based on sophisticated current and predictive cyberspace situational awareness. This includes the ability to combine large amounts of data and intelligence from numerous sources in support of rapid decision making and increased automation of the data gathering, analysis and decision-support process. In November 2018, the European Council adopted an updated version of the EU cyber defence policy framework (CDPF).
The Agency is active in the fields of cyber defence capability development and in Research & Technology (R&T). In accordance with the 2014 Capability Development Plan Revision the focus lies on: Supporting member states in building a skilled military cyber defence workforce and Ensuring the availability of proactive and reactive cyber defence technology.
Developments in cyber warfare mean that it needs to be taken into account in the development of virtually all forms of capability. This includes risk assessment as well as exploration of new possibilities for European forces. By its nature, the cyber domain is not limited to national borders or physical presence, a fact that calls for a European perspective and collaborative activities.
In 2016, EDA committed dedicated resources to also address cyber threats in the air domain, in the background of Single European Sky and the increase of digitisation in air capabilities. An integrated approach ensures that cyber defence and domain-specific cyber defence efforts for the air domain stay aligned.
In the same year, member states established a Cyber Research and Technology Working Group within the EDA framework, focused on developing and keeping a Cyber Defence Strategic Research Agenda (SRA) up to date. The Cyber SRA calls for research in emerging technologies such as artificial intelligence, or cyber resilience to name just a few; given their disruptive potential, it would be daring to predict their impact on defence.
Leading projects for military forces
EDA’s ad hoc projects are underway to ensure that EU military forces are well-equipped to conduct CSDP missions and operations. Examples of collaborative research activities are Cyber Situation Awareness Packages (CySAP), malware detection and deployable cyber forensics.
Other promising candidates include machine learning – to increase resilience of command and control systems – and blockchain – to ensure confidentiality and integrity of military logistics, e.g. asset management and maintenance tasks, as well as to provide robust and secure tactical communications. Human factors are also considered a key research area because it deals with cyber operators’ cognitive and behaviour aspects, e.g. attention and stress management. Research findings may improve incident handling processes and provide more insight into the human-machine interaction.
Cyber Situation Awareness
The Project Arrangement (PA) for the Cyber Defence Situation Awareness Package Rapid Research Prototype (CySAP-RRP) was recently signed by the three contributing Member States: Spain (lead country), Germany and Italy. The project was conceived as the first step of a spiral development in order to set up a full Cyber Situation Awareness (CySA) operational capability. The core objectives of the project include essential research challenges to assist military decision-makers in cyberspace and to set the basis of a Command and Control (C2) system for cyber operations.
The CySAP-RRP will be built upon previous work done by EDA to develop a Target Architecture and System Requirements for an enhanced Cyber Defence Situation Awareness Capability. The core objectives of the project include essential research challenges to assist military decision-makers in cyberspace and to set the basis of a Command and Control (C2) system for cyber operations. Under this PA, results will be delivered using a spiral approach over the next 18 months. CySAP follows a modular approach which means that the adopted SA capability architecture will influence additional cyber defence solutions to achieve interoperability
EDA’s Project Team Cyber Defence (PT CD) identified the need for capabilities to enable military commanders at all operational levels to understand and manage the risk of cyber-attack. An important prerequisite is to provide situation awareness (SA) for the commander and his staff, based on a general and specific threat landscape from which the risk of cyber-attack can be observed, understood and evaluated. The objective is for military commanders to have a clear understanding of the cyber threat landscape including system vulnerabilities and attack vectors and to equip them with the tools required to make informed decisions in order to manage cyber risks during the planning and conduct phases of an operation.
EDA is currently working on cyber defence situation awareness for CSDP operations and how to integrate cyber defence in the conduct of military operations and missions. Together with the EU Military Staff, the Agency actively contributes to the cyber defence focus area of the US-led Multinational Capability Development Campaign. The aim of the deployable Cyber Situation Awareness Package (CySAP) for headquarters project is to integrate these functions and to provide a common and standardised cyber defence planning and management platform, that allows Commanders and their staff to fulfil cyber defence related tasks in their day-to-day business.
CySAP aims to integrate a group of technologies into a single platform to provide situation perception, understanding and future projection. It will provide military commanders with a cyber decision-support analysis tool to manage risks and cyber threats during the planning and execution phases of an operation. It will also enable headquarters’ staff to better visualise and interpret the threat landscape, as presented by the Security Operation Centre (SOC). The CySAP requires a collaborative interface arrangement with a SOC. Information provided by a SOC will feed a cyber operational picture, as defined within information exchange requirements and open interface standards.
Training & Exercises
Following a structured cyber defence training need analysis, which is expected to be updated soon, EDA develops, pilots and delivers a variety of cyber security & defence courses from basic awareness over expert level to decision maker training. This is accompanied by exercise formats for comprehensive cyber strategic decision making and cyber defence planning for headquarters.
Member States’ collaborative project ideas include the increasing mutual availability of virtual cyber defence training and exercise ranges (Cyber Ranges) for national cyber defence specialists training. The ranges are multi-purpose environments supporting three primary processes: knowledge development, assurance and dissemination. Accordingly, a federation of ranges may leverage three complementary functionality packages: Cyber Training & Exercise Range, Cyber Research Range as well as Cyber Simulation & Test Range functionalities.
The Cyber Ranges project will improve the use of existing and future facilities for conducting cyber defence training, exercises and testing. The latter is particularly interesting for research. Creating a simulation environment to test cyber products and services is paramount. Just as flight simulators train pilots on best practices about landing, taking off or managing unexpected situations, a cyber range can provide a hands-on learning experience to a cyber defender. Enhanced cyber situation awareness could make use of cyber range functionalities in modelling and simulation.
Advanced Persistent Threats (APT) Detection
Governments and their institutions are among the most prominent targets for APT malware, mostly aiming at cyber espionage. Intrusions are either discovered too late or not at all. Early detection is crucial for a concept to properly manage the risk imposed by APT. After a very successful feasibility demonstrator EDA is leading a follow-on project with a group of interested Member States to develop an even more capable solution as an operational prototype.
The Malware Detection project aims to develop an operational prototype for early detection of Advanced Persistent Threats (APT). Digital Forensics for Cyber Defence comprises technologies that enable cyber defence analysts to collect information and conduct investigations in response to cyber-attacks.
Digital Forensics for Military Use
The collection and evaluation of digital evidence in a military context becomes more and more important, in order to learn lessons from previous attacks (Post-Mortem Analysis), to attribute attacks to perpetrators, to harden military information infrastructures and to improve online analysis capabilities (Ante-Mortem Analysis).
The EDA project for a Deployable Cyber Evidence Collection and Evaluation Capacity (DCEC2) develops a technical demonstrator for a digital forensics capability for the military that specifically responds to the requirements of deployed military operations, such as force protection, agility and rapidity.
Cyber Defence Strategic Research Agenda (CSRA)
Cyber security technologies are relevant to both the civil and the military domain (“dual-use”). Considering on-going and future civil research, for example within the EU Research Framework Programmes, and the high resilience required in defence, it will be crucial to precisely target research & technology (R&T) efforts on specific military aspects. The CSRA is considering these aspects and will include a R&T roadmap for the coming years.
It will be part of an Overarching Strategic Research Agenda (OSRA) for the military and will be aligned and delineated with other research agendas in the cyber security & defence domain. Coordination of research projects with other EU stakeholders such as the European Commission, the European Space Agency and the European Cyber Security Organisation is also implemented.