Cyber-proofing the defense sector

By Elastic

Experts from search and data company Elastic share how data can secure defense organisations.

In The Kill Chain, Christian Brose, former staff director of the U.S. Senate Armed Services Committee, talks about the US military “fighting a losing game” against more advanced, high-tech rivals.

The definition of ‘warfare’ has taken on a new meaning today. Defense sectors are no longer dealing with the usual ships and tanks - but also fast-emerging threats from cyber attacks and disinformation.

What will it take to build up the cyber defenses of militaries? Elastic shares how data can help.

Today’s threat landscape

The Pentagon reported a surge in cyberattacks as adversaries tried to exploit Covid-19 restrictions that forced more than 4 million employees and contractors to work from home. If successful, these malicious actors could gain access to critical infrastructure systems or confidential information.

These attacks will only get more advanced, as a wealth of emerging technologies are available at the hands of cybercriminals. The US Cyber Command in October temporarily disrupted an army of at least a million bots run by Russian-speaking criminals, the Washington Post reported.

Detect anomalies

Visibility is crucial for defense organisations to know what threats are targeting their systems, and what the most pressing ones are.

Data typically resides in multiple formats, and organisations must be able to search through these disparate sources to surface the relevant insights required. A security incident and event management solution can help to consolidate these data into a common platform - making it easier to surface anomalies.

Elasticsearch allows organisations to zoom out and discover trends and patterns in data. Its visualisation tool, Kibana, can then be used to create bar charts and pie charts to make these trends easy to understand.

For example, Elastic US Federal customers use Elasticsearch to process log data and sieve out evidence of cyber crimes - this is then turned into insights that agents can use in an investigation.

Respond rapidly

A proactive cybersecurity approach will allow organisations to stay one step ahead of malicious actors.

Threat intelligence can inform organisations of upcoming attack trends - allowing organisations to put the necessary mitigations in place, instead of cleaning up after an attack.

Defence organisations can also turn to automation and machine learning to increase the speed of cybersecurity responses. Automation can quickly notify security analysts of possible issues and implement the necessary frontline controls when a threat is detected. Analysts can then devote their time to understanding the threat and implementing additional security controls.

Incorporating agility

Creating the right culture will also be key to building up cyber resilience. The German military’s Cyber Innovation Hub has made it a priority to work with startups and incorporate an entrepreneurial culture into the organisation, its founder and former CEO, Marcel ‘Otto’ Yon, told GovInsider.

The United Kingdom has also embarked on new innovation initiatives such as NavyX - a programme designed to rapidly develop, test and trial cutting-edge equipment.

Warfare is no longer limited to the physical front. Cyberattacks are a real and persistent threat that militaries need to tackle - embracing the appropriate technologies and creating an agile culture will be key.