CONNECTING THE DEFENCE COMMUNITY WITH INSIGHT, INTELLIGENCE & OPPORTUNITIES

Officially Supported By: Defence Contracts International Supply2Defence
Official Media Partners for: Defence Procurement Research Technology Exportability Exhibition

Writing for Defence Online, Mike Tagima, Senior Business Development Manager, QinetiQ examines the changing landscape of global warfare and its impact on businesses.

The landscape of global warfare is experiencing the next seismic shift in its history. The technological developments of the 20th and 21st centuries contributed to the development of well trained and equipped armies across the world, a departure from that privilege being held by only the richest nations. Now, as the democratisation of technology advances, it is no longer just countries with huge spending power that can arm themselves with weapons of warfare – it can now be done on an individual basis too.

These weapons of warfare are not the conventional rifle or tank, but rather non-unique computers which through expert use give bad actors the ability to inflict damage on their targets, whether they be governments or proxies of government. Action in this way is now understood to take place within the grey zone – an area in which bad actors are able to attack political, economic and military instruments without provoking a conventional response, or even being recognised as formal acts of aggression.

The increasing relevance of the grey zone is demonstrated by the number of acts within it making the news. Whether it be attacks by Russian hackers against the Tokyo Olympics to cause disruption or GCHQ employing an offensive cyber-operation to disrupt attempts by hostile states to spread anti-vaccine propaganda, the grey zone is quickly becoming a major area of growth within warfare. The accelerating transfer of consumer technology from lab to user, continues to lower the bar for entry and we’re likely to see an increased number of those with the capabilities to act within the grey zone.

A shared problem

As often is the case with warfare, its boundaries can often be blurred, and private parties can find themselves falling victim to acts of warfare, particularly within the grey zone. A combination of a lack of defined lines of battle and unconventional weapons, means acts involve much less overt conflict. In many cases we see subtle measures put in place to disseminate misinformation on mass – which in turn causes the degradation of confidence in a government – the ultimate desired outcome for adversaries.

Consequently, it becomes very easy for grey zone attacks to spill over into the private sector. The current global pandemic in which we find ourselves, provides ample opportunity. An adversary wanting to destabilise a government, and cause significant reputational harm, could target and derail their COVID-19 testing regime. In a UK context, this would mean targeting one of the private companies which has won the contract to administer it. That company now has the responsibility of addressing that attack, whilst the government and society also suffer harm. Another avenue for bad actors could be to disrupt the UK’s privately managed power and broadband services, or meddle with its transport and signalling infrastructure. Suddenly, dozens of organisations – many of whom might not even be directly in the supply chain to the government – are potentially at risk.

What needs to be done

Fortunately, a shared problem can be met with a shared approach. Those on both sides of the public and private divide can work together to strengthen defences. For those private organisations, here are three key steps:

1. Evaluate and understand your risk: As is evident from the current news cycle, cyber-attacks are becoming an increasingly weapon of choice for those conducting organised crime. With more and more software businesses within the market, whether focussed on accounting or project management, attackers have more avenues to penetrate unwitting end-users. This issue has been compounded by the unavoidable growth in remote working, forcing a migration to the cloud. With a technology framework so fragmented it is difficult to maintain resilience, that’s why an understanding of where potential weak points are is integral to a defence.

2. Enhance your awareness: As the range of threats become more varied, they also become harder to identify. A key component of resilience is early detection. Chief Information Security Officers (CISOs) need to have an understanding of which unconventional tactics could be at play and know when and how to act. With an evolving threat, gaining that awareness requires proactive decisions and making sure everyone in the company is aware of how to report suspicious activity and the process to follow. Companies may therefore wish to seek out training from experts such as white hat hackers, or recruit those with a skillset capable of countering the ever-evolving tactics of bad actors.

3. Build in new resilience measures: Whilst there is a growing number of threats from the democratisation of technology, there is also a growing use of it as a defence; in this case, artificial intelligence (AI). In the wrong hands it can be used as a powerful weapon, capable of uncovering and exploiting vulnerabilities the human eye cannot find. However, as a tool in defence, its ability to process huge volumes of information simultaneously make it a key weapon within a defensive armoury. For CISOs, knowledge is power when it comes to developing a resilient framework and AI makes garnering that knowledge much easier.

Final thoughts

There is no sign of the grey zone’s growth slowing. The availability of complex technologies to consumers will continue to rise and with it the capabilities of individual bad actors taking advantage of the benefits they offer, consequently increasing the potential vulnerabilities businesses may have. It is important that CISOs acknowledge that this is not just an issue for their country’s defence organisations, but that they are just as much at risk of being caught in the crossfire and likely to face significant impacts – both financial and reputational. Now is the time to critically assess security frameworks, and where necessary work to build in solutions which can ensure resilience in the long-term.

If you would like to join our community and read more articles like this then please click here

grey zone Mike Tagima QinetiQ

Post written by: Matt Brown


LATEST STAKEHOLDER

Become a Stakeholder today and benefit from an exclusive marketing package which will allow you to:

  • Engage with active defence buyers and key supply chain partners
  • Create your own branded micro-site which within Defence Online which is managed by you
  • Have a dedicated Digital Account Manager to help enhance your Stakeholder page
  • Promote your news, products, press releases, eBooks and Videos as a Defence Online partner which feeds through to our homepage and social media channels
  • Have your company promoted on our partner website Defence Contracts Online (DCO)
  • All news promoted in mynewsdesk, a major hub for all of our news articles which enables news to be picked up from trade magazines, national newspapers and many other publications which offers extra exposure at no additional cost!

Contact us today or call us on 0845 557 1315 to take advantage of this exclusive marketing package


.

RELATED ARTICLES

Swing roles first for LPTA range at MOD Aberporth

January 14, 2021

Air - Swing roles first for LPTA range at MOD Aberporth

The first ‘Swing roles’ to be conducted at a Long Term Partnering Agreement (LTPA) range took place recently at MOD

The skills challenge – preparing forces for the grey zone threat

January 12, 2021

Maritime - The skills challenge – preparing forces for the grey zone threat

Writing for Defence Online, Helen Dudfield, Chief Scientist for Training and Human Performance at QinetiQ, examines how governments can prepare