Since then, the criticality of cyber networks – and how much the modern world depends on their proper functioning – has been driven home to all, from the ordinary consumer to the highest-level policymaker. Whether civil or military in nature, cybersecurity today extends far beyond the backroom to encompass training at all organisational levels, focused exercises, research and development of advanced cybersecurity tools and processes, coordination with auxiliary stakeholders and, not least of all, creative approaches to deploying society’s limited resources against virtually unlimited cybersecurity threats and attempts at subterfuge.

In one way or another, EDA has been a player in all these areas, be it cyber training and exercises, research and development, optimising resources among its Member States or outreach to stakeholder groups.  For example, the latter activity – outreach – has been a particularly important EDA activity to facilitate the exchange of technical information and lessons learnt among Europe’s front-line organisations involved in fighting or defending against cyber-attacks.

Multi-player cooperation  

A good example of EDA’s outreach is its May 2018 Memorandum of Understanding (MoU) with three other EU organisations involved in cybersecurity: ENISA (cybersecurity), European Cyber Crime Center (EC3)/Europol (law enforcement cooperation) and CERT-EU, the Union’s computer emergency response team for EU institutions. The MoU’s purpose is to leverage civil and military synergies among the players to boost the safety and security of the cyberspaces in which they all operate.

At their most recent meeting in July 2019, the MoU partners reported significant progress in the exchange of views and knowledge regarding the policy, technical, and operational aspects to cybersecurity. Their shared ‘collaboration roadmap’ calls for closer cooperation on training and cyber exercises, capacity building, stronger information exchanges and, of course, ways to avoid duplication of effort. They will stage another major event in the second half of 2020, to carry forward these issues, along with a special focus on improved incident-response mechanisms.

Another example of EDA’s cooperative approach to cybersecurity is its participation in research and development. Aside from the R&D projects that it funds on its own or organises among its Member States (see box below on CySAP project), EDA is involved in several EU-funded cybersecurity research projects.

A trio of projects are cases in point. Each of the projects was launched in February 2019 as a pilot to test the viability of the EU’s forthcoming European Cybersecurity Competence Network. The network will facilitate the EU’s support and retention of the cybersecurity technological and industrial capacities needed to secure its digital single market. Though the legislation is still being drafted, the main goal is to create a cybersecurity competence centre by 2021 which will coordinate the EU’s funding for research, as distributed via the network to national entities.

The three research projects are CONCORDIA, ECHO, and CyberSec4Europe. Within each, EDA has a supporting role vis-à-vis their advisory board regarding the project’s dual-use or military cybersecurity potential. Given that a vast swathe of software and cybersecurity measures lend themselves to either civil and military application, it makes eminent sense to involve EDA in the network in observation/advisory mode to keep an eye on innovation that could benefit Europe’s militaries.

The reliance of Europe’s militaries on cutting-edge cyber technologies is so important that these have been incorporated into the recent work by the Agency and its Member States on capability development. Known as Strategic Context Cases (SCCs), these scenarios were approved in June 2019, and will transfer their releasable versions to industry in November.

One SCC is based on cyber and contains five modules: cooperation; education and training; research and technology; land, air, maritime and space operations; and finally, systems engineering for cyber operations. Regardless of its subject focus, however, each of the SCCs is designed to operationally frame the short-, medium- and long-term capabilities that Europe’s militaries need to consider, and how to develop them.

  • © Christoffer Lomfors

Pooling cyber-ranges for resilience

One of EDA’s most ambitious undertakings is its stewardship of the following: the “Cyber Ranger Federation” (CRF), an 11-nation project to knit together their respective national cyber-ranges into an integrated system for real-time training and exercises in simulated operational environments. Such an objective requires massive amounts of computing power and, just as important, a careful parsing of digital labour regarding who simulates what in order to collectively create realistic cyber-training scenarios.

“Very few national ranges have the ability to realistically simulate all the threats and the assets to protect and the defensive measures needed to protect them,” said Mario Beccia, EDA Project Officer for Cyber Defence. “Thus, it makes sense to bring these together into a single network where you feed out a slice of the scenario to each partner, and then bring it all together at a designated time for a complete training environment. The idea was also to enable any military or civilian government entity that interfaces with EU institutions to use it as well.”

Composed of three layers of technology – a hardware/software architecture, management software services, and the content of its training and exercises – the CFR network put on its first major demonstration in Helsinki in November 2019. 

Though the project is scheduled to end in March 2020, EDA is working with its Member States to launch a second three-year phase to create new standards and protocols to enable all the network participants’ services to talk to one another. Among other advantages, this could lead to much faster simulation set-up times and a wider range of things to be simulated, thus helping boost Europe’s overall protection and resilience to cyber-attacks.

Cyber situational awareness for commanders

It is a truism that a modern military’s core operations depend heavily on digital technologies, from command-and-control (C2) of weapons systems to the surveillance and analysis of battlefield conditions to logistics and other support services.

Indeed, the need for cyber-awareness blazes several paths within an operational headquarters. One leads to the situational status of a commander’s assets and battlefield space; another indicates the attacks against an HQ’s digital networks and systems; and yet another points to the decision-support data required for an HQ’s overall cyber-operations. Together, these demand an all-seeing cyber-situational awareness based on a specific architecture of hardware and software services.

EDA’s ‘CySAP’ project aims to do just that. Launched in early 2019 and led by Spain with partner countries Germany and Italy, its goal is to develop a prototype architectural design for a fully-fledged C2 system for cyber operations.

The group is not starting from scratch, however.

“We defined these requirements as early as 2013 and then went to the marketplace to see what was available,” said Wolfgang Roehrig, EDA’s Head of Unit for Information Superiority. “There are a lot of situational awareness packages out there for cyber-centres but these tend to be made for the technical side of things and not for the needs of high-level decision-making. Nothing really exists in terms of cyber operations planning and its implementation for, say, a maritime operation and the needs of its commander for decision-support on countering cyber challenges.”

Working with their respective industries, the three countries will strive to produce a technological package that includes cyber-intelligence, real-time war-gaming operational options and other features. Of special interest will be the package’s potential use of artificial intelligence. “We expect a lot from AI in this area,” observed Roehrig.

The CySAP team will have to move fast, given that it aims to develop the architecture in only 18 months – by summer 2020.

Live demo: Pooling & Sharing of cyber ranges 

On 6 November, as part of the afore-mentioned Cyber Ranges Federation project, EDA and the Finnish Ministry of Defence jointly organised a multinational demonstration exercise in Helsinki attended and supported by experts from several contributing countries (Finland, Estonia, Sweden, Latvia) as well as the European Space Agency (ESA). The live demonstration allowed participants to showcase the practical implications and benefits of connecting and jointly using Member States’ cyber ranges in order to improve and expand each one’s cyber training capabilities.

Practically speaking, the event consisted of a live fire exercise, based on a fictive but realistic training scenario, in which one team had to respond to and defend itself against cyber-attacks from another. The exercise used SD-WAN technology as the backbone network technology. The participating national cyber ranges as well as those provided by ESA were all interconnected and interacting in real time, with each of them having its own particular role to play in the exercise.

The demonstration event was part of the European Union’s combined Cyber and Hybrid Week held under the auspices of the Finnish EU Presidency. “There probably isn’t a domain from which more new security threats are emerging than from cyber. Therefore, stepping up our common cyber defence is a matter of priority and urgency, as it is also reflected in the revised European Capability Development Priorities approved last year. By Pooling & Sharing their national cyber ranges, participating Member States will be able to improve their joint training conditions and, as a result, strengthen their cyber resilience. This successful exercise has shown that we are on the right path”, said Jorge Domecq, EDA’s Chief Executive.

Previous article