EDA’s growing role in cybersecurity

Since then, the criticality of cyber networks – and how much the modern world depends on their proper functioning – has been driven home to all, from the ordinary consumer to the highest-level policymaker. Whether civil or military in nature, cybersecurity today extends far beyond the backroom to encompass training at all organisational levels, focused exercises, research and development of advanced cybersecurity tools and processes, coordination with auxiliary stakeholders and, not least of all, creative approaches to deploying society’s limited resources against virtually unlimited cybersecurity threats and attempts at subterfuge.

In one way or another, EDA has been a player in all these areas, be it cyber training and exercises, research and development, optimising resources among its Member States or outreach to stakeholder groups.  For example, the latter activity – outreach – has been a particularly important EDA activity to facilitate the exchange of technical information and lessons learnt among Europe’s front-line organisations involved in fighting or defending against cyber-attacks.
 

Multi-player cooperation  

A good example of EDA’s outreach is its May 2018 Memorandum of Understanding (MoU) with three other EU organisations involved in cybersecurity: ENISA (cybersecurity), European Cyber Crime Center (EC3)/Europol (law enforcement cooperation) and CERT-EU, the Union’s computer emergency response team for EU institutions. The MoU’s purpose is to leverage civil and military synergies among the players to boost the safety and security of the cyberspaces in which they all operate.

At their most recent meeting in July 2019, the MoU partners reported significant progress in the exchange of views and knowledge regarding the policy, technical, and operational aspects to cybersecurity. Their shared ‘collaboration roadmap’ calls for closer cooperation on training and cyber exercises, capacity building, stronger information exchanges and, of course, ways to avoid duplication of effort. They will stage another major event in the second half of 2020, to carry forward these issues, along with a special focus on improved incident-response mechanisms.

Another example of EDA’s cooperative approach to cybersecurity is its participation in research and development. Aside from the R&D projects that it funds on its own or organises among its Member States (see box below on CySAP project), EDA is involved in several EU-funded cybersecurity research projects.

A trio of projects are cases in point. Each of the projects was launched in February 2019 as a pilot to test the viability of the EU’s forthcoming European Cybersecurity Competence Network. The network will facilitate the EU’s support and retention of the cybersecurity technological and industrial capacities needed to secure its digital single market. Though the legislation is still being drafted, the main goal is to create a cybersecurity competence centre by 2021 which will coordinate the EU’s funding for research, as distributed via the network to national entities.

The three research projects are CONCORDIA, ECHO, and CyberSec4Europe. Within each, EDA has a supporting role vis-à-vis their advisory board regarding the project’s dual-use or military cybersecurity potential. Given that a vast swathe of software and cybersecurity measures lend themselves to either civil and military application, it makes eminent sense to involve EDA in the network in observation/advisory mode to keep an eye on innovation that could benefit Europe’s militaries.

The reliance of Europe’s militaries on cutting-edge cyber technologies is so important that these have been incorporated into the recent work by the Agency and its Member States on capability development. Known as Strategic Context Cases (SCCs), these scenarios were approved in June 2019, and will transfer their releasable versions to industry in November.

One SCC is based on cyber and contains five modules: cooperation; education and training; research and technology; land, air, maritime and space operations; and finally, systems engineering for cyber operations. Regardless of its subject focus, however, each of the SCCs is designed to operationally frame the short-, medium- and long-term capabilities that Europe’s militaries need to consider, and how to develop them.

Pooling cyber-ranges for resilience

One of EDA’s most ambitious undertakings is its stewardship of the following: the “Cyber Ranger Federation” (CRF), an 11-nation project to knit together their respective national cyber-ranges into an integrated system for real-time training and exercises in simulated operational environments. Such an objective requires massive amounts of computing power and, just as important, a careful parsing of digital labour regarding who simulates what in order to collectively create realistic cyber-training scenarios.

“Very few national ranges have the ability to realistically simulate all the threats and the assets to protect and the defensive measures needed to protect them,” said Mario Beccia, EDA Project Officer for Cyber Defence. “Thus, it makes sense to bring these together into a single network where you feed out a slice of the scenario to each partner, and then bring it all together at a designated time for a complete training environment. The idea was also to enable any military or civilian government entity that interfaces with EU institutions to use it as well.”

Composed of three layers of technology – a hardware/software architecture, management software services, and the content of its training and exercises – the CFR network put on its first major demonstration in Helsinki in November 2019. 

Though the project is scheduled to end in March 2020, EDA is working with its Member States to launch a second three-year phase to create new standards and protocols to enable all the network participants’ services to talk to one another. Among other advantages, this could lead to much faster simulation set-up times and a wider range of things to be simulated, thus helping boost Europe’s overall protection and resilience to cyber-attacks.