In recent years military, intelligence, and government agencies have become aware of a new and fast evolving threat, driven by technological change, and taking forms they are often ill-equipped to identify and counter. These new technologies are set to change the face of modern warfare.
Perhaps most disturbing for conventional military thinkers has been the emergence of coordinated attacks unlike anything previously encountered. For example, in early January 2018, a swarm of unmanned drones launched an assault against a Russian military base in Syria. The Russian authorities stated that the drones were shot down and that no damage or casualties resulted, though these claims are difficult to verify. In any case, it was the first reported example of a totally different type of low-cost attack on high-value facilities – a threat that may soon become commonplace.
Away from the traditional theatre of conflict, critical national infrastructure has also been attacked using novel methods made possible by advanced technology. In 2017, hackers (allegedly from North Korea) gained access to the power grid controls of one of the US’s utility companies. Back in 2015 and 2016, the Ukraine government claimed that Russia-linked hackers had repeatedly shut down parts of its power distribution network, thereby causing chaos. Some years earlier, targeted malware – dubbed Stuxnet – was alleged to have severely damaged vital equipment in Iran’s atomic research facilities. More recently, there have been claims of foreign interference in US and European elections via tailored information leaks and targeted online ads, as well as various malware tools. In almost every case, these leaks could be blamed, at least in part, on the poor security practices of government agencies, employees and consultants.
Underlying these alarming stories is a key trend – the blurring of the dividing line between consumer products and specialised military, aerospace and intelligence hardware/software. This change is being driven by the increasing efficiency of mass production. It is getting tougher to justify a multi-million Euro development budget for a new military device or component, when a few thousand Euros worth of consumer hardware and software could adequately perform many of the required tasks.
Letting down the guard
Before 2000, a government minister would typically have used a dedicated secure communications network based on proprietary protocols and hardware, effectively creating a safe air-gap between themselves and public systems. Recently though many officials have insisted on ditching clunky old secure handsets and utilising modern user-friendly mobile phones or tablets.
As this consumer-level technology increasingly moves into military and intelligence applications, there are scenarios that illustrate the profound shift and potential impact it may bring about. A modern cutting-edge military aircraft, such as the F-35 or MiG-35, can cost almost Euro 80 million. But could that aircraft always survive being swarmed by dozens of Euro 100 drones armed with simple shrapnel grenades? The answer to that question is uncertain, but amongst civil aviation authorities there is already growing concern about the risk that even a single accidental drone impact could pose to a commercial aircraft. Demonstrating the damage that a small, cheap weapon can do if it can get close enough – in 2000 the USS Cole, a state-of-the-art $1.8 billion destroyer, was caught off guard, holed and disabled by a single small explosive-laden fibreglass boat piloted by two suicide bombers. Seventeen crew lost their lives as a consequence.
Armed forces, intelligence services and governments are increasingly heavy users of off-the-shelf consumer electronics, for networking, storage and so on, because a custom device would cost tens of millions to develop, and take so long that it would be out-dated by the time it was delivered. In fact, this has conversely led to the curious trend of ‘military spec’ standards, originally developed for the armed forces, migrating into the consumer and commercial markets, because they are seen as a strong guarantee of reliability and ruggedness. Unfortunately, the proliferation of consumer electronics in military applications is opening up potential vulnerabilities. The use of consumer-grade hardware and services to handle secure data – sometimes even in breach of official rules or guidelines – has been blamed for several damaging information leaks, among them US officials’ emails and US intelligence services’ hacking tools.
In general, it can be argued that the spread of cheap, powerful, mass-produced technology has, in some areas, tended to tilt the balance of power away from large organisations, such as armies and government agencies. The very nature of this imbalance lends itself to one of a modern military’s greatest fears: asymmetric warfare, or low cost attacks that generate enormously costly damage.
These concerns are driving increasing investment on cyber-defence, as well as spending on research into new military technologies. NATO saw a 60% in cyber security incidents in 2016, and officials called for a corresponding increase in defensive spending. Recent US budget proposals ask for a $1.5 billion cyber-security budget for the Department of Homeland Security alone, and total US federal government’s annual cyber-security spend is estimated to have soared from $7.5 billion a decade ago to over $28 billion today.
Technology to the rescue?
As recent news reports have shown, governments are waking up to the grave intelligence threat posed by officials and staff who use insecure devices to handle secure information. Snatching the iPhones and easy-to-use laptops back out of the hands of staff is a tough ask, but personal security practices can still be tightened up, and platform security can be enhanced with encryption, biometric identification (such as fingerprint ID), as well as failsafe mechanisms that wipe or lock devices if they are stolen. Somewhat ironically, the consumer product sector is forging ahead with all of these security measures, so consumer-grade hardware and software may turn out to be the answer to the very problems that they have fostered.
In addition, while the shifting technological landscape certainly gives military planners headaches, it is also constantly presenting them with attractive new opportunities. For example drones and other unmanned aerial vehicles (UAVs), unmanned ground vehicles (UAGs) and also general-purpose robots are already increasingly used in military operations for surveillance, bomb detection/disposal, supply and air strikes. By keeping military personnel out of harm’s way, these tools create the potential for new strategies and may make a high-risk attack feasible. They also provide clearer information, again without risking personnel, and they allow more precisely targeted attacks to be carried out – thereby greatly reducing the risk of innocent lives being lost and minimising other forms of collateral damage.