Air Power 2017

THE PERSONNEL

122 AIR POWER 2017 21 ST CENTURY PARTNERSHIPS

The Royal Air Force is adapting to protect its systems against growing

cyber threats, as Air Commodore John Wariner, air officer commanding

RAF A6 (Air Computers and Information Systems), tells Simon Michell

CYBER WARRIORS

T

he relative ease and anonymity afforded to

those who wish to do harm to UK military

operations make cybersecurity an ever-

growing, dual-pronged problem. On the

one hand, there are state-sponsored cyberattack

capabilities and, on the other, the equally significant

threat from disaffected employees, lone wolves

and bedroom hackers. Added to that, there are

well-meaning professionals who lack the skills or

discipline to ensure systems remain secure. Whether

it be clicking a link in a phishing email or plugging an

infected device into a system, the consequences can

range from inconvenience, through to unnecessary

resource drain, to full system compromise.

Beyond direct attacks on military personnel and

infrastructure, the defence industrial supply chain

is also a lucrative target. This serves to demonstrate

the importance of Defence Standard 05-138 – Cyber

Security for Defence Suppliers – issued on 21 August

2015, which provides guidance for the levels of cyber

protection required by defence suppliers. Attacks on

the supply chain may be as simple as criminal activity

for financial gain, or as sophisticated as long-term

espionage designed to gain an understanding of,

and acquire information about, defence equipment

and systems that threatens to expose or nullify military

capability advantage before platforms even enter

service. The recent study by PwC and BAE Systems on

Advanced Persistent Threat 10 (APT10) – Operation

Cloud Hopper – offered a valuable insight into the

potentially strategic significance of cyberattacks. And

if further proof of the potential strategic effects of

a cyberattack is needed, the May 2017 ransomware

attack that caused global havoc (including to the UK’s

National Health Service) provides a salutary example.

ALARMING SPEED AND SCALE

It is not just that cyberspace is a relatively new domain,

rather it is the speed and size of impact that is so

challenging. During the Cold War, sometimes enormous

efforts were needed to acquire very small nuggets

of information. Nowadays, masses of information

can be exfiltrated in an instant, without the cost

(both resource and human) associated with Cold War

espionage. Moreover, the alarming speed and scale

removes the time and space in which to mitigate any

potential impact. “We recognise the ever-increasing

use of, and dependency upon, cyberspace, not only

within the military, but nationally. Therefore, cyber

operations are an essential part of integrated operations

planning,” says Air Commodore (Air Cdre) John Wariner,

A6 Force Commander, the man who safeguards the

RAF’s air computers and information systems.

He continues, “The cyber defence challenge is

not new to the RAF. However, due to its ubiquity we

have taken a new approach that amalgamates the

skills and knowledge of a number of specialisations

to address the numerous attack vectors open to

any potential adversary. In doing so, it is our hope

that the sum is much greater than its parts.”

The RAF has taken

a new approach

to cyber defence,

bringing together

the skills and

expertise of all

its people (PHOTO:

© CROWN COPYRIGHT)