‘Procure to Secure’ – Shift the defence technology mindset

Emerging cyber threats are taking advantage of an increased number of new vulnerabilities. No organisation is immune, as last year’s SolarWinds attack proved.

Advances in cyber protection have been made but the volume of conventional attacks continues to rise whilst new, increasingly sophisticated Advanced Persistent Threats (APTs) emerge from a diverse group of actors. Globally, the impact of a national level breach remains as high as ever, from undermining democracies to critical infrastructure failures.

In this article, Chris Parker MBE, Director Major Accounts at Fortinet UK, explains how the cyber threats faced by UK Defence are already overcome every day by global business using next-generation security technology. This article is the opinion of the author and not necessarily that of the UK Defence Journal. If you would like to submit your own article on this topic or any other, please see our submission guidelines.

Agile cybersecurity must therefore be an urgent priority for UK Defence, but cybersecurity and the UK Defence sector have a complex relationship. Cybersecurity strategies and technologies have fallen behind, largely due to lengthy and complex UK MOD procurement processes, tighter CAPEX-focused budgets, and a rigid internal culture where changing anything is less attractive to the people involved. If such internal challenges exist, is there inspiration elsewhere?

Fortunately, there are other industries advancing the deployment of successful cybersecurity technologies; commercial business (or enterprise) being one. UK Defence should look to recent enterprise experience when it comes to addressing cyber threats and utilising the latest technology to secure and protect. The global daily cyber success is drawn from a new set of innovators.

From powerful pioneers to keen followers

Prior to the 21st Century, Defence was synonymous with technological advancement. You only need to look at the Cold War for an example of how the sector once paved the way for innovations like thermal imaging and stealth aircraft. As a leader in technology, Defence was previously well-placed to develop its own technological advancements, writing spec for new solutions and funding leading scientists to create them.

But the rapid global evolution in information technology has for some years outpaced Defence. Due to a dated, complex procurement process and an institutional culture that is hamstrung by process – and lacks lower-level incentive to change – the sector is frequently operating on legacy capabilities that further increase the level of vulnerability, despite the fact that more effective solutions already exist in the market. The latest UK Defence review’s emphasis on reducing troop numbers and prioritising investment in new technology is an opportunity for the sector.

To further reverse this under-performance, Defence must shift its whole procurement mind-set and embrace adoption of the many next-generation capabilities already available. Such a shift will allow the sector to properly mitigate against cyberattacks and sustain an robust defence.

Next-generation solutions for robust defence

The good news is that there are examples of other industries implementing cybersecurity technology with positive results, which can help reassure Defence leaders and open the door to more strategic partnerships.

Enterprise is ahead of the game, having demanded the highest level of compliance, agility and security for some years. Businesses pivoted swiftly and impressively during the pandemic, enhancing their digital capabilities to deal with remote working and deploying the necessary security solutions to protect their increased attack surfaces.

This means that the demand for large scale, top-level security solutions has already been met outside the Defence sector. From Next-Generation Firewalls (NGFW) to AI-based solutions, the market is already rich with cutting-edge technology to keep networks secure at scale, meaning Defence can source off-the-shelf solutions to meet most needs. One solution that will help Defence catch up is Secure SD-WAN. The legacy fibre optic infrastructure in UK Defence is expensive and (even worse) restricts bandwidth thus reducing vital data capacity. Secure SD-WAN will provide the revolutionary agility and capability to meet modern Defence Data needs, increasing the capacity of the whole system for a reassuringly lower total cost of ownership. Combining this with the latest Zero Trust Access required by remote working trends provides the technology leap forward that the UK Defence sector truly needs.

Paradoxically, taking advantage of modern technology is today more financially efficient than ever, with many providers able to arrange long-term commercial agreements for rolling service and support to match rapidly evolving security needs. The UK Government’s 2021 Integrated Security Review paves the way for Defence to catch up and rapidly transform. The only barrier is finding the right technologies and new partner to supply them.

Partner solutions for a complex future

Off-the-shelf solutions form a powerful defence against cyber risk; they are neither difficult to procure nor complex to manage. In fact, they are readily available, easy to purchase and integrate end-to-end globally. They can be adaptive, update threat information automatically and be more cost-effective than expected. They will certainly be cheaper and faster than organisations developing their own firewalls or anti-phishing solutions.

However, the UK Defence sector does need to think long and hard about its next generation of partner relationships. Modern cyber threats require new technology like that of FortiGuard Labs which updates threat intelligence automatically to ensure continuous ‘world class’ security. As a result, it is vital for UK MOD to establish relationships with a new generation of high-tech suppliers. UK Defence spending is historically a ‘bun fight’ between the 3 Services. Budget allocations for cyber in this historical way will leave vulnerable fault lines. Is there an easy answer? The new MOD UK Cyber Command should now act and be budgeted for all. The Police ICT company model devised by the UK Home Office showed how centralised control and procurement can swiftly transform a disparate system to deliver shared excellence and success. Supply Partners that offer to lease out licences in a three-year cycle can ensure that any tech lag (and thus risk) is effectively outsourced to the vendor.

Attacks are inevitable but it pays to have an agile technology partner you can rely on when they do occur – plus AI-based measures in place to ensure that their rate of success is as low as reasonably possible. Both Enterprise and Defence Sectors in this decade require a similar system of integrated and automated high-technology. Now is the time to exploit the latest, proven technology to leap ahead.

Staying ahead of the enemy

Cyberattacks are now an accepted form of warfare. In war, the enemy continually evolves so it is essential that defence strategies adapt and stay ahead. Fortunately, the novel technology to counter these changing and highly dangerous threats already exists and has been proven to be effective. UK Defence simply needs to shift its mind-set; to confidently reach out, partner up, exploit available technology and, like modern global enterprise does every day, always keep one step ahead of the adversary.