In our digital era, national defence and the military also operate in cyberspace to fight off the increasing numbers of attacks in this new battlefield.
The digital transformation of all activities goes hand in hand with an increase in attack surface with new vulnerabilities for citizens, companies and institutions, but also for the defence and military sectors. In the same way that criminals have invested in cyberspace, extremist groups, terrorist organisations or back rooms acting on the behalf of foreign states, take advantage of this virtual space without borders in which they can act rapidly and permanently cover their tracks.
In October 2019, Florence Parly, the French Minister for the Armed Forces, declared that France had already been targeted over 800 times by cyberattacks in only 9 months*. The objectives of these attacks were the same than those before the digital age: espionage, destabilisation, sabotage, manipulation, etc. The attackers, who adapted to the available technological means, are groups of hackers seeking data to sell, back doors onto the payroll or at the service of foreign states.
This context led the Ministry of the Armed Forces to build an operational command dedicated to cyber defence: “ComCyber”. Cyberspace is now a new field of operation and even though cyber defence does not have an army per se, it acts in the same capacity as the Ground, Naval, Air and Space armed forces.
Created in May 2017, ComCyber is in charge of military cyber defence. The 2019–2025 military programming law allocated a budget of 1.6 billion euros and the recruitment of 1100 cyber-soldiers to the command. When asked to explain his role, the General Didier Tisseyre, replied without hesitation, “I am paid to be paranoid. Our mission is to fend off any military attack against our nation State”.
The tone is set. “Today in cyberspace, we are not in a time of war or peace, but in a state of permanent crisis!”, he adds. The missions of ComCyber cover two main areas in the fight against cybercrime: defence (LID, Lutte informatique Défensive) and offence (LIO, Lutte informatique Offensive). Fighting against jihadists, for example, now requires ground and air forces, as well as soldiers in cyberspace.
The purpose of ComCyber is not only to defend the information systems of all the entities of the Ministry of the Armed Forces against attacks, but also to defend embedded computer systems used in operations. These are found in weapons, industrial machinery, energy supply equipment, etc. This equipment is as much if not more likely to be attacked through digital media, as shown by the experience of the U.S. Department of Defense. For several years, it has organised open challenges during which “white hats”, or “ethical” hackers, are invited to test the resilience of security systems and seek vulnerabilities. In 2019, it only took 48 hours for clever hackers to take control of a F‑15 Eagle fighter aircraft. These things do not happen only in movies!
The French Ministry of Armed Forces also performs these security flaw hunts called “bug bounty” programs. With one difference: ethical hackers are recruited among the cyber-defence reservists and the civilian and military personnel of the Ministry of Armed Forces.
New challenges call for new types of organisation and methods. The ministry now includes 3000 cyber-soldiers (4000 are planned for 2025) and one-third of these is directly attached to ComCyber. The other two-thirds are divided in different services of the Ministry of the Armed Forces, or posted in specialised services such as the National Agency for the Security of Information Systems (ANSSI, Agence nationale de la sécurité des systèmes d’information).
And, contrary to what one may think, they are not all coding experts. “It is true that we need digital specialists, but we also need experts in geopolitics, social engineering, social networks, military operations, etc.”, indicates Didier Tisseyre.
*Since this interview, in a recent study Neustar estimate that the number of cyberattacks during the first 6 months of 2020 was 151% higher than the figures for the same period of the previous year. They conclude therefore that the Covid crisis has had an impact on cybersecurity.
Hospitals, victims of a cyberpandemic?
The testing of hospitals seems to be another point in common between a real pandemic and a cyberpandemic. According to the consulting firm PwC, the number of cyberattacks on healthcare institutions increased by 500% in 2020 1. In February 2021 alone, two French hospitals (Dax and Villefranche-sur-Saône) fell victim to RYUK ransomware. The virus paralysed their computer systems for several weeks and encrypted patient files, forcing them to return to paper and pen in an emergency.
Whilst these attacks have not resulted in deaths – as was the case in September 2020 in Düsseldorf, where a cyberattack prevented the operation of a patient in critical condition – their dangerousness seems to be growing. As such, governments are beginning to provide funds to deal with them. In the United States, the Medical Device Safety Action Plan announced in 2018 aims to modernise and secure digital devices used in the country’s medical services. The French government has also presented a budget of €350 million to increase the number of IT audits and training in hospitals.