Keywords

Introduction

The current state of the art in cybersecurity faces several challenges. Security requirements are often underestimated or ignored, leading to vulnerabilities that can be exploited by cyber threats [1]. The design and implementation of security measures are typically underfunded, resulting in inadequate protection for digital assets [2]. Inherent vulnerabilities in system components and supply chain weaknesses further contribute to security risks [3]. Modern cyber threats are complex and sophisticated, capable of bypassing traditional security solutions [4].

In the military domain, the increasing use of state-of-the-art information and communication technologies (ICTs) introduces new threat vectors and amplifies the impact of cyber threats on defence capabilities. Defence systems heavily rely on interconnected Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) systems, which must be secured despite constrained budgets and limited resources [5]. Additionally, weapon systems and logistical supply chains face cyberattack risks due to their dependence on automation and information management [6]. The asymmetric threats of greatest concern in the military domain are offensive cyber operations targeting C4ISR, weapon systems, and logistical supply chains [7]. The development of a proficient cyber force has become increasingly common and straightforward for many nations, highlighting the growing importance of enhancing cyber defence capabilities. As warfare evolves with the integration of robotics and artificial intelligence, autonomous systems will play an increasingly significant role not only in combat but also in logistics and support functions.

The reliance on computer and electronic systems in the military introduces new pressure points and unpredictability in future wars. Critical infrastructures, supply chains, and military systems can be compromised, necessitating a high peacetime cyber readiness and resilience level. Timely and accurate information and data remain central to achieving information superiority, ensuring effective use of force, and defending military systems. The development of new cyber defence capabilities, such as cyber situational awareness technologies, defensive cyber technologies, and predictive analysis, has been identified as a priority in EU Capability Development [8]. Overall, the evolving landscape of cybersecurity in the military domain requires proactive measures to address cyber threats, enhance information superiority, and strengthen cyber defence capabilities in order to ensure the security and effectiveness of military operations. It has been observed that projects attempting to address the underlying operational requirements for these objectives continue to take the same general approach, namely the implementation of siloed data storage and exchange mechanisms, constrained by interfaces whose interoperability is controlled through proprietary solutions, ad hoc approaches, or traditional standards development processes.

The cyber threat and incident response information-sharing work through a platform, as performed in HERMES, is used to significantly enhance the work conducted on similar technologies for information sharing of active defence measures and cyber threat intelligence [9]. Furthermore, HERMES progresses the existing research for a software solution for enabling real-time cyber threat hunting and live incident response, based on shared cyber threat intelligence [10]. This is done by mixing user-facing functionality on specific subsets of cybersecurity, such as cyber situation awareness, threat hunting, continuous monitoring, endpoint detection, and incident response with information sharing, by developing in-system cybersecurity information-sharing mechanisms that address information-sharing interoperability challenges.

In this chapter, the subject of ‘cybersecurity solutions for the protection of future security and defence systems’ is addressed. We propose the development of a foundational system for data representation, storage, and exchange across all cybersecurity solutions. Such an approach is extremely challenging; however, it should not be dismissed because of its complexity. By tackling the key issues head-on with a blank sheet approach, the underlying principles developed over several years in earlier work present an opportunity to achieve significant advantages over the approach taken by existing cyber defence products and solutions. Furthermore, the Data Exchange Platform (DXP) developed under the HERMES project focuses on the general military use case but more specifically aims to demonstrate its capabilities in the use cases using autonomous military systems (AMS).

Challenges in Autonomous Military Systems

The complete design of the DXP platform will be achieved by the end of the HERMES project, based on common requirements agreed upon by the participating Member States during the studies phase. Through engagements with participating Member States and stakeholders, the DXP will validate the underlying novel approach proposed to address the need for cyber resilience in AMS. DXP is a military-grade, enterprise system comprised of different software components distributed throughout an organisation, including across security domains. It is used by various experts to collect, curate, and distribute cybersecurity information on the specific domain of AMS, and more specifically, unmanned ground vehicles (UGVs).

The problems associated with data security affect all areas of cybersecurity. DXP, as a foundation for building solutions for cybersecurity operations, can be applied to different areas such as intelligence sharing and information warfare. However, DXP mostly focuses on the specific domain of AMS. The focus on UGVs is motivated by the following two factors:

  1. 1.

    The urgent need for cyber defence solutions that can operate as autonomously as the systems they are designed to safeguard. In such scenarios, where high-security environments are complex and challenging, there is a significant need for data exchange between distinct entities [11].

  2. 2.

    The lack of sufficient solutions in this field means that DXP is a new novel design developed using the latest technologies and knowledge.

Moreover, DXP aims to enable automation and autonomy in cybersecurity operations, improve controlled information sharing of high-quality cybersecurity data, and facilitate burden-sharing collaboration and outsourcing of cybersecurity data management. Unlike traditional approaches that rely on interoperability standards, DXP takes a disruptive paradigm shift by separating data representation, storage, and exchange from the uses made of exchanged data. It recognises the complexity of exchanging cybersecurity data and offers a foundational system that can be used by all, providing common data representation, storage, and exchange capabilities. This allows applications to obtain their data not from multiple sources but from a unique system, which takes care of the common data representation, storage, and exchange issues. This significantly reduces the integration effort and resources needed, while allowing this effort to be applied to the development of better applications for specific needs.

DXP Use Cases

DXP outputs are demonstrated through two use cases (UCs). The first UC is a general one showing the use of DXP as a foundational data management service across multiple organisations, while the second UC is more specific for the dissemination of cybersecurity data to autonomous military systems.

DXP General UC

The general UC is illustrated in Fig. 36.1, which shows two organisations, A and B, and a number of cybersecurity application vendors. To illustrate the distributed nature of DXP, Organisation A is shown to be located in two sites, 1 and 2. In this diagram, DXP is illustrated at the conceptual level by the following components in dark blue:

  • HERMES Data Store (HDS), for storing all data within DXP.

  • HERMES Data Management (HDM), which provides automated data management functions defined in policies.

  • HERMES User Interface (HUI), which provides the functionality for policy administrators, data curators, and quality assurance experts to manage the data throughout its life cycle.

  • HERMES Data Exchange (HDX), responsible for exchanging data with other instances of DXP according to the defined policies.

  • HERMES Application Programming Interface (HAPI), which provides access to data to cybersecurity applications (‘App x’).

Fig. 36.1
A model of the D X P Data Exchange Platform depicts two organizations, A and B, along with various cybersecurity application vendors. Key labels include cybersecurity specialists and policy administration creators, illustrating their roles within the platform.

DXP general UC

Full size image

The various cybersecurity applications represent existing cybersecurity solutions operated by cybersecurity professionals (‘CS Specialist’). While these represent applications such as today’s antivirus software, intrusion detection systems, end-point protection software, and security incident and event monitoring software, for example, these have been modified to use DXP as their source of data through the HAPI. As vendors update the datasets used by their products, DXP brings this data to the applications installed in end user facilities while enforcing licence agreements. Because cybersecurity data is concentrated in DXP, data management activities such as correlation and quality assurance can be done via functionality offered by the HUI, including correlation with private data held in the HDS but never meant for sharing. The HDX component handles data flow across sites as instructed by policies. It also mediates exchanges between organisations where exchange agreements have been put in place for information sharing, collaboration, and outsourcing.

DXP UC for Autonomous Military Systems

In this UC, as illustrated in Fig. 36.2, DXP provides the ability to channel data from various sources and communities to UGVs as below:

  • The UGV System Vendor holds information about potential vulnerabilities in its systems, which it will share with its customers through the DXP functionality. This functionality provides confidentiality and data exchanges are performed according to policies that cover licensing, copyrights, and authorised uses, amongst other things. This gives vendors the ability to prevent customers from further sharing this information, at least from a contractual and system point of view. This is data flow #1 in the diagram.

  • This type of information includes generic data, such as details on vulnerabilities and security updates for operating systems and widely used software libraries, and it is shared within the global cybersecurity community through organisations like the Forum for Incident Response and Security Teams (FIRST) or national Computer Security Incident Response Teams (CSIRTs) [12]. This is data flow #2 in the diagram.

  • In terms of illustrating the various sources of cybersecurity data, it also shows generic cyber threat intelligence being shared by Allies via DXP. This is data flow #3 in the diagram.

Fig. 36.2
A model depicts the D X P Data Exchange Platform U C for autonomous military systems and data channeled from various sources to U G V s. Labeled entities include U G V system vendor, Ministry of Defense, military operations, and battlefield, illustrating the data flow and interactions.

DXP UC for autonomous military systems

Full size image

All of this data and information is received at an office within the Ministry of Defence of the country operating the UGVs, for example, responsible for managing the UGV program. This could be done via a dedicated cybersecurity application (‘CS App 1’) connected to DXP, shown as data flow #4. Other cybersecurity applications (‘CS App 2’ and ‘CS App 3’) could also use DXP as their source of data for other purposes, shown as in data flow #5 in the diagram. The application used to manage the cybersecurity of the UGVs could be provided by the UGV vendor, providing the overall functionality to maintain the fleet of UGVs during its life cycle, including the functionality required to manage the cybersecurity of the fleet.

Once the staff managing the UGV fleet have considered the available information and decided how to address cybersecurity issues, the data would be passed to the operators of the UGV on deployed operations. This is data flow #6. It is expected that this would happen at a higher security classification, which would be facilitated within the DXP installed at the Ministry of Defence. Data flow #6 is, therefore, shown as a red line.

The operators of the UGVs employed in military operations can then use a Command-and-Control application (‘UGV C2 App’) to consider the information sent by the managers of the UGV fleet and merge it with the current mission parameters and local threat information available in the theatre. Based on the assessed risks, which ultimately incorporate data from the UGV manufacturer, the cybersecurity community, Allies, UGV programme managers, and operational considerations, the operators can decide which available measure to take and use HERMES to transfer the data directly to the deployed UGVs. This is data flow #7, also in red as it is expected to be done at a higher classification level.

Moreover, Fig. 36.2 shows a smaller DXP application being part of a Cyber Defence System (‘CDS’ in the diagram), also most likely provided by the UGV vendor, showing how the components of DXP can be designed to be minimalistic for constrained environments and embedded into other applications.

Conclusion

The proposed DXP system is built upon prior North Atlantic Treaty Organization (NATO) work known as the ‘Cyber Security Data Exchange and Collaboration Infrastructure (CDXI)’ [13]. Technical reports related to this work were published as part of the Allied Command Transformation Programme [14] and the Multi-National Cyber Defence Capability Development Project. While these publications are available from the NATO Communications and Information Agency and NATO Nations, they are not publicly accessible due to their classification.

Within the EU context, the HERMES project can greatly benefit other initiatives such as the ‘Cyber Threats and Incident Response Information Sharing Platform (CTIRISP)’ and the ‘Integrated Unmanned Ground System (UGS)’ project under the PESCO framework. The focus of such projects is on specific aspects, like cyber threats and incident response information sharing. By incorporating insights from the DXP system, these projects can potentially overcome the challenges faced by other solutions in the same domain.

The HERMES project not only focuses on the design of the HERMES Data Exchange Platform itself but also includes a demonstration of its value in the context of cyber defence for UGVs. If implemented, HERMES would be considered an enabling capability for cyber-responsive operations, aligning with EU Capability Development Priorities [8].

Overall, the HERMES project aims to address the limitations in information sharing, collaboration, automation, and autonomy in cyber defence by providing a dedicated system for the secure exchange and management of cybersecurity data.