In today’s digital era, data has become an invaluable asset for businesses across all industries. However, with this increased reliance on data comes a heightened risk of cyber threats, particularly in the defence industry, where sensitive information must be protected from adversaries. To address these challenges, data encryption has emerged as a critical tool in safeguarding confidential data and enhancing cybersecurity measures.
No entity is safe. From the smallest company to the largest enterprise, barely a day goes by without news of another breach, meaning that companies need new solutions to protect themselves and their most valuable data assets. Last year, for example, there were a significant number of cyberattacks on the military and defence industries, which have proven to be highly vulnerable to ransomware and similar cyberattacks. Kon Briefing recorded 34 major cyberattacks on the military and defence industry in 2022, which amongst others saw 1.7 million Polish Army logistics data sets published; data about 120 000 Russian soldiers fighting in Ukraine leaked; over 15 000 emails from a Russian military construction company leaked; 400 000 emails of the Chilean Ministry of Defence leaked; a database of the Russian military intelligence service leaked; and secret NATO documents from Portugal offered for sale on the Darknet etc.
Growing cyber threat to the defence industry
Dozens of big and small defence companies, ranging from Elbit to L3Harris, were attacked last year, causing wide-ranging fallout. In November 2022, when it emerged that ransomware attackers had published data from Thales on the internet, the company’s shares dropped by nearly 9%.
According to a report from BlueVoyant, attackers are not just targeting the prime contractors that have the money and resources to build up firm and solid cybersecurity, but also the smaller subcontractors down the supply chain. One example of this came last year when a supplier to missile company MBDA was hacked and information, including blueprints of weapons being used by NATO allies in Ukraine, was sold online.
The number of notable breaches has been rising in recent years, whether it is from hostile states or criminal enterprises. In 2020 there were a record number of security breaches at the UK’s Ministry of Defence, totalling 151 reported incidents, particularly where data was transferred between the MoD and its private sector partners. The SUNBURST hack in December 2020 exposed numerous US intelligence agencies and departments, including the Pentagon, when an infected software update was used as a trojan horse by suspected Russian hackers.
In May 2021, it was revealed that Chinese hackers had used spear phishing to target Russia’s largest submarine design bureau, attempting to steal schematics and logistical plans. This same group in 2022 hacked dozens of defence entities in several Eastern European countries and Afghanistan in order to steal secret documents using malware called PortDoor.
These activities illustrate how even good security systems at large companies are vulnerable to online attacks. The consequences can be severe and even life-threatening in a military context, especially when equipment vulnerabilities or personnel information is compromised.
The goal of the aerospace and defence industry is to ensure the security of a country, its critical infrastructure, government authorities, and citizens, it is often the target of Advanced Persistent Threats (APT) groups working together with nation-states to steal intellectual property (IP) to advance domestic aerospace and defence capabilities, develop countermeasures, and collect intelligence with which to monitor, possibly infiltrate and subvert other nations’ defence systems.
More common cyber threats such as malware and ransomware attacks have also increased in recent years as critical military and civil infrastructures have been modernized and become connected to networks and the internet, making them vulnerable to hackers. The advent of new technology such as artificial intelligence and advanced automation brought a new category of potential vulnerabilities that enforced the need for cyber defence.
Many forward-thinking businesses are turning to encryption, or the process of converting data into an unreadable form, to prevent unauthorised access. When combined with other security measures, encryption dramatically reduces the risk of security threats.
Via encryption, data is transformed into a different form or code called ciphertext, which can only be accessed by those with the decryption key or password. The key consists of mathematical values and enables the data to be restored to its original form. Naturally, the strength of the encryption is enhanced by using a complex cryptographic key, which leads to more ‘heavy duty’ encryption.
Data encryption offers several advantages. Encryption ensures data is protected in all states – while in motion, and at rest. Business owners can also have peace of mind that their data remains secure and confidential, regardless of its sensitivity. While firewalls offer a level of protection against unauthorised access, they cannot prevent successful breaches if hackers manage to get through perimeter security measures. However, if the data is encrypted, it becomes extremely challenging for hackers to decipher, and also greatly reduces the chances of successful brute force attacks.
Moreover, because many industries are subject to stringent data protection regulations, encryption helps businesses remain compliant – this is becoming increasingly important in the defence sector given the growing number of breaches involving highly sensitive data. Not only does encryption safeguard sensitive information, by implementing encryption measures, companies can demonstrate their commitment to protecting data privacy and can avoid costly penalties associated with non-compliance.
Similarly, in an era where data breaches and cyber attacks are commonplace, customer trust is paramount. By implementing robust data encryption, businesses can assure their customers that their personal and sensitive information is secure. This fosters trust and confidence in the company’s ability to handle data responsibly, strengthening customer relationships and protecting the company’s reputation.
It’s also important to remember that data encryption is not limited to customer data protection. It also plays a vital role in safeguarding trade secrets and proprietary information. Encryption prevents unauthorised access and helps preserve the integrity and confidentiality of valuable assets, providing a competitive advantage for businesses.
There are other ways that data encryption can benefit modern defence businesses.
In today’s remote work environment, data flows through numerous devices, making it crucial for businesses to ensure uncompromising data security. Companies and militaries face the challenge of limited control over how employees share and access data, and with potential security threats existing across personal devices, encryption plays a critical role in safeguarding data from unauthorised access (for example, 75% of South African Army members use personal social networks to communicate with their colleagues). By using encryption, businesses can guarantee that data remains obscured and secure across any device.
Data manipulation and tampering are also a worry. Encryption not only protects against data tampering it can help users identify any unsanctioned modifications, helping businesses maintain the integrity of their data.
Many industries operate under stringent regulations that enforce data privacy. For example, the healthcare industry adheres to HIPAA regulations governing the storage of sensitive patient data. Additionally, there are various data protection regulations such as PoPIA and GDPR, among others. Non-compliance with these regulations can result in hefty penalties for organisations, and encryption helps businesses to meet regulatory requirements and ensure compliance.
Keeping IP safe
Theft and manipulation of intellectual property (IP) pose significant risks in today’s landscape, where cyber espionage is not as unusual as one might think. China, for example, has a government-backed hacking programme that is known for stealing IP from businesses, including defence companies, across the US and Western Europe. Cybereason last year estimated the yearslong malicious cyber operation spearheaded by the notorious Chinese state actor APT 41 siphoned off an estimated trillions of dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors, including fighter jet, helicopter and missile blueprints.
Safeguarding patents, copyrights, trademarks, and trade secrets is of utmost importance. Data encryption plays a key role in preventing the unauthorised use or reproduction of copyrighted material, protecting valuable IP.
The theft of highly sensitive data or loss of control over a system can have serious consequences both for national security, but also for a defence and aerospace’s business’ bottom line. Data breaches can undermine their ability to win new contracts as security incidents are seen as red flags. The defence and aerospace industry must therefore make combatting these threats and building cyber resiliency a priority.
In conclusion, implementing data encryption across the defence industry is crucial for organisations that want to protect their data. Encryption safeguards data integrity, helps meet regulatory compliance requirements, protects intellectual property, and enhances consumer trust. By leveraging these technologies, the defence sector can mitigate risks, maintain a strong security posture, and instil confidence in its customers.
Altron is a specialist provider, leveraging world-class technology and leading practices to architect, implement and support sustainable ICT-based business solutions which are strategically aligned, fit for purpose, cost effective and optimised for performance. We have highly skilled, experienced professionals directed at solving business critical customer problems through consultative approach. We also bring our collective knowledge to every deployment engagement. From legacy integration to digital transformation, our solutions catalogue includes the full spectrum of ICT services. Few other organisations can claim the depth and breadth of the capabilities and experience we provide.