Global research shows AI will shape 2020 tech but pose potential risks

New ISACA research evaluating the tech landscape of the 2020s has revealed the evolving relationship between artificial intelligence, automation and humans is expected to create promising opportunities in the tech workforce.

ISACA’s Next Decade of Tech: Envisioning the 2020s survey of more than 5,000 business technology professionals shows that respondents are significantly more optimistic about how technology advancements in the new decade will impact their career than they are about how it will impact society as a whole. Fifty-nine percent express optimism for the career ramifications compared to only 40% who are similarly upbeat about the overall societal impact.

From a workplace standpoint, respondents are optimistic that technological sea changes will both position their organizations for success and bolster their paychecks:

·         Nearly 9 in 10 respondents (87%) say AI/machine learning will have a major or moderate impact on enterprises’ profitability.

·         Fifty-eight percent expect that the evolving technology landscape will result in pay increases for tech professionals.

The nature of most technology roles is expected to be recalibrated by AI and increased integration of technology in the workplace, with 93% of respondents expecting an augmented workforce—or people, robots and AI working closely together—to reshape how some or most jobs are performed.

“As we look to the next decade, we need to think about how humans can work with AI and other emerging technologies to take full advantage of the potential for these technologies to improve people’s lives and enable us to work smarter and more efficiently,” said R.V. Raghu, CISA, CRISC, ISACA board director and director of Versatilist Consulting India Pvt. Ltd. “There is so much we can accomplish with humans and AI working together in a well-coordinated fashion, but it will be critically important that technology professionals build in the needed governance and controls for AI to be deployed as intended while limiting the related risks.”

AI’s Potential Pitfalls Counterbalance Enthusiasm

While AI/machine learning is identified as the most important enterprise technology of the next decade, followed by cloud platforms and big data, the potential downside of malicious AI attacks factors into the more pessimistic views for how society could be impacted by tech in the next decade. Only 50% of respondents think it is likely or very likely enterprises will give the ethical ramifications of AI deployments sufficient attention.

Whether through malicious or errant uses of AI, the potential consequences of misuse could be severe, with respondents indicating the highest levels of concern for AI attacks involving:

·         Critical infrastructure (73%)

·         Social engineering (58%)

·         Autonomous weapons (56%)

·         Attacks targeting the healthcare sector (56%)

·         Data poisoning (55%)

Enterprises Not Yet Adequately Prepared

Respondents also are unconvinced that enterprises are adequately preparing themselves for what tech advancements in the next decade will set in motion. Eight in 10 respondents (81%) think enterprises are not yet investing adequately in the people skills needed to navigate the technology changes to come, while 70% think enterprises are underinvesting in the technology needed to retool their organizations for the 2020s.

“The pace of technology-driven change will continue to accelerate, so it’s more important than ever to be always learning,” said ISACA CEO David Samuelson. “Both as individuals and in our companies, we will need new skills and frameworks to be equipped to navigate the inevitable change ahead. As the next decade quickly approaches, our human potential, combined with these advancing technologies, will ensure an era of positive technology breakthroughs, and a future where we all thrive.”

Additional notable findings from ISACA’s research include:

·         Cybersecurity skills gap remains problematic. Only 18% of respondents expect the cyber security skills gap to be mostly or entirely filled in the new decade.

·         Rise of digital natives will change enterprise culture. As digital natives, or those who grew up during the age of mainstream digital technology, increasingly ascend into leadership positions in their organizations, 72% of respondents expect cybersecurity will become a higher priority for enterprises while 56% say enterprises will become more proactive about deploying emerging technologies.

·         Many everyday activities could be phased out. Respondents expect the technological innovations of the new decade to make several routine activities and lifestyle necessities less commonplace, including using cash (75%), physical keys (60%), physical IDs/boarding passes (58%) and going to physical office locations (58%). Respondents are more mixed about whether they will be turning over control of the steering wheel, with 48% saying it is likely or very likely that driverless cars become mainstream in their countries by the end of the decade.

·         Algorithms loom large. IT audit and assurance professionals will need to become adept at assessing algorithms, with 88% of respondents anticipating that doing so will play a significant or moderate part in their job roles.

·         Expectations are mixed for quantum computing. With mounting questions about the future security of internet encryption, just under half of respondents (46%) anticipate quantum computers will be able to carry out tasks that traditional digital computers cannot within five years.

If you would like to join our community and read more articles like this then please click here.

The post Global research shows AI will shape 2020 tech but pose potential risks appeared first on Defence Online.

EDA releases defence data report

The EDA has released a Defence Data Report assessing expenditure, research, investment, and procurement between 2017-2018.

The European Defence Agency (EDA) has released a Defence Data Report covering 2018-2019 presenting key findings and analysis. The first part of the report examines total defence expenditure during that time. It reports that between 2017-2018 total defence expenditure from EDA member states was €223.4billion, 1.4% of GDP and 3.1% of total government spending. There was an increase of 3% in spending from 2017-2018, which the EDA attributes to member states recovering from the financial crash of 2008. Overall, spending decreased between 2008 and 2013 by 11% and has been rising since then. Spending is now in keeping with inflation. Defence expenditure peaked in 2006 at €227.9billion.

The next part of the report looks at investment. Investment also fell after the 2008 financial crisis. Between 2007-2014 spending dropped by 22% across member states. The figure has been increasing since 2014 and reached €44.5billion in 2018. Investment reached its peak of €46.9billion in 2010 and has yet to return to those levels. The number of member states spending 20% or more of their defence budgets investing in research, equipment, and procurement doubled between 2014 and 2018. There has been an overall positive trend since 2014 of member states increasing the portion of their defence budget being spent on investment into equipment and procurement.

The report describes similar trends for defence spending on research and technology. Spending decreased over the mid-2000s to mid-2010s, reducing from €3billion in 2006 down to €1.6billion. In 2018, spending increased for the second year in a row and reached €2.1billion, but still remains below 2008 levels. Member states agreed in 2007 to spend 2% of their defence budget on research and technology. Since then, however, none of these states has allocated more than 1.3%. The total expenditure stood at €2.1billion in 2018, with just four states spending more than 1% of their total budget on research and technology. The combined spending of eight member states accounted for 96% of overall research and technology budgets.

Spending on European collaborative research and development also hit a historic high in 2008. In that year, EDA member states spent €453million on collaborative research projects. This dropped to €153million in 2018, a decrease of 66%. The share of budget going to collaborative research from European defence budgets dropped by a similar percentage. The states dedicated on average 7.3% of total defence research and technology spending to collaborative projects falling below the target of 20%. Even adding the budget of Preparatory Action on Defence Research (PADR), the figure reaches 9.2%, despite the €40million provided under the programme for European collaborative research.

Collaborative equipment procurement went against the trend and remained steady immediately following the financial crisis, falling in 2013 to €4.7billion. Expenditure dropped again in 2018 to €6.4billion after a few years of slow recovery. Member states agreed to spend 35% of their equipment procurement budget in cooperation with other states, however, most of their budget was spent domestically, with 17.8% connected to a European framework. This peaked in 2011 with 24% of the overall budget spent on collaborative projects and dropped to a record low in 2013 of 15%. Despite the overall drop in spending to €6.4billion in 2018 from the €8billion high in 2009, the relative share of member state’s budgets being spent on international collaboration has increased each year on record.

If you would like to join our community and read more articles like this then please click here.

The post EDA releases defence data report appeared first on Defence Online.

The Evolution of Cyber Security – A Path to Transparency

Writing for Defence Online, Leron Zinatullin, Cybersecurity Specialist and Author of The Psychology of Information Security, looks at the evolution of cyber security,

In today’s corporations, information security professionals have a lot to grapple with. While facing major and constantly evolving cyber threats, they must comply with numerous laws and regulations, protect the company’s assets and develop their teams.

Back in the old days, security through obscurity was one of the many defence layers security professionals were employing to protect against attackers. On the surface, it’s hard to argue with such a logic: the less the adversary knows about our systems, the less likely they are to find a vulnerability that can be exploited.

There are some disadvantages to this approach, however. For one, you now need to tightly control the access to the restricted information about the system to limit the possibility of leaking sensitive information about its design. But this also limits the scope for testing: if only a handful of people are allowed to inspect the system for security flaws, the chances of actually discovering them are greatly reduced, especially when it comes to complex systems.

Cryptographers were among the first to realise this. One of Kerckhoff’s principles states that “a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”

Modern encryption algorithms are not only completely open to the public, exposing them to intense scrutiny, but they have often been developed by the public, as is the case, for example, with Advanced Encryption Standard (AES). If a vendor is boasting using its own proprietary encryption algorithm, I suggest giving that vendor a wide berth.

Cryptography aside, transparency can be approached from many different angles: the way we handle personal data, respond to a security incident or work with our partners and suppliers. All of these angles and many more deserve the attention of the security community. We see the shift away from ambiguous privacy policies and the desire to save face by not disclosing a security breach affecting our customers or downplaying its impact.

Communication is a key element in building transparency around security, and that extends to the way we work with people in our organisations. Understanding people is essential when designing security that works, especially if your aim is to move beyond compliance and be an enabler to the business.

Remember, people are employed to do a particular job: unless you’re hired as an information security specialist, your job is not to be an expert in security. In fact, badly designed and implemented security controls can prevent you from doing your job effectively by reducing your productivity.

The aim is not to punish people when they make a mistake, but to build trust. The security team should therefore be there to support people and recognise their challenges rather than police them.

Security mechanisms should be shaped around the day-to-day working lives of employees, and not the other way around. The best way to do this is to engage with employees and to factor in their unique experiences and insights into the design process. The aim should be to correct the misconceptions, misunderstandings and faulty decision-making processes that result in non-compliant behaviour.

People must be given the tools and the means to understand the potential risks associated with their roles, as well as to recognise the benefits of compliant behaviour, both to themselves and to the organisation. Once they are equipped with this information and awareness, they must be trusted to make their own decisions that can serve to mitigate risks at the organisational level.

After all, even Kerckhoff recognised the importance of context and fatigue that security can place on people. One of his lesser known principles states that “given the circumstances in which it is to be used, the system must be easy to use and should not be stressful to use or require its users to know and comply with a long list of rules.” He was a wise man indeed.

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

 If you would like to join our community and read more articles like this then please click here.


The post The Evolution of Cyber Security – A Path to Transparency appeared first on Defence Online.

Innovation Meets Tradition: How to Balance the Old and New in Defence Technology

Writing for Defence Online, Sascha Giese, Head Geek, SolarWinds looks at finding ways to balance old and new IT systems while working towards the latest Defence Technology Framework (DTF) and Defence Innovation Priorities (DIP).

Technology in the defence sector is secretive, and for good reason. The forces defending the UK and its allies must rightly keep their resources and weapons top-secret in the interests of national security. But despite the top-secret nature of the defence sector’s work, when it comes to the technology, the similarities between it and organisations across the public sector, and even the wider private sector, are striking. Defence IT environments are likely to consist of legacy systems in need of support, while new innovative technologies must be implemented to work effectively alongside the existing tech. But within the public sector there’s always the added restriction of limited budgets, meaning the IT leaders responsible for the armed forces’ technology must factor this in when adopting new solutions.

As many departments begin to work towards the latest Defence Technology Framework (DTF) and Defence Innovation Priorities (DIP) announced by the MOD (Ministry of Defence), IT leaders will likely be looking for ways to balance these systems while still upholding top defence standards.


Something Old, Something New

Much of the current technology in the U.K.’s defence sector will have been designed and developed years ago and will likely consist of bespoke applications written specifically for the department or sector using it, and its unique requirements. This now creates the challenge, possibly a decade or more on, of these applications still being used despite the developers possibly not being available to support them anymore. To run these legacy applications, the operating systems for which they were written must also be kept running, even though these might no longer be supported, such as Windows XP or Windows 7.

Considering the latest defence innovation priorities released by the MOD in September 2019, IT leaders will now be planning how and where to adopt the latest technologies to make the biggest impact. However, to begin the process of adopting technology to meet the priorities outlined by the MOD, the defence sector will need to overcome some roadblocks, including restricted budgets, cyber threats, and – of course – existing systems.

Part of what makes tight security such a challenge is the legacy technology on which the defence sector still relies. By running older, unsupported operating systems, security is no longer guaranteed by the vendors. To then introduce newer applications and software onto these systems simply increases the impact of a successful cyberattack. But migrating from these trusted systems to newer, unfamiliar solutions takes time and money – two assets the sector has in short supply. To resolve this, IT leaders should consider the key steps they can take to manage this advancement.


Call to Action—A Four-Step Plan

As part of the MOD’s plan to develop the technology it uses, it has made multiple investments to develop the UK’s world-leading scientific and industrial base. The Transformation Fund – part of the Modernising Defence Programme – will also deploy £160m on fast-tracking new military capabilities onto the frontline. With this additional spend in the industry, IT leaders will need to carefully consider where best to prioritise the funding, and how to get the most value out of it. This can be determined through a four-step process.

1) Assess

To implement the digital transformation required in the defence sector, the most important step for IT leaders is to assess their current IT environment and identify what areas need the most support. For some this will mean additional management tools and services, but for others it may mean implementing innovative technology such as AI and automation. It’s important to consider where these solutions will have the biggest impact; for example, AI could be beneficial in space tracking and communications, enhanced Intelligence, Surveillance, and Reconnaissance (ISR), cyberdefence, and automated logistics.

2) Collaborate

One of the best ways to introduce new technology is through working with the private sector. With more money and resources available, this sector is advancing far faster than the defence sector can. By working in collaboration with private businesses, defence IT teams can access newer technologies being used for other means and establish how to adapt them for their own needs. For example, autonomous tanks are being developed thanks to the advances made with autonomous cars.

It’s also key to collaborate internally as well as externally and ensure teams across the sector – not just IT – are fully trained in the new technologies being brought on board. Changes in culture are not always easy, particularly when the established systems have been trusted for many years, but change starts at the top. Ensure all senior teams and leaders are open to changes beneficial to the organisation, and their employees will be likely to follow suit.

3) Simplify

However, having easier access to innovative technologies through the private sector is only half the battle. As new solutions are implemented alongside existing technology, new tools should be adopted to help simplify this changing environment. Complexity can lead to errors, longer processes, and higher costs, so integrating monitoring and management solutions capable of delivering a single, holistic view across the entire organisation’s IT landscape can be a valuable way to provide visibility. Having one or more of these solutions in place across an organisation can help prevent and mitigate threats in real time, providing the additional security that could make the difference between a successful mission and a failed one.

4) Maintain

Once new systems have been implemented, the most important step is maintaining the balancing act between the old and the new. Keeping legacy applications and systems functioning while managing the influx of new solutions is key to keeping these environments in sync, and thereby keeping the country’s defence up to scratch. The best form of defence is advanced preparation, and full visibility across all networks and applications regardless of age can help identify both cyber and physical threats more quickly.

Though the defence sector may be unique in what it does compared to many organisations in both the private and the public sectors, the challenges it faces in adopting new technologies aren’t so different. As more advances are made from which the defence sector can benefit, IT teams balancing management solutions to provide visibility, at the same time as maintaining legacy environments, will no doubt see the greatest benefits of all.

If you would like to join our community and read more articles like this then please click here.

The post Innovation Meets Tradition: How to Balance the Old and New in Defence Technology appeared first on Defence Online.

Cyber security’s big threat? Finding the talent

Writing for Defence Online, Melanie Jones, Product Director for cyber security portfolios at Global Knowledge, examines the skills shortage in cyber security professionals.

Recent cybersecurity surveys from Cybersecurity Insiders and IBM agree that the main security-related concerns for businesses are data loss and leakage, and the effect they have on an organisation’s bottom line and reputation.  The organisations that experience data breaches, no matter their size, will feel the financial impact of the breach for years. According to IBM’s calculations, data breaches cost businesses around £125 for each lost or stolen record.  Another thing that the recent surveys, along with other industry reports, agree upon is that the way to address this is by improving the skills and experience of the workforce.  

Each year, Global Knowledge conducts a survey of its own. The IT Skills and Salary Report is the largest worldwide study, taking in the feedback of 12,200 IT professionals from 159 countries.  This year, in our 12th annual report, it was cybersecurity and cloud skills that dominated the key findings.  More than two-thirds of decision-makers reported a gap between their team’s skill levels and the knowledge required to achieve organisational objectives. This is the second year that this skills gap has increased, leading to higher levels of employee stress, delays in development of critical projects and loss of revenue.  When asked where the gaps exist, 81% of IT decision-makers said their cyber skills shortage is a medium or high risk to their business, and that cybersecurity remains the most difficult tech specialism in which to find qualified talent. 

The demand for IT skills is already pushing up salaries. IT professionals earned, on average, £4,000 more this year compared to 2018, with a premium on cloud, cyber security, IT architecture and project management skills. The average global salary for an IT professional is £71,895 – the highest it’s been in the 12 years that Global Knowledge has prepared its IT Skills and Salary Report. Jobs in cloud computing are commanding the highest salaries. They are 29% larger than the global average, followed by IT architecture and design, programme management and cybersecurity. For Europe, Middle East and Africa, IT professionals in large organisations (5,000+ people) had a 23% salary bump over mid-sized companies. 

With qualified talent hard to find and a bigger price to pay for those who have the experience to deliver in the crucial areas of AI and cybersecurity, what will companies do to bridge the gap? Many organisations will have little option but to turn to temporary staff and interim managers to cover the shortages. But only 31% of ITDM want to bring in contractors or hire additional staff, according to our survey, given the difficulties that can come when integrating temporary staff and the knowledge transfer needed to be successful.  

In June, during London Tech Week, the Government announced a £1.2 billion investment into the UK by global tech companies.  With a pledge of funding for 2,500 places on AI and data conversion courses from 2020, it is clear that AI skills are seen as vital if the UK hopes to remain Europe’s largest tech hub.  The Government’s push to address skills shortages in cloud, AI and cybersecurity needs to remain a priority over the next few years.  Post-Brexit things aren’t expected to get easier when hiring European staff may prove complicated, only exacerbating the chasm between skill requirements and availability.  According to (ISC)2, there could be up to 1.8 million information security-related roles unfilled worldwide by 2022.  In Europe, the shortfall is projected to be about 350,000, with the UK’s share of unfilled cyber security jobs expected to be around 100,000.   

Other business leaders are planning to get more out of existing employees to address the effects of talent shortages. Effective training that is part of an enterprise-wide plan benefits the company as well as the individual. Training can help companies retain staff and increase staff loyalty as most employees appreciate development opportunities.  88% of Global Knowledge survey respondents took part in some training activity in the last 12 months. There remains a concern that training takes staff away from their work and eats into the department’s budgetHowever, the impact of skills gaps on the productivity of IT staff has a greater detrimental impact.  64% of IT leaders in the survey said that skills gaps cost their team three to eight hours a week in productivity. Employees at all levels find it harder to do their jobs. Skills gaps are increasingly a significant factor in project delays and failures. 

Cyber security remains in the news, with high profile hacks and data leaks reported daily. Some of the world’s leading cybersecurity solution providers have recently been hacked themselves.  While technology is part of the solution, to really protect an organisation from cyber-attack, companies need people to keep the systems safe. While the lack of professionals with knowledge and experience of cybersecurity continues to outstrip demand, the risks remain.  

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

The post Cyber security’s big threat? Finding the talent appeared first on Defence Online.

Cyber threats faced by the military

Advancing technology has had the dual effect of improving cybersecurity processes and making cyber threats more complicated and harder to defend against. In recent years high-profile attacks such as WannaCry have put many companies and government organisations on high alert.

Military ambitions for a smarter, more connected arsenal create more potential doors for cyber attackers to enter, creating a need for comprehensive and holistic defence. Fears over foreign powers using cyber-warfare to influence other nations and potentially compromise armies have become a bigger priority for militaries. The Armed forces are increasingly viewing cyber attacks on par with physical threats. Military structures are changing to combat these new methods of compromising security.

The military has been investing in IoT for the last few years. The US Army is investing in the Internet of Battle Things (IoBT), connecting devices across the battlefield to have equipment working as one entity and improving situational awareness. IoT can revolutionise how battlefields work, but they create a new risk where data can be compromised in a number of devices, meaning hackers no longer have a single central computer system to attack, but many entry points.

There is a risk of data from a single device being lost or compromised. With many devices in one network, it could be easy to compromise one while leaving the overall system undisturbed. There is also a risk of data spoofing from any device. This is when false information is sent from a seemingly reliable source. Battlefield awareness could be compromised like this, with fake information about the battlefield being sent, for example, from a surveillance device.

There is also a risk to the overall network. If a hacker can take over one device they can potentially gain access to others. The risk of interconnected devices is that there is no longer one entry point, but many. This can be a golden opportunity for cyber attackers if preventative measures are not taken. As well as threats to the network, the physical destruction of one device could potentially cause far greater harm. If, for example, a surveillance device in one crucial spot is destroyed, this could have a profound effect on an entire operation. There have been previous examples of attackers targeting connected military devices. This can be either to steal information or to dismantle a network of devices.

Both the US DoD and the British MOD have plans for large groups of unmanned vehicles and drones controlled through connected networks and IoT. Attacks on these connected unmanned vehicles could be a big problem, especially if they are used as weapons. The Defence Advanced Research Projects Agency (DARPA) started a project to produce a secure process for multiple Unmanned Aerial Vehicles (UAVs). The organisation was looking for systems that ensured security at all levels of operation, including sensors, platform, platform autonomy, computer processing, and communications. Drones in both the commercial and defence sector have become a target for cybercriminals since they became more commonly used. In 2018, the Pentagon temporarily banned commercial drones in order to patch a vulnerability in their systems. The US has also been wary of Chinese-manufactured drones with fears that data could be obtained by enemy forces. Drones can also be used to initiate cyberattacks. Networks can be attacked with drones carrying equipment to steal or change data.

Drones have been able to highjack Bluetooth devices and spoof data through transmitters. Military facilities have no-fly zones and drone detection perimeters to prevent attacks but powerful transmitters could still pose a threat. Multiple drones working in synchronisation could also be used by cybercriminals, making it more difficult to detect and defend against them. The MAC address of a drone can be altered to evade detection. RF scanners can detect commercial drones based on their brand, but often fail to identify them if they are not triangulated.

Cyberattacks pose a threat to military staff’s personal information. Previous attacks have targeted data on personnel. The increasing digitalisation of personal records poses a risk of cyberattacks. Veterans can be specifically targeted with malware through personal computer systems, often through spam emails and websites. Attackers can use websites that are similar to government sites and offer free downloads. Attackers can even target personal devices such as smartphones and tablets. Scammers also use fake veterans charity websites to encourage users to download apps and information. The malware can then be used to scan the computer’s data and steal information. Experts say that cybersecurity training needs to be improved across military organisations. The US military needs more IT staff, according to a 2017 report from the Defence Contract Management Agency (DCMA). Concerns have also been raised over the security of online databases, following attacks. The Servicemembers Civil Relief Act database has been criticised for allowing scammers to access veteran’s personal information. The database keeps a record of veterans so they can be verified to receive benefits but critics say it has become too easily accessible. Anyone could access personnel or veteran service records through searching a name. It is also feared that enemy forces could target records on troops and veterans. In Australia, concerns have been raised over foreign militaries using domestic technology companies to gain access to army data. Hackers could also target personnel to unwittingly release sensitive military information through online scams.

There have been attacks on military organisations as well as wider government networks. Many attacks are state-sponsored, such as US operations earlier this year targeting Iranian Missile Launch Systems. Cyber attacks are becoming a common feature of warfare, computer systems are a target as they are becoming more crucial to operations. Russia has been accused of tampering with elections and China has been implicated in hacking phones to obtain data.

The Ukranian Military was also allegedly hacked by Russia and the Lithuanian Defence Minister was the victim of a spoofing attack. Emergency services and health providers have also been targeted by denial of service attacks, including the prominent WannaCry attack on the NHS. Cyberwarfare has been used to target ISIS by many western militaries, disrupting communication with coalition forces. In January of this year, the US Department of Justice (DOJ) said that a North Korean Botnet had targeted aerospace companies along with media, infrastructure, and finance.

The US and UK have expressed ongoing fears about Huawei technology in the military. The Chinese company has been accused of being linked closely to the Chinese government, and many countries have discouraged or banned use of its technology, particularly 5G. In Australia, China was accused of using links to universities to compromise National Security. Military organisations such as the Pakistani Air Force, a Swiss Defence Lab, and the Vietnamese army have also been targeted. Defence Industry such as the Australian shipbuilder Austal have also been victims, last year hackers stole ship designs and sold them online.

Military ambitions for technological advancement have to be matched with increased cybersecurity. Attacks on weapons could have disastrous consequences, and cyber warfare is already changing how wars are fought. Cyber attacks mean that national forces with the most capability for cyber infiltration can gain the upper hand. There is an argument for investing in hacking methods as well as taking preventative measures to stop attacks. As they become more prevalent and militaries become more modernised, they are becoming an essential weapon in conflicts of all sizes.

To learn more about cyber security and how your business can stay protected from threats, visit the Cyber Essentials Online website.

If you would like to join our community and read more articles like this then please click here.

The post Cyber threats faced by the military appeared first on Defence Online.

DIO: Commercial Transformation in Defence Infrastructure

The Defence Infrastructure Organisation (DIO) plays a vital role in supporting the UK’s Armed Forces by building, maintaining and servicing the infrastructure needed to support defence and is responsible for enabling defence people to live, work, train and deploy at home and overseas.

Last year saw the launch of the DIOMO Commercial Strategy, which outlined the steps to be taken to make it easier for the supply chain to engage with the organisation.

The strategy contains five guiding principles to support the delivery of DIO’s vision and outlines how the organisation will improve to better serve its customers and work with suppliers.

These principles – We will be easier to do business with; We will work faster and smarter for our customers; We will have a broader and more diverse supply base; We will engage meaningfully with our stakeholders; and We will focus on value, not price: or the ‘We wills’ – define the vision for the Commercial Strategy, and already significant progress has been made in their delivery.

Speaking earlier this year, DIO’s Commercial Director Jacqui Rock, delivered a progress update on DIO’s commercial transformation.

On the first – We will be easier to do business with – Ms Rock explained: “I met with our supplier base and asked how it feels to do business with defence and with DIO. By gaining this understanding, I was able to put a programme in place to make sure that we are consistent, proportionate and transparent with how that end-to-end process works.

“We want to be open and transparent in procurement. This is going to increase our choice of suppliers and I absolutely believe we can reduce the cost of business because of the bidding activity.”

It is envisaged that a new category-led strategic environment will also improve engagement with suppliers.

“All the strategic decisions across the MOD estate are done by categories – such as Hard FM, Soft FM, Construction, PFI and Utilities.

“I have introduced commercial category managers from the private sector to come in with that industry expertise to work in DIO and work with the Front Line Commands in order to deliver our estate.”

We will work faster and smarter for our customers centres on early engagement, not just with the Front Line Commands but also with suppliers. Ms Rock says it’s about looking strategically and collaboratively at longer-term plans and putting those business cases at the front of the process.

Greater strategic collaboration across government will also help to deliver a more considered approach to the publishing of the larger frameworks.

Ms Rock noted: “We are now able to work strategically with suppliers and ensure we are all connected. One of the important things about that is that, for the first time, we as a government can now be very aware of the impact we have on the market.

“There have been times when I’ve launched very large procurements at the same time as the Health or Justice departments – in the same industries and in the same arena. This collaborative approach means we now have a much more strategic outlook.”

The principle of We will have a broader and more diverse supply base is all about SME engagement and reaping the rewards that this brings.

Ms Rock commented: “It is one of my key objectives to increase the diversification in the supplier base. It’s about delivering a range of services and the different innovation that it brings to defence. With a more diverse supplier base we will increase the value to taxpayers and growth by generating true competition and opportunity that is unhindered by a supplier’s size and experience with DIO.”

DIO’s shift from a contracts administration business to a value added commercial function with Front Line Commands and suppliers is at the forefront of We will engage meaningfully with our stakeholders.

“It is our job as commercial experts to bring innovation and new ideas in partnership with our suppliers into our stakeholders. When it comes to procurement, I want to exploit technology to make that process as streamlined and as automated as possible. This would allow us to focus a lot more on adding strategic value up-front and carrying out effective contract management,” said Ms Rock.

In the past, procurement was focused on cost and driving down the price. We will focus on value, not price sets out to change this mentality.

Ms Rock explained: “I committed to change and to modernise the way DIO procures, and feedback would indicate that our suppliers are now starting to feel this difference.

“The way we manage the tender process is changing. There will be a lot more site visits, a significant number of workshops at framework level and lots of face-to-face senior executive meetings.

“The key message is we are changing how we procure and the award criteria to increase focus on collaboration and behaviours.”

DIO followed up its Commercial Strategy with the release of its Procurement Plan, outlining its strategy on construction and infrastructure. This marks the first time the organisation has outlined its priorities to existing and potential suppliers.

Ms Rock is also keen to highlight the opportunities available to suppliers through the Defence Estate Optimisation Programme. The 25-year strategy was published in 2016 to optimise the defence estate and meet future military requirements.

The defence estate currently accounts for approximately 1.8% of the UK’s land mass, with over 40% of the estate being over 50 years old. Managing an ageing estate of this size diminishes the MOD’s capability to support the future needs of the UK Armed Forces, or indeed to represent the best value for the taxpayer.

By creating a smaller and more focused estate, investment can be directed to enduring sites to meet military requirements and increase prosperity for the surrounding communities.

The £4 billion committed by the programme to developing the defence estate will create and sustain jobs in the construction industry, while the release of sites that the MOD no longer needs provides opportunities for a wide range of commercial uses, creating regeneration, business growth and local jobs.

The type of work undertaken by DIO is incredibly wide-ranging. Recently, a number of contracts have been awarded including housing renovation projects in Bassingbourn, Gillingham and Ickenham; the installation of fixed cranes on a jetty in Portsmouth Harbour; and the resurfacing of roads in Woolwich, Wyton and Chepstow.

Ms Rock, said: “The opportunities for suppliers to get involved on the Defence Estate Optimisation Programme are vast. It touches construction, disposals, new builds, family accommodations – it touches everything.”

image © Crown Copyright

If you would like to join our community and read more articles like this then please click here.

The post DIO: Commercial Transformation in Defence Infrastructure appeared first on Defence Online.

RAF explores methods of accident prediction

The RAF has released a document exploring its history of accident prediction and how it can be improved.

The RAF has explored its past and how it can improve methods of accident prediction and safety in a new document released by the government. The report explores how methods have changed in the 107 years since the first accident investigation in the UK, involving a Flanders F4 Monoplane, and looks at what needs to be changed in modern methods to adapt to today’s technology. The incident in 1912 was investigated by the Public Safety and Accidents Investigation Committee of the Royal Aero Club who determined that the fault came from the pilot not being strapped into his seat.

It is now compulsory for pilots to wear a seat harness and in over 100 years many other safety procedures have become mandatory within the RAF. The report calls for the RAF to move from reactive measures when it comes to accidents and improve predictive management. The current system is based on recommendations in the Nimrod Review conducted by Charles Haddon-Cave QC.

The Report, investigating the loss of the RAF Nimrod MR2 Aircraft XV230 in Afghanistan, cites the ‘swiss cheese’ model of accident investigation formulated by Professor James Reason. Theoretical ‘cheese slices’ represent barriers to accidents occurring and the holes represent flaws or oversights which, when aligned, allow accidents to happen. Barriers to accidents could be in the form of individual responsibility, infrastructure, supervision, training, and procedures.

The report examines other methods of accident prediction, including ‘Heinrichs Iceberg’. This theory surmises that for every fatal accident and serious incident, there may be hundreds of hazard observations and reportable occurrences which, if dealt with properly, can prevent far more serious problems. Currently, Defence Aviation uses the Air Safety Information Management Systems (ASIMS) to record safety issues and near misses.

The system has been running for ten years and thousands of incidents have been reported. The new report emphasises the importance of systems like this, which allow for the analysis of smaller incidents which can foresee and prevent more serious ones. It encourages an ‘Engaged Safety Culture’ allowing for easy reporting of incidences and ensuring personnel do not fear negative reactions to speaking out about safety issues.

The report recommends that investigations focus on the barriers ensuring safety and where they may have failed, rather than focussing on assigning blame. It states that there is rarely one single error, but rather a series of failings. It looks at a number of recent ASIMS reports where aircrew personnel mistakenly took aircraft which had been signed for, as well as engineers who accidentally performed maintenance on the wrong aircraft.

It looks at how safety assessment models could prevent such incidents, or more serious ones, in the future. The report details the barriers in place to prevent the wrong aircraft being used or worked on, such as well-displayed tail numbers, groundcrew double-checking aircraft, and identifying aircraft by nicknames. It states that inexpensive and easy to enforce measures like these for all potential accidents could have a positive impact on the number of more serious reports.

If you would like to join our community and read more articles like this then please click here.

The post RAF explores methods of accident prediction appeared first on Defence Online.

Is Arbitration Still Worth it?

Michael A. Doornweerd & Anna J. Mitran[1] from Jenner & Block LLP write for Defence Online as they examine the role of arbitration to resolve disputes within the defence industry.

Arbitration, rather than litigation, has long been the preferred method of dispute resolution in the aerospace and defence industries.[2] Stemming from arbitration clauses in the applicable contracts, arbitration offers several advantages over traditional litigation that may be particularly attractive to actors in the defence industry. Arbitration is often speedier, less intrusive (less discovery), more flexible, and less expensive than litigation—compelling benefits in the fast-paced aerospace and defence fields.[3] Further, arbitration proceedings are often confidential (or can be made confidential), and at the very least offer the parties the opportunity to avoid filing their claims on publicly accessible dockets.[4] Confidentiality is a valuable feature for industry participants seeking to avoid disclosure of intellectual property or classified information, or hoping to avoid publicising an accident or safety concern to risk-averse customers.[5] Of course, arbitration comes with its own set of risks—speed, efficiency, and flexibility may mean unpredictability of procedure or shallow depth of analysis, and ill-reasoned arbitration awards are notoriously difficult to overturn.[6]

Recently, in the broader commercial context, arbitration has come under increasing criticism. The perceived unfairness arising from mandatory arbitration agreements, lack of diversity among arbitration neutrals, and the expense and delays of the arbitration process are leading companies in many industries to rethink whether arbitration is appropriate. For the defence and aerospace industry, however, arbitration of commercial disputes—conducted under a thoughtful arbitration provision—remains a sound choice. Arbitration is well suited to the increasing internationalisation of commercial contracts in the defence industry, and offers access to neutrals with the specialised knowledge and experience that can be necessary to rendering efficient, quality decisions.

The International Advantage

The defence and aerospace industry, once a United States-centric industry with a relatively small set of actors, has become increasingly international in the past 10 to 20 years.[7] Driven in part by economic realities since the 2008 recession, including decreasing defence budgets, US companies are increasingly taking their business abroad—and this trend is likely to continue.[8] Whereas historically, defence disputes were resolved either internally or through domestic arbitration, the growing numbers of cross-border disputes have increased the incidence of international arbitrations.[9] International arbitrations allow the parties to avoid either side getting a home-court advantage in its own legal system, as well as obtain a final award that can be enforced internationally.[10]

International arbitration is an increasingly common choice for resolving defence-industry commercial disputes, and arbitral institutions are responding to today’s popular criticisms. While precise data is difficult to find, the recent statistics released by the International Chamber of Commerce (“ICC”) are informative. In 2018, the ICC set new records in the number of cases registered (842) and draft awards approved (599). [11] The vast majority of the parties in those cases were commercial entities, and many of the disputes arbitrated were in the areas of defense and security, and specialised technology.[12] The average duration of proceedings in cases that went to a final award in 2018 was two years and four months, and the median duration was two years.[13] By way of comparison, the median time in months to trial for the US District Court for the Northern District of California over approximately the same period was 21.4 months.[14] To promote efficiency, expedited arbitration procedures that yield a final award within six months of the case-management conference are available for cases where the total amount in dispute does not exceed US$ 2 million, or where parties expressly opt in. Finally, the ICC has made progress on gender diversity—the number of women arbitrators sitting in ICC tribunals was at 18.8% in 2018, and the ICC launched the “ICC Gender Balance Pledge” in late 2018 to commit to increase gender diversity across its platform.[15] The ICC is just one international association, but as a global arbitration leader, these recent statistics likely reflect broader trends.

Experienced Neutrals   

Defence disputes frequently require industry familiarity or technological expertise, such that many generalist arbitrators may experience a high “learning curve,” resulting in increased inefficiencies, costs, and potential for error. For these reasons, specialised arbitral institutions and procedures have been organised in an effort to meet the demand for defence and aerospace expertise in dispute resolution, with varied degrees of success. For example, a set of industry-specific arbitration rules pertaining to outer-space disputes was adopted by the Permanent Court of Arbitration (“PCA”) in 2011, based in large part on the United Nations Commission on International Trade Law (“UNCITRAL”) Arbitration Rules of 2010.[16] The modified rules include an explicit waiver of sovereign immunity and added confidentiality safeguards.[17] Additionally, the rules require the PCA to maintain a list of arbitrators with aerospace experience, as well as lists of technical experts available to serve as expert witnesses.[18] More recently, the American Arbitration Association (“AAA”) and its international counterpart, the International Centre for Dispute Resolution (“ICDR”), created a specialised panel of arbitrators and mediators in 2016.[19] Known as the Aerospace, Aviation, and National Security Panel, the featured neutrals purportedly have the requisite industry expertise to handle “complex, high-value aerospace, aviation, defence, cyber, and security-related disputes both domestically and internationally.”[20] Parties can request that a case administrator select a chair or panel of arbitrators from this specialised roster, and parties themselves can consider these diverse, vetted professionals in making a party appointment. The goal is for the parties to the dispute to have confidence that the arbitrators they select or appoint will have appropriate experience.

Notwithstanding today’s criticisms, arbitration remains a valid option for resolving commercial disputes in the defence industry. To maximise its advantages and meet today’s arbitration criticisms, companies would be well served by crafting their arbitration provisions to ensure that an appropriate arbitral institution has been identified, considering or opting-in to expedited procedures if appropriate, and examining neutrals on specialised rosters when making a party-appointment or selecting an arbitration panel.

[1] Michael A. Doornweerd is a partner, and Anna J. Mitran is an associate, at Jenner & Block LLP. The views expressed in this article are their own, and do not reflect the views of Jenner & Block LLP or any of its clients.
[2] See Carson W. Bennett, Houston, We Have an Arbitration: International Arbitration’s Role in Resolving Commercial Aerospace Disputes, 19 Pepp. Disp. Resol. L.J. 61, 69 (2019).
[3] Id.; see also Stephen E. Smith & Lester W. Shiefelbein, Jr., Arbitration Disputes of the Aerospace Industry, College of Commercial Arbitrators, at 2, (2017).
[4] Bennett, supra note 2, at 69.
[5] Id.
[6] For example, under the United States Federal Arbitration Act, an arbitration award may be vacated only where “the award was procured by corruption, fraud, or undue means,” “there was evident partiality or corruption in the arbitrators,” the arbitrators acted such that “the rights of any party have been prejudiced,” or “the arbitrators exceeded their powers.” 9 U.S.C. § 10(a).
[7] Caroline Simson, Why Aerospace Cos. Are Forgoing Courts for Int’l Arbitration, Law360, (Nov. 9, 2016, 3:29 PM EST).
[8] Id.
[9] Id.
[10] Id.; Smith & Schiefelbein, supra note 3, at 2.
[11] ICC Dispute Resolution 2018 Statistics, Int’l Chamber of Commerce,, at 4 (2019).
[12] See id. at 13.
[13] Id. at 15.
[14] Robert Tata, ‘Rocket Docket’ Justifies Its Name for 11th Straight Year, Law360, (June 10, 2019, 4:45 EDT).
[15] ICC Dispute Resolution 2018 Statistics, supra note 12, at 5.
[16] Id. at 5; Bennett, supra note 2 at 73.
[17] Bennett, supra note 2 at 73.
[18] Id.
[19] Caroline Simson, AAA Creates New Panel for Aerospace, Security Disputes, Law360, (Oct. 31, 2016, 6:30 PM EDT).
[20] Aerospace, Aviation, and National Security Panel, Am. Arb. Ass’n, (last accessed Aug. 9, 2019).

If you would like to join our community and read more articles like this then please click here.

The post Is Arbitration Still Worth it? appeared first on Defence Online.

Why the future of warfare is invisible

Writing for Defence Online, Charles White, CEO of Information Risk Management, Altran discusses the evolution of cyber security.

Do you remember the first time you heard the term “cyber”? It used to be a thing of the future – a word used in the realms of science fiction that conjured up images of droids and driverless vehicles when it first appeared more than half a century ago. The term “cybersecurity” initially involved rudimentary firewalls and security for programmes on CD-ROMs. How things have changed. Fast forward to today and the term is synonymous with use cases around hacking and dangerous confrontations.

In the world of cybersecurity and defence, the industry is rapidly seeing the convergence of internet technology with operational technology. Manufacturers, businesses and the armed forces globally are harnessing the benefits of rapid automation to improve productivity and defence. By enabling devices and the proliferation of the Internet of Things (IoT), the defence industry has harnessed the power of connectivity to massively increase functionality and make improvements to almost every facet of defence strategy.


Planes, drones and submarines

Innovations in hardware and software, along with artificial intelligence (AI), have paved the way for the development of powerful technology-driven tools such as the dramatic advancements in drone technology. Airborne military drones have helped nations gain aerial intelligence while fully autonomous underwater submersibles laden with sophisticated systems have delivered cargo to naval crews.

Modern weapons contain highly advanced computer systems to enable their functionality and to make them more automated, easier to control, more accurate and more effective for operational requirements. However as new devices and technologies come online and are adopted by the military establishment, they are subjected to cyber threats alongside traditional physical security threats. This new invisible form of warfare has already commenced.

As recent as last month, the world witnessed this in full effect when the United States launched a cyberattack on Iranian weapon systems. There have been reports of previous cyber incursions, but this was widely seen as a game-changer. A nation state was actively looking to exploit vulnerabilities in military equipment and where warfare could increasingly look like a loss of connectivity — rather than a loss of life.


Now you see me…

Cyberattacks are now seen in the same light as acts of war and have driven the need to create cyber units in the military, such as the UK’s Joint Cyber Reserve Force. Indeed, this was the first offensive show of force since the U.S. Cyber Command, part of the U.S. Department of Defense, was elevated to a full combatant command in May this year after being given new authority by President Trump.

The offensive cyber-strike that disabled Iranian computer systems were used to control rocket and missile launches. This is a real example of how the military has adapted to technological advances, underscoring the essential need for armed forces to develop robust cyber offensive and defensive capabilities as part of their arsenal.

There are other high-profile examples of where cyberattacks may be considered an act of war, and this is currently an area of great debate. The Stuxnet code was almost certainly created by a nation state and was touted by many as the first cyber weapon. It was written with the sole purpose of disrupting a uranium enrichment programme.

To withstand these variants of attacks, every facet of the military now needs to ensure that the tools and techniques at their disposal are designed and built with cybersecurity threats in mind. The design and assurance activities that were applicable to traditional IT need to be adopted where these architectures are now a part of complex weapon systems and other military devices that are becoming heavily reliant on technology. It is an absolute given that cyberattacks are here to stay. Nations will exploit online vulnerabilities.

With the adoption of technological advances, such as IoT and AI, come new cybersecurity considerations that need to be controlled and mitigated. Alarmingly, security experts have found that even modern military devices such as drones have security flaws in critical mechanisms that could be exploited by an adversary. Even communications systems – via the internet, radio and other airborne transport mechanisms – have shown vulnerabilities. The speed of adoption of new technologies should not come at the expense of cybersecurity, especially in defence.


Peekaboo – now I don’t see you

“Cyber” has entered the lexicon of modern warfare through the use of cyber Tactics, Techniques and Procedures (TTPs). And in many ways, the evolution of how “cyber” has been used in both defence and offence mirrors the evolution of warfare and weapons themselves. Initially it was hand-to-hand combat. Then, as gunpowder gave rise to more powerful weapons that could be shot from a distance, adversaries began moving farther and farther away from the battleground. With cyber threats, the theatre of war continues to change.

Cyberwarfare is truly invisible. An attack can be carried out from anywhere – thousands of miles away or a few doors away. The future of warfare now depends on a military’s ability to rapidly modernise and meet a series of invisible threats. For military decision makers, out of sight is not out of mind.

If you would like to join our community and read more articles like this then please click here.

The post Why the future of warfare is invisible appeared first on Defence Online.