On 24th March this year, a group of experts representing the Polish National Security Bureau, PM’s Office, the Polish Armed Forces and the Military University of Technology, and the Polish industry participated in a seminar organized by us, devoted to cyber-security and electronic warfare.
The participants of the meeting organized by the Defence24 Group discussed the critical issues tied to the development of both the Armed Forces and the state as a whole, in the area of cyber operations and cyber defence. The meeting covered matters tied to electronic warfare, cryptography, or even camouflaging of the operations undertaken by the military. Continuity in the operation of critical infrastructure has also been discussed.
The National Security Bureau was represented by Div. Gen. Andrzej Reudowicz, deputy head at the Bureau. In his speech, he emphasized the necessity of swift and effective implementation of the provisions contained within the Polish national Security Strategy, tied to the matters of cyber-security. Reudowicz was reiterating the fact that even though cybersecurity is perceived as a narrow sector, NATO has defined cyberspace to be another domain of battle, that would come alongside the land, air, sea, and space domains. Conventional domains can be described with the use of principles, maps, and descriptions of phenomena occurring in them. General stressed the fact that for cyberspace, we would be unable to clearly define and determine numerous aspects. We have many spaces where data is gathered, and millions of sensors that the military may choose from when selecting weapons or reconnaissance assets, and also in the decision-making process and damage assessment, said the deputy head at the National Security Bureau, indicating that there is a possibility to utilize data gathered and collected by the mobile and digital operators in military applications. He also stressed that in the era of social media, both excessive activities, as well as a complete lack of any sign of life could both be a symptom of the preparation for armed operations. One of the subsections of the security strategy is devoted to cyber-security specifically. The objective here is to obtain a capability to carry out a full spectrum of military operations in cyberspace, and this is tied to our ability to comprehend and fully utilize cyberspace, Reudowicz said. The allied regulations state, that the specialists in the cyber-domain shall be a part of departments responsible for reconnaissance (number two), ongoing operations (three), planning (five), and C2 (six), General indicated. This stems, as he said, from a broad perception of cyberspace, outside the typical perception of ICT security, deputy head at the National Security Bureau noted.
Lt. Col. ret. Robert Kośla, Director at the Cybersecurity Department at the PM's Office, also took the floor during the event. Kośla emphasized the key aspects tied to the development of cyber-defence capabilities, also highlighting the functioning of the State Cyber-security System. Kośla spoke highly of cooperation with the military and civil organs within the aforesaid system. He noted that collaborative effort, information exchange, and joint exercises all create the desired results.
Kośla stressed the fact that since 2018, Poland has been coming out of the so-called "silo-based system", and that cooperation carried out is based on the Act on National Cybersecurity System. Before the introduction of the aforesaid act of law, the parties to the system utilized different procedural frameworks and information exchange systems. Currently, Poland utilizes a system that makes it possible for CSIRT GOV elements to exchange information rapidly and securely. Kośla pointed to a platform developed within the NASK programme that was launched back in January. It is financed by the National Centre for Research and Development (and the project is pursued by a team headed by Professor Amanowicz). He also emphasized the importance of other elements - cooperation in the area of information exchange, certification, and matters tied to verification of the suppliers.
The aforesaid matters were also mentioned by General, Pilot Jan Śliwka, pointing to the fact that threats and challenges that affect the state as a whole can be found in the cyber-domain. The enemy may influence the operations of the military, also via that domain. The first deputy of the General Commander of the Armed Forces referred to the estimates suggesting that almost 9% of cyber-attacks can be classified as ones directed against the military. Śliwka said that the military is developing know-how in this area, whereas getting the personnel ready is the key to success. He also noted that electronic warfare shall be viewed as one of the elements of establishing and maintaining situational awareness in the area of operations, and thus it plays a major role in carrying out combat operations and has an impact on the precision of the strikes. All of the above has a relevant impact on the accomplishment of objectives during convoluted military operations. Thus it is necessary to carry out actions across different areas, tied to organization, techniques, procedures, or training - all in sync to further develop the relevant capabilities, Śliwka said.
The First Deputy of the General Commander of the Armed Forces also said that requirements tied to cryptography and cyber defence are among the priority areas listed in the research requirements at the MoD, for the period 2017-2026. Comprehensively securing the data transmitted over wireless and cable-based ICT networks is one of the relevant problems in this area. Śliwka said that research and implementation projects focus on the development of new tools and hardware for cryptography, new communication protocols and techniques for cryptography solutions, and cryptography algorithms used in secure systems to secure the source data from being intercepted or lost. Hardware and systems at the MoD are subject to certification in the cyber-security domain which, as General Śliwka suggested, guarantees their security for military use, in the Polish Armed Forces.
Col. Mariusz Chmielewski, Ph.D., Eng., Deputy Director at the National Center for Cyberspace Security, also voiced his concerns. Chmielewski, who has been tied to the Faculty of Cybernetics at the Military University of Technology for years, stressed the fact that everyday practice and research clearly show the trans-border and trans-sector nature of the threats emerging in the cyber-domain. The Armed Forces, during cooperation and joint exercises conducted with the involvement of the civil sector, are establishing a valuable know-how base. The cooperation allows for the exchange of information and experience with the intelligence services, and civil bodies - also for integration, and perfecting the practical skills. Chmielewski placed a major emphasis on the properties that can be ascribed to cyberspace. The lack of attachment to location, anonymity (or plausible anonymity), redundancy, and flexible availability of resources. He noted that this is a covert domain, making it possible to carry out operations based on expertise and technologies, where states that have a limited military potential can effectively accomplish their political and military objectives. Up until now, studies have shown how C2 systems could be vulnerable to cyber-, information, and electronic attacks.
Colonel Chmielewski said that, in his opinion, the cyber domain has a major potential to actively impact the C2 domain, therefore disrupting the decision-making chain. The easiness of camouflaging and hiding one's presence in cyberspace plays a key meaning in effective operations. This is important for both the critical infrastructure, as well as the C2 systems. Using conventional methods and electronic warfare assets often creates a threat - activities as such can be identified, as EM radiation can be easily detected. Working in advance, and in cyberspace, we may be able to establish effective non-kinetic strike capacity. Colonel stressed the importance of the establishment of tool-based capabilities and analytical competency that would both deliver a broad array of options as to how the operational commander could go on executing a strike.
Col. Piotr Chodowiec, in his speech, placed great stress on the importance of communications that are vital for the command capabilities. Head of the C2 management (P-6 management department at the General Staff of the Polish Armed Forces) outlined the EM-emission reduction matters that remain important in conditions where the potential adversary can employ electronic countermeasures as an element of cyber-operations. Chodowiec was stressing the fact that our private online activities can be viewed as a battlefield, at the stage of preparing the operations. He stressed that the definition of the contemporary battlefield is a much broader one than the conventional understanding of the term.
Col. Chodowiec also emphasized the necessity to camouflage the transmission systems and radio communications. Piotr Chodowiec said that electronic warfare is a major advantage, while radio-based communications can be jammed, intercepted, and modified. No system that is 100% resilient exists within that regard. Both the availability of information, as well as the protection offered by encryption are important and key, in the case of the armed forces. Chodowiec also suggested that tactics employed by the communications elements have been accounting for the related set of threats for years now. Head of the P-6 department highlighted the fact that the Polish Armed Forces frequently participate in national and allied R&D initiatives tied to narrow- and broadband waveforms. Projects as such are a part of the PESCO undertaking - and, what is even more important, they frequently involve entities of the Polish defence industry. The Armed Forces, planning the shape of the communications system and taking into account the capability the enemy has within the scope of influencing the radio and cable communications, qualify all of the above matters as a part of the cyber-domain. One of the electronic countermeasures shall be focusing on camouflaging of radio communication networks, for instance through the establishment of decoys. Colonel noted that to obtain resilience to jamming and to attain full reliability of the military communications, one should take into account the use of different transmission media at the planning stage, to ensure that transfer of the information is possible even in the most extreme circumstances. He noted that the military should also have the ability to carry out C2 activities in extreme situations, with overwhelming jamming or temporarily disabled ICT assets. Here, a conventional field mail system should be used - often overlooked in the present era of growth in the IT domain. Chodowiec did highlight the fact that the Armed Forces take great care of cyber-security, both at the planning stage, as well as during design, manufacturing, and supply of the individual elements of the C2 system. Thus, only proper implementation of the listed organizational and technical undertakings can create resilience for the Polish Armed Forces' communications suite, rendering it indifferent to the actions undertaken by the potential adversary, aimed at a breach of confidentiality, availability, and authenticity of data transmitted. Only that would make it possible to deliver the required levels of cyber-security.
Maciej Stopniak, head of the Polish Office of Rohde & Schwarz, noted that "mobile phone is the primary communication measure used by the Polish troops", that would "be an easy target", while "technical capability to intercept the information in this domain is impossible to imagine for a third party", while "it is still the easiest to breach our privacy in the social media". Stopniak additionally emphasized the risks of electronic warfare as understood conventionally: jamming, interruption, or interception of comms. The enemy, however, may also "feed false data to the systems", which is far more subtle.
He said that "more can be done through sending of a PDF-manual on social media behaviour, and smartphone use to all members of the military, than through millions of euros of hardware investment". The "electronic warfare boundaries are becoming blurred", Stopniak said, whilst an example scenario in which an F-35 pilot receives a disturbing text message sent to his smartphone before the mission is a showcase for the challenges the military needs to overcome within that scope. He stressed that cyber-offensive systems should also be created, not to create a self-perception of a victim, but to be able to counteract. The representative of Rohde & Schwarz claimed that every SDR-class radio that is offered by the company can be integrated into the national encryption system, and that offer of the entity also includes integration of national encryption units.
„Defence Cloud" Programme Manager at Thales Group, Mathias Hary responded to questions regarding the Thales Group's cyber-security and electronic warfare offer. He also outlined the capacity offered by the NEXIUM Defense Cloud system dedicated for all levels of the command chain - from tactical, through operational, up to the strategic level. Hary discussed the variants designed for Army and Navy use. The infrastructure of this solution is to translate the cloud capabilities onto all levels, also offering a capacity to maintain and operate all of the cloud-based apps. The benefits stemming from cloud computing offer advantages over the application model in the context of military use - deployment speed on the battlefield, resilience to jamming and data destruction, redundant communications, or virtualization of resources can be listed here. Hary also said that the solution allows the user to integrate their digital resources as well as external ones, within the interoperational framework in NATO. The system is also designed to rapidly adapt to the new technologies, either through app migration (for cloud use - virtualization, containerization) or through upgrades made to the existing infrastructure (hybrid approach). The advantages of this system, following a successful implementation in the armed forces, include a capacity to undertake actions at the tactical levels (in mere hours, instead of days or weeks). This also includes allied joint operations tied to the adaptation of data resources to the evolving battlespace picture. Hary said that technologies as such need to be simple enough for an individual soldier to handle since he needs to focus on the objectives, not on the technicalities tied to the ICT issues. He emphasized the fact that, when it comes to sharing information, the infrastructure is very well secured.
Adam Bartosiewicz, Vice-President of the Management Board at WB Group said that "communications are the nerve of the army, and, as a result, of any conflict". He stressed the importance of the relationship between the cyber-domain and electronic warfare - with these two being tied close together, and having a key meaning, with strategic importance for the functioning of the Armed Forces.
Bartosiewicz referred to the years of backlog in the area of cyber-battlespace - for instance, to the change of strategy adopted by the western Armed Forces, deeply involved in asymmetric warfare. He exemplified the arrogance in that domain by referring to the NSA cyber-doctrine unveiled by Edward Snowden, suggesting that in essence, no potential adversary exists, with the technology available to him being on par with the Western capabilities. Bartosiewicz also referred to the recent conflicts - Donbas or Nagorno Karabakh - as the key lessons that the Polish Armed Forces need to cover within the scope of cybersecurity and electronic warfare. He stressed that the adversary has been establishing capabilities far beyond any imagination of ours, within that scope. The results of this effort may force us to go back to legacy C2 solutions since modern systems could be exposed and vulnerable to actions undertaken by adversaries. Vice-President at WB called for a reflection upon our use of technology, and our permission for it to interfere with our lives. He also referred to data availability - a threat of its own.
Col. Ret. Paweł Dziuba, meanwhile, referred to the training activities that the Polish Armed Forces and other uniformed or intelligence services engage in - a very relevant area, important from the point of view of improving the capabilities in the cyber domain. Dziuba said that despite the developments in process automation, advanced IT hardware, and ICT developed based on AI, the human is still the weakest, and also the strongest link in the chain. Dziuba mentioned the potential of the entity he leads - the Expert Centre for Cybersecurity Training (Eksperckie Centrum Szkolenia Cyberbezpieczeństwa) with facilities in Warsaw (at the Military University of Technology), and in Wałcz (functioning as a part of the 100th Communications Battalion). He said that the ECSC, as an expert facility brought to life by the Minister of Defence in November 2020, remains in possession of a capacity to rapidly address the requirements the Polish MoD may have in the areas tied to broadly understood cyber/crypto/ICT education, delivering specialist training tailored to the actual needs of the military units, with that training being unavailable on the civil market, in a form so customized and holistic.
Dziuba also indicated that the ECSC facility closely works with the leaders of the ICT domain, pointing to memoranda signed with Microsoft, Cisco, or Palo Alto Networks. Furthermore, Dziuba noted that the Polish MoD is aware of the short lifecycle of IT products and the dynamic nature of the technologies, thus emphasizing continuous training of soldiers and state employees, in the process of establishing the digital competency in the Polish Armed Forces. Interestingly, this is a part of the requirements defined by the responsible organ - the National Centre for Cyberspace Security. Dziuba pointed out that commitments within that scope are becoming tangible through the CYBER.MIL.PL program, also taking into account the CSIRT-MON domain and the Cyberspace Defence Forces established by the National Center for Cyberspace Security, as well as the operational component of the Armed Forces. Col. Dziuba said that the National Center for Cyberspace Security, alongside the tailor-made training programmes, also offers a capability of organizing wargames, and of integrating cybersecurity teams based on virtual cyberspace modeling environment, the so-called cyber-range - a well-thought-out model of the actual ICT infrastructure, developed for training purposes at the NCCS, based on scenarios developed by the Centre's experienced experts.
Col. Dariusz Denejka, meanwhile, noted that the changes that we are observing should not be a surprise. It is a basic truth that cyberspace also entails danger, as can be viewed as a long-range information strike measure. The commander of the 10th Command Regiment placed a major emphasis on the importance of threat awareness entailing responsibility for the colleagues and associates. He discussed the key nature of the role that experience exchange plays here. Referring to what Col. Chodowiec said, Denejka indicated the need to change the mental mindset of society as a whole. "Cyberspace SERE" training and threat awareness-raising campaigns are a must here.
Denejka exemplified this by referring to cross-generational integration in the military, between persons who use the Internet sporadically, and people who cannot imagine life without the world wide web. Referring to the statement made by Vice-President at WB Group, Denejka said that it is worth training the operational habits for situations when modern tools, such as GPS or mobile communications, fail, and when the energy grid is neutralized. Denejka noted that one needs to get ready to operate in an analog environment. The key issue that emerges is also to filter the crucial information and the spam. Furthermore, society should also take responsibility and be aware of cyberspace security matters. Denejka noted that three levels of "SERE Cyber" training shall be available: Level A - Basics, Level B - intermediate, Level C - top-class cyberwarriors. Dariusz Denejka also stressed that finding valuable assets here would take time, and experts, if found at the low levels in the chain of command, should be directed towards a consciously designed path of development.
Col. Zbigniew Piotrowski and Col. Rafał Kasprzyk, representing the Military University of Technology, emphasized the importance of the engineers and new solutions being prepared. Piotrowski expanded on the matter, also indicating the role played by rationalization, research, experimentation, and education. He noted that introducing AI in the ICT/C2 solutions is a matter of key relevance, indicating that modern networks, signal processing, and AI are some of the tools that, in the future, would support the decision-making process.
Col. Kasprzyk, referring to the training of the cybersecurity experts, explained that training of the engineers takes time, and no shortcuts should be taken here. He said that the cyber and IT domains would be evolving rapidly and that we should be aware of threats and opportunities, and, above all, that teaching should cover analytical and abstract thinking. The Faculty of Cybernetics at the Military University of Technology teaches the students how to understand the technical processes, comprehend the models, methodologies, and algorithms. Colonel noted that the graduates can precisely and accurately define problems, and then seek solutions, using a broad inventory of different tools. He added that tools are not the main focus, since the know-how in this domain becomes obsolete. It shall not be viewed as the core of the academic curricula. Kasprzyk also said that there is a need to prepare the cyber-troops to work in offensive and defensive team settings. This should form a pillar of the Armed Forces development strategy in the cyber domain. Kasprzyk indicated the necessity to establish as great levels of operational autonomy as possible, in parallel to the development of joint efforts with the allies, NATO, or the EU. Autonomous cyberspace capabilities are a valuable asset. Cyberspace is an asymmetrical domain, thus allowing the less developed states to attain capabilities comparable to those of global superpowers, he summarized, indicating the necessity to create national solutions. He said that, if possible, the Armed Forces should be autonomous and independent of external software suppliers (commercial ones in particular). The hardware supply chain should be also stable - and this has been emphasized by the pandemic and the global shortage of chips, Kasprzyk concluded.
The debate was summarized by Gen. Reudowicz who stated that the mind has the power over matter and that it is up to human beings to decide whether to fight or not and on how one should utilize modern solutions and hardware. Reudowicz said that perception today can be shaped with the use of many different methods and that how we perceive reality ultimately influences our decisions or actions. The solution here is to understand the environment and the objectives of our actions. Deputy Head of the National Security Bureau quoted Dwight Eisenhower, saying that planning is everything, while a plan - is nothing. Analyzing the environment, key factors, and objectives (planning) allows one to assess the relevance of the obtained information and its impact on the actions, separately from the "noise". Reudowicz added that improvement of cyberspace security requires the common nature of the employed measures and cooperation on the part of the citizens, armed forces, and the military, as cyberspace operations and conflicts shall not be viewed as a domain exclusive for the Armed Forces. Let's build our know-how and expertise where possible.