Digital space is increasingly crucial in modern armed conflicts.
The war in Ukraine showed clearly how crucial data becomes – both obtaining and securing them. Russian cybercrime groups attack the IT infrastructure of defence companies in Europe, while Ukrainian services run effective spy operations. The IT and OT systems of arms companies are and will be the strategical mark of hostile activities. Their protection requires the implementation of appropriate NATO-compliant solutions, and in the case of co-operators gathering the provisions of the KSC Act, experts from Stormshield and Dagma IT safety emphasize.
Any component of the digital environment can find the destiny of the operation or even the full conflict
"History has repeatedly proved that during the war the information advantage is crucial. Success during the conflict of Warsaw in 1920 was possible thanks to the interception of radio messages, and the breaking of Enigma code by Polish mathematicians was of paramount importance for the course of planet War II. The way wars are conducted changes, drones and complex C4ISR systems have emerged, and all component of the digital environment can find the destiny of operations or even the full conflict," says Piotr Zielaskiewicz from DAGMA safety IT. "It is unchanging that information is simply a weapon that can be gained by gaining a considerable advantage, and thus the key function of securing it is to safeguard it. Both the resources of the army and the entities forming the associated ecosystem," he stresses.
Silent cyber attack on the defence of east Europe and Ukrainian action aimed at Tupolawa
In late 2024, Operation RoundPress, attributed to the APT28 (Sednit) group, known from earlier attacks on NATO and US institutions, was revealed. This time, its goal was to webmail servers (Roundcube, Horde, MDaemon, Zimbra) owned by defence companies and government institutions in east Europe. The attackers utilized the vulnerability of XSS and infected the victim's browsers with a malicious JavaScript code utilizing fake email. As a result, logins, contacts and message content were intercepted. In any cases, they even managed to circumvent the 2FA safeguards.
“The operation was a typical low profile attack that does not origin chaos to disrupt the functioning of the attacked institution, and its sense is the long-term, unnoticed penetration of resources and the acquisition of delicate information. In the case of arms companies, this is simply a immense threat – says Aleksander Kostuch, Stormshield engineer.
Even irrelevant data can be utilized to plan hostile actions
Ukrainian intelligence is besides successful on the digital front of the fight for information. The services there broke the safety features of the Moscow plan office of Tupolev, obtaining data on the Russian Army's air systems. This is an example of how effective digital intelligence can be, and at the same time how crucial data safety is.
– In Ukraine's conflict, information is as valuable as resources and equipment. Even for the sake of appearance, irrelevant data can be utilized to plan hostile actions," emphasizes Piotr Zielaskiewicz.
How do I safe the arms companies?
The infrastructure of the defence sector should be protected in a manner appropriate to the scale and nature of modern threats. This means implementing comprehensive solutions specified as OT and IT segmentation, modern UTM firewalls equipped with intrusion detection systems (IPS), multi-component authentication access control mechanisms (MFA) and central log management and integration with SIEM/SOAR systems.
Equally crucial are the procedures for managing vulnerability, regular software updates, penetration tests and training of cybersecurity personnel. Only this approach allows us to build real resilience to threats which present do not bypass industrial infrastructure linked to the military.
System safety is needed, preferably centrally managed
– In defence companies we deal with key data: weapons projects, logistics plans or systems configurations. They cannot be protected by “half-measures”. Systemic safeguards are needed, preferably centrally managed and adapted to the circumstantial characteristics of the arms industry. Of course, state companies are subject to NATO and MON requirements, says Aleksander Kostuch.
These include, among another things, the usage of solutions that comply with the minimum qualification at NATO Restricted level, which is simply a pass to defend classified information processing systems.
The request for adequate protection besides applies to military companies' co-operators
– It is crucial to meet the requirements of circumstantial standards of the defence industry, which guarantees reliable operation besides in field conditions – says Aleksander Kostuch. – However, the request of adequate protection besides applies to the cooperatives of companies operating in the military sector. The company that is part of their supply chain must adapt the protection of its systems to the requirements of the NI2 Directive and its implementing KSC Act," added Stormshield expert.
