Between strong operational and environmental constraints, military cybersecurity promotes an extraordinary culture of adaptation and innovation.
“In military cyber, you have to have a sense of resourcefulness to be able to get by,” insists Fanch Francis, former petty officer in the army’s intelligence services and CEO of Nano Corp, a cybersecurity company. “We can set up antennas in the sand or snow,” adds, not without irony and boasting, Sergeant Alexandre of the cyber defense regiment, near Rennes. “It’s the way of using the tools that differs from the private sector. When we use them in a theater of external operations, it’s not the same conditions as in an air-conditioned office. And when we know that behind the alerts we process, it’s the lives of comrades or the security of the country that are at stake, and not simply the productivity of an organization, it’s different,” adds Adrien, a young staff sergeant, also in the cyber defense regiment. Operating in sometimes extremely harsh conditions, these cyber fighters practice unparalleled cybersecurity on a daily basis.
Permanent constraints
“In 2011, during an allied operation off the coast of Libya, we found ourselves having to install UHF Satcom equipment quite quickly in the open sea. This equipment allows the military to communicate long distance via satellites. It had been a while for the French navy since we had carried out an operation of this type with our NATO allies, with the implementation of an airmobile group. We therefore found ourselves in the open sea, about ten meters away above the water, suspended at a height, having to weld antennas from the ship, then connect this equipment to existing systems to ensure communication with our allies. Then, at the same time, we had to ensure the cybersecurity of the installation, compliance with electromagnetic standards and that the antenna correctly captures its satellite”, recalls Lieutenant Commander Thibault, cyber protection specialist at the Cyber Defense Command (Comcyber).
“In fact, our difficulty is to operate in environments which combine a large number of risks. An aircraft carrier, for example, is like an airport put at sea. It combines all the constraints and risks of the airport with those of the sea. In addition to that, we put two nuclear reactors inside, planes which carry a nuclear weapon… To this accumulation of risks is added an accumulation of threats which are not necessarily the same as those we find elsewhere, it’s always a big challenge because we have to practice cyber on systems that have very high complexity, while having to respect operational security principles, etc. “
Fanch Francis remembers these rules with annoyance. When he worked at the Naval Intelligence Center, they slowed down the development of military Osint: “At the beginning, we envied civilian capabilities in this area because we were tied hand and foot by interconnection constraints. Importing data from the internet, with the secure workstation, mixing it with data from confidential sensors to derive intelligence was akin to a real nightmare!”
Added to this are the constraints of the mission environment, which must be agile and discreet. “Everything we think about in terms of cyber protection has an impact on the life and security of soldiers in operation, and on a day-to-day basis. A boat or a group of men in the middle of the desert is not connected to optical fiber. These environmental constraints, with soldiers who only have backpacks, mean that we must identify the essential tools to transport. Then these tools must be protected and therefore encrypted. We must also make the networks waterproof, make the means of communication discreet, transport firewall hardware and not software, etc.”
Limitless ingenuity
These restrictive and unpredictable environments nevertheless push these cyber-combatants to anticipate all possible scenarios to ensure the continuity of operations. “We know how to deploy business continuity plans pushed to the maximum of what we can do in terms of resilience. Radio transmissions can be useful and sailors are still training to navigate without GPS, with a map and observation of the stars,” says the lieutenant commander.
These constraints also develop in them an ability to demonstrate constant ingenuity. “On a ship in operation, we have to prove that the shots are carried out correctly. To do this, we record as much as possible about these shots. During a mission, the system which allowed them to be recorded broke down. With a comrade, we therefore had to very quickly code a small script allowing us to take screenshots every two or three seconds and transform them into video. We were on the open sea, in a complicated area, and we had to type on special, very waterproof keyboards so that they were protected from water, on which it is complicated to type code, but we took up the challenge!”
Added to this is the mismatch between the long life cycle of military equipment and the rapid evolution of cybersecurity, which pushes for constant innovation. “Take a large carrier like the Charles de Gaulle aircraft carrier. It can take thirty years between the definition of needs and the arrival in service of the product. In the meantime, several digital revolutions are taking place. The military must therefore tinker, to adapt the information systems to the needs of the moment, to ensure that everything is interoperable, particularly with allies.” “Basically, a soldier in cyber must know how to manage himself. It’s in his DNA anyway!”, reassures Fanch Francis, enthusiastically.
