Industry
Defence
Deliver highly effective and resilient security environments that protect mission-critical systems, information and operations from cyber threats.
Introduction
Conflict today is about much more than the battlefield. Nations need to defend against high-tech threats both in the grey zone and in physical conflict.
Technological advancements have been a key factor in war for as long as humans have been fighting each other, and they have played a key role in defence for decades. From Alan Turing’s efforts at Bletchley Park breaking the Enigma Code in the Second World War, to cyber attacks on national assets and infrastructure, technology has been and will continue to be critical to the defence sector.
The world revolves around data – it’s the number one valuable asset that malicious actors want to get their hands on. Whether it’s to steal valuable intellectual property or disrupt production, organisations that operate in the defence industry are prime targets for cybercriminals.
Having suffered from numerous high-profile data breaches, the defence industry needs to double down on its efforts to ensure its IT infrastructure is as impenetrable as it’s technically and humanly possible to be.
Industry Overview
In the last decade, the UK’s defence industry has become the second largest defence exporter in the world after the USA, and it is the largest in Europe. Our largest security export markets are Europe, North America and Asia-Pacific.
With cybercrime running at an all-time high, there is understandably a growing shift towards cybersecurity. The UK, like many other countries, has been focusing on developing and exporting cybersecurity solutions, as well as advanced technology systems for defence applications.
Recent Government statistics show that cybersecurity remains the largest UK security exports sub-sector, with exports increasing from £4 billion in 2020 to £5 billion in 2021, a growth rate of 20%.
Market Trends & Statistics
Whether as a result of an insider threat, phishing campaigns, or DDoS attacks, the defence sector has been under continuous attack from cybercriminals, nation-states and proxy actors in recent years, and things show no sign of slowing down.
Aerospace and Defence Cyber Espionage Campaign
A sophisticated cyber espionage campaign targeted UK defence and aerospace companies in 2016, aiming to steal sensitive information on military technologies and strategies.
Cobham
Cobham, a global defence and aerospace company, experienced a cyber attack in 2017 that disrupted some of its operations and led to a temporary halt in manufacturing.
Vodafone
Vodafone, which provides IoT services to various defence companies, suffered a data breach in 2017 that exposed sensitive data, potentially impacting defence contractors.
UK Ministry of Defence
While not a direct attack on a defence company, a significant data breach in 2007 at the UK Ministry of Defence exposed sensitive information, potentially affecting multiple defence contractors and partners.
Challenges & Opportunities
Global economies are facing a range of geopolitical challenges, from wars to climate-related events and long-term pandemic-related economic distortions. The impact of these challenges permeates the world’s economies, resulting in economic turmoil, personal uncertainty and enhanced criminal opportunity, including nation-state attacks and insider threats.
The current geopolitical environment renders the current risk of cyber attacks at the highest it has been. The National Cybersecurity Centre (NCSC) urged UK companies to bolster their online defences following Russia’s attack on Ukraine.
Developments in defence are increasingly based around data; data that’s shared across a broad supply chain of companies providing third-party components and services. The ships, submarines and combat aircraft that are being developed today, will play a vital role in helping military organisations around the world gather and analyse large amounts of data needed to deliver information advantage.
Regulations & Compliance
- Secure by Design, Secure by Default and US-led Defence The Federal Acquisition Regulation Supplement (DFARS) Regulations are a set of cybersecurity regulations and guidelines that apply to organisations that contract with the United States Department of Defence (DoD). DFARS is an extension of the Federal Acquisition Regulation (FAR) and is specifically designed to protect sensitive and classified information held by government contractors and subcontractors.
-
- DFARS compliance is essential for companies that handle controlled unclassified information (CUI) and other defence-related information. It requires these organisations to implement specific cybersecurity measures to protect this information from cyber threats and unauthorised access.
-
- Key elements of DFARS compliance typically include:
-
-
- NIST SP 800-171 Standards – Compliance with the National Institute of Standards and Technology (NIST) Special Publication 800-171, which outlines security requirements for protecting CUI.
-
-
-
- Security Controls – Implementing various security controls and best practices to secure information systems and networks.
-
Looking for cybersecurity peace of mind?
Conclusion
With increasingly unstable geopolitical conditions, the UK defence sector balances an uptick in trade, with an ever-growing list of new and emerging cyber threats. These factors are compounded by increased digital transformation and cloud adoption. Increasingly unclear threats surface, complex and sometimes compromised supply chains and skills shortages.
BlueFort is the UK’s leading independent Security Solutions Partner (SSP). Using BlueFort’s standards-based framework of Continuous Discovery, Validation and Control, we are able to help defence clients navigate this minefield with simplicity and confidence.
Designed to face the reality of modern cybersecurity, BlueFort helps defence organisations ensure their security environments are fit for purpose by prioritising assessment, consolidation, and optimisation.
We give you access to industry experts who have gone through the vetting, testing and curation of exciting new technologies, to help you cut through the noise of the cybersecurity market and deliver proactive cyber market research and enhanced support.
