As defence organisations become more connected and dependent on outside parties, whether part of a coalition or working with defence manufacturers, maintenance partners or other industries or government parties, risks that threaten one organisation are amplified across the ecosystem. This theme is explored in one of the key trends, Secure US to Secure ME, in this year’s Accenture Technology Vision.
It’s an important vulnerability that’s recognised by public service leaders: 83% say that to be truly resilient, organisations should consider rethinking their approach to security to defend not just themselves but their ecosystems too. For defence organisations, of course, it’s essential to safeguard data as the foundation for trust and to be able to defend the whole country and all allies. But nearly half of the public service executives we surveyed for the Technology Vision can only say that they ‘hope’ their ecosystem partners are working as diligently to be compliant and resilient with regards to security. Only one-quarter say that they know that’s the case. In defence we cannot just hope.
Having that certainty is increasingly essential. In connected ecosystems, attacks can reach an unprecedented scale. The WannaCry cryptoworm, for example, spread across 300,000 computers in 150 countries in a matter of days. What’s more, as defence organisations seek to take advantage of new technologies in the physical world through digital sensors and IoT, the attack surface they create becomes an even greater target. To address it, defence organisations need to move away from a ‘my organisation first’ mindset and expand the horizons of their risk assessment to take account of an ever-expanding threat landscape.
Modern platform ecosystems are starting to emerge where the boundary between weapons, sensors, platform and the supply chain blur. This creates vulnerabilities and makes it difficult to identify all possible attack vectors. Nowadays, open-source information can no longer be considered as less important as classified intelligence information. This creates the question of how to combine data from different sources with classified information, all the while keeping the data and the outcomes secure.
So how should defence organisations move forward? The first step is to examine how the move to greater ecosystem collaboration is creating new vulnerabilities for defence. As defence organisations increasingly collaborate to deliver best-in-class security for nations, they need to make sure that security is part of that effort too. It’s also crucial to create the governance, models and policies that ensure that each time a new partner joins an ecosystem they adhere to the same standards of security that the defence organisation sets for itself. That may mean looking across the broader defence sector to explore common challenges and build the solutions that make it safer for everyone to operate.
To what extent is participation in ecosystems with defence manufacturers or sharing information with coalition partners changing the threat landscape for your organisation?