Secure Communications – the cornerstone of C4ISR
Guest blog by Dr. Andy Lilly, Director and Co-Founder at Armour Communications Limited #DefTechWeek
Use of mobile phones has transformed communication, a crucial element of C4ISR. However, for all the impressive technology in such a tiny device, it opens up military/defence organisations to a range of potential attack vectors including: IMSI catchers, fake basestations, AI/deepfake impersonation attacks, as well as unsanctioned consumer apps on BYOD devices, any of which could result in leakage of time/mission critical data.
Attacks using old technology still highly effective
Fake base stations and IMSI catchers are an old attack vector, but still in use today and catching out the unwary. This is where mobile phones are ‘fooled’ into locking on to the strongest antenna signal from a fake basestation which then negotiates reduced encryption standards that are easily cracked.
A recent investigation indicated that enemy forces are using this very method via transportable antenna (fake basestations launched via drones) to access data sent by devices, and in some cases to erase information held on phones. As long ago as 2017 soldiers were reporting ‘strange things’ happening to their phones such as contacts disappearing. Indeed, troops and those travelling in ‘unfriendly regimes’ should beware of posting content online, even to restricted profiles visible only to friends, because such posts can easily be accessed by uninvited third parties.
In early March the BBC reported that a European government admitted to a hack of a military meeting where officers discussed use of long-range missiles, and their possible targets. https://www.bbc.co.uk/news/world-europe-68457087. The hack was helped in part by the fact that the participants were not using a secure communications channel.
AI generated impersonation-based attacks an increasing threat
The growth of artificial intelligence (AI) generated deepfakes for impersonation-based attacks is becoming more prevalent. Video calls are becoming so believable that in February a finance worker in a multinational company was duped into paying out $25 million after a video call with a deepfake chief financial officer. Not only was the CFO on the call a deepfake, so were all the other participants, all of whom were known to the finance worker.
Identity-based encryption – know who you are communicating with
One way that military organisations, or any other organisation for that matter, can protect against these threats is to use a secure communications platform that utilises identity-based encryption. Protocols such as the NCSC’s MIKEY-SAKKE ensure that people can be confident that they are communicating with who they think they are and not an impostor, however clever their fakery.
As these recent attacks demonstrate all too vividly, organisations of every shape and size in both public and commercial sectors need to take the cyber security of their communications seriously. This means banning the use of unsanctioned shadow IT for business purposes. A built-for-purpose, Secure by Design (SbD) secure comms platform can provide an engaging user experience to rival any consumer app, plus the ability to manage and control the organisation’s data centrally.
Protect data sovereignty
Whether deployed on-premises (on in-house servers), or as a secure hosted solution, an enterprise-grade secure comms platform that covers voice calls, instant messaging and video conferencing ensures data sovereignty. This is where data stays on sovereign soil, something that some tech giants can’t guarantee, even for UK Government users. It also ensures data separation, no mixing of data, be that of different classifications of data, or business and personal, even on BYOD devices.
In short, a secure communications platform can protect military and other sensitive communications even in hostile conditions. Users and their data are managed centrally, meaning users can be confident that they are communicating with who they think they are, and not an adversary.
Defence Programme activities
The Defence programme works to help the UK’s defence technology sector align itself with the MOD. techUK members are able to navigate and better understand the UK Defence sector to successfully align their own investment and resources to take advantage of business opportunities. Visit the programme page here.
Upcoming events
Latest news and insights
Learn more and get involved
Defence updates
Sign-up to get the latest updates and opportunities from our Defence programme.
Meet the team
Fred Sugden
Associate Director, Defence and National Security, techUK
Fred is responsible for techUK's activities across the Defence and National Security sectors, working to provide members with access to key stakeholders across the Defence and National Security community. Before taking on the role of Associate Director for Defence and National Security, Fred joined techUK in 2018, working as the Programme Head for Defence at techUK, leading the organisation's engagement with the Ministry of Defence. Before joining techUK, he worked at ADS, the national trade association representing Aerospace, Defence, Security & Space companies in the UK.
Fred is responsible for techUK’s market engagement and policy development activities across the Defence and National Security sectors, working closely with various organisations within the Ministry of Defence, and across the wider National Security and Intelligence community. Fred works closely with many techUK member companies that have an interest in these sectors, and is responsible for the activities of techUK's senior Defence & Security Board. Working closely with techUK's Programme Head for Cyber Security, Fred oversees a broad range of activities for techUK members.
Outside of work, Fred's interests include football (a Watford FC fan) and skiing.
- Email:
- [email protected]
- Phone:
- 07985 234 170
Read lessmore
Raya Tsolova
Senior Programme Manager, techUK
Raya Tsolova is a Programme Manager at techUK.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
- Email:
- [email protected]
- Phone:
- 07712630603
Read lessmore
Jeremy Wimble
Programme Manager, Defence, techUK
Jeremy manages techUK's defence programme, helping the UK's defence technology sector align itself with the Ministry of Defence - including Defence Digital, DE&S, innovation units and Frontline Commands - through a broad range of activities including private briefings and early market engagement events. It also supports the MOD as it procures new digital technologies.
Prior to joining techUK, from 2016-2024 Jeremy was International Security Programme Manager at the Royal United Services Institute (RUSI) coordinating research and impact activities for funders including the FCDO and US Department of Defense, as well as business development and strategy.
Jeremy has a MA in International Relations from the University of Birmingham and a BA (Hons) in Politics & Social Policy from Swansea University.
- Email:
- [email protected]
Read lessmore
Tracy Modha
Team Assistant - Markets, techUK
Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.
Authors
Dr. Andy Lilly
CTO, Armour Comms