Cyber Defence is More than Cybersecurity - At least from a Military Viewpoint

 Intro

In the model for state-level actions within the cyber environment in scenarios from confrontation to conflict, the military recognises techniques, tactics, operations and strategies, which all execute the political interests as I described in the 2022 paper published in Military University of Portugal in Figure 1. As with other legacy domains, the tactical, operational, and strategic levels are also feasible in the cyber domain, which is gradually taking over the information sphere in the military impact structure. Adversaries (RED) currently use the cyber domain to impact the physical sphere by combining kinetic and cyber strikes to target the defenders' (BLUE) physical systems. Simultaneously, RED uses kinetic and cyber strikes to create fear and confusion in BLUE's cognitive and social spheres. So, with the introduction of the cyber environment, the military faces a more complex theatre than the traditional physical sphere where space, air, land and maritime operations take place. 

Unfortunately, information security promotes only some controls and procedures (e.g., ISO 27 000 or NIST 800 series), and cybersecurity provides some processes or management models (e.g., NIST Cybersecurity Framework, ITIL, COBIT, ISO 38500). These leave the military short at higher levels of confrontation. Therefore, the paper aims to define cybersecurity at military tactical, operational and strategic levels and provides some examples in cyber defence.

Figure 1: A Model for State Cyber Power

Tactical-level Cyber Defence

Model: Military tactics encompass "the art of organising and employing fighting forces on or near the battlefield."   When this is applied in defence of the cyber environment, it may include establishing a doctrine that would nullify the adversary's most probable attack tactics (IT- architecture), preparation of the area of operation (artificial cyberspace), digging the defensive positions (defence-in-depth) and defining the areas of fire (sandboxes, honey pots), setting the tripwires and reconnaissance (vulnerability hunting, monitoring and threat intelligence), preparing the alternative positions (continuation and recovery) and exercise the fire and position changes drill in day and night (incident, problem, change management and red teams).

Principles for cyber defence tactics may include the following:

• Construct BLUE domain defence against RED attack vectors (e.g., MITRE Att@ck) based on the posture of information security
• Prepare the BLUE domain using the dimensions of depth in Figure 2
• Establish kill zones with honey pots and abilities to create sandboxes within the domain
• Stabilise BLUE baseline of protocols and behavioural patterns to improve the probability of detecting anomalies
• Establish 24/7 monitoring, use AI to enhance pattern recognition and automate some of the basic response actions
• Establish security at least at emission, transmission, communications and session levels in the OSI structure
• Test the domain integrity continuously with penetration testing, black box testing, and vulnerability hunting
• Configure the recovery of processing, storage and data to meet the operational availability requirements
• Exercise BLUE detection, response and recovery with red teaming in live domains.

Examples:

BLUE cyber defence observes the following incidents on their monitors: 

• SIEM in SOC is not receiving log data from several servers, firewalls, IDS, switches and routers.
• The network management system in NOC indicates that it has lost connection to several servers, switches and routers.
• The physical security monitor has lost all video and sensor feeds from Data Center A.

BLUE defenders may take the following actions:

• Confirm the possible loss of an entire Data Centre from other sources 
• Assess the gravity of the situation and draft Courses of Action (CoA) for remedy and communicate them to Operation Control 
• Monitor the process of automated recovery of data and services and launch possible manual remedies 
• Get recovery priorities and decide on CoA from Operation Control 
• Launch required additional remedies to recover and restore data and services based on agreed CoA and priorities.  
• Inform Operation Control and end users of the recovery progress.

BLUE threat intelligence receives information that a software development vendor has been breached and their latest application update may be compromised. The BLUE cyber defence may resolve the situation with the following options:

• Network Operation Centre (NOC) isolates systems running the possibly compromised application 
• Cybersecurity Operation Centre (SOC) sandboxes the infected area and investigates the situation 
• IT security patches the software if the vendor has fixes available 
• SOC deploys additional security controls and focus monitoring to prevent exploitation 
• SOC detects a variation in standard behavioural patterns in one site running the possible compromised application. NOC kills the ill-behaving computing process that normalises the situation. 
• SOC observes the malevolent behaviour in the honey bot and checks how automated sandboxing prevents the malware's spread.

Figure 2: An example of a tactical-level view of Cyber Defence 

Operational-level Cyber Defence

Operational represents the level of command that connects the details of tactics with the strategy goals. Operational art may be based on Sun Tsu (know yourself and your enemy) and Clausewitz (Center of Gravity) models. BLUE recognises their power sources and considers them possible Centres of Gravity (CoG) for the RED. Each CoG needs to be assessed from the RED viewpoint, considering different Lines of Operation (LoO) for effecting the CoG and variation of Courses of Action (CoA) needed to achieve the impact in the most beneficial CoG. From all the feasible CoA variations, BLUE estimates the most probable to be considered from the RED viewpoint based on their doctrine, previous behaviour and available resources in a given situation. 

Principles for operational-level cyber defence may include:

• Recognising tempting CoGs in the BLUE system of systems: essential operations, critical data assets, critical sites as single points of failure, critical services that are not replaceable, critical gateways that will prevent information flows or suppresses systems that cyberspace is dependent (e.g., telecommunications, power distribution, cooling, fuel distribution, garbage collection)
• Innovating potential lines of operation to access the beneficial CoGs through humans, kinetic ways, cyber-attack vectors, supply chains, dependencies, and peripherals.
• Assessing each Center of Gravity against potential Line of Operation and trying to optimise available RED resources, cost of attack and benefit of the impact.
• Varying vulnerabilities, costs of attack, and possible benefits in different scenarios will provide probable courses of action available to the RED.
• Wargame scenarios to find the most probable CoAs RED would probably be executing a given situation.
• BLUE deploys different tactics to defend the potential CoGs and finds ways and means to prevent or nullify the RED CoAs until only the most probable remain. BLUE considers active and passive means and ways to address most RED CoAs. 
• Then BLUE arranges the critical assets' concealment, mock-ups, and hardening. Along the most probable attack vectors, BLUE sets digital sandboxes and honey pots together with physical engagement zones and counter agents. 
• BLUE establishes reconnaissance, anomaly pattern recognition, movement detectors, and thresholds to detect RED manoeuvre in physical, cyber, and information spheres.

Examples:

BLUE cyber intelligence indicates that RED has created a new hybrid attack vector to suppress 911 telephony service within a region or nation. The situation where people do not get help from 911 may create fear, terror, and panic, mainly when a large number of people gather for an occasion. BLUE operational planning may come up with the following preparations:

• prepare information distribution through broadcasts, flyers and messengers to ensure correct information and diminish rumours 
• prepare to switch from 911 SS7 signalling to other signalling options 
• prepare parallel ways to communicate and receive help like mobile apps, social media or portals 
• post a soldier with a radio at each crossroad and deploy more police patrols and ambulances on the streets.

BLUE information exchange and cooperation between government agencies are harassed by continuous spear-phishing through the Internet email system. After some dignitaries become victims of phishing and get their data wiped, users are afraid to open any attachments, even from known senders and are quickly losing their trust in the email system. BLUE Cyber Defence Operation planning may come up with the following means to mitigate the quickly escalating situation:

• Lessen the probability of opening malevolent attachments by encrypting all official emails and attached files. Only encrypted emails are safe.
• Replace email with a cloud-based digital workspace and establish users' access to this service through encrypted sessions.
• Bypass the Internet-based information exchange by extending and sharing existing intranet services between government agencies.

RED information operation trolls are spreading disinformation through common social media platforms, and malevolent bots are emphasising the flow of disinformation. BLUE Cyber Defence Operation planning may come up with the following means in support of BLUE Information Operations:

• Request social media platforms to terminate trolling accounts
• Request telecommunication operators to shut down connections to bots
• Plan and launch a distributed denial of service (DDOS) attack to suppress the troll factories connection to the Internet
• Plan and launch a cyber-attack to turn off the troll factories' power distribution
• Plan and launch joint fires to eliminate trolls and bot nodes.

Figure 3: An example of an operational-level view of Cyber Defence 

Strategic-level Cyber Defence

Military strategy is "the art of distributing and applying military means to fulfil the ends of policy"  Policy in this context usually refers to national-level security strategy, which defines the main threat scenarios against the state, its sovereignty, and interests. The model for strategic thinking in a cyber environment is based on a technological approach among the five dimensions of military strategy defined by Atkeson . The technological approach to strategy assesses the technical innovation and ability to render obsolete adversary effectors. In a conflict of system of systems, the strategic advantage can be achieved in three ways:

1. The adversary achieves a strategic surprise by launching a strike at an unexpected time or place from the Defender's viewpoint. Unforeseen situations may occur when conflicting parties assess risks differently, the other side sees an opportunity for a knockout with the first strike, or the Defender's decision-making process fails. 
2. Systemic effects are "those indirect effects aimed at affecting or disrupting the operation of a specific system or set of systems".  In a cyber environment, the indirect effects may impact power distribution, shutting down electricity, which takes down the telecommunications networks and suppresses all digital communication and processing.
3. Strategic advantage may be achieved through technological innovation and deployment of capabilities multiplied by emerging technologies, providing strategic dominance over the other party.  The USA and China compete for strategic dominance, seeking advantages from artificial intelligence, big data, quantum computing, and integrated circuit manufacturing. 

Principles of strategic level cyber defence may include:

• An attacker has an advantage in their cyber environment and freedom of manoeuvre on the Internet. The Defender has an advantage in cyber environments under their control. Hence, Defender should focus on building technological advantage and maintaining dominance in their cyber environments.
• Defender's cyber architecture includes redundant and robust means for communications, computing, and storage, so even with 50% losses of infrastructure, the essential services and processes run sufficiently, and data remains accessible.
• Defender raises a threshold against cyber-attacks, declaring assured retaliation with weapons of mass destruction.
• Defender prepares to cut their domestic Internet domain from the international Internet to diminish vulnerable surfaces and minimise options for direct attack vectors.
• Defender builds their national Internet domain based on entirely different programming languages, communications protocols, and integrated circuits. It effectively filters all traffic in and out of their national domain.
• The Attacker builds and prepares strong offensive cyber capability against the weakly prepared Defender, which deters other power projections.
• Attacker sources their cyber warriors from industry or cyber-criminal gangs to accelerate offensive cyber capabilities and gain a possibility of strategic surprise.
• Defender advances the information security architecture (Domain-defined –> Service-defined –> Zero-trust –> Content-defined)  of her cyber environment, keeping the security controls and monitoring resistant against the potential adversary attack vectors.
• The Defender uses global dominance in economy, trade, science & technology, and cyber-physical manufacturing to slow Attacker's ability to build a more effective cyber arsenal.

Examples:

BLUE operates two domains for essential processes and functions that multiply the Forces Generation and Operation performance. Since both are under BLUE's control, he chooses to build computing performance, one based mainly on Microsoft technology and the other on Linux and Open-Source technology.

There are indications that RED aims to use artificial intelligence to automate and multiply its exploitation arms, achieving attack vectors that are ten times faster within the next ten years. BLUE may come up with the following options:

• Accelerate BLUE's development and innovation for a more resilient cyber environment and countermeasure tools
• Eliminate RED's ability to execute the disruptive leap in offensive capabilities
• Build BLUE's target acquisition and attacking tools and strike the strikers
• Change the architecture of BLUE's cyber environment so it will nullify the RED's higher performance
• Build a more robust and redundant cyber environment that could absorb ten times more Attacker's attempts.

BLUE plans to digitalise its forces to gain strategic advantage. With digitalised processes in Generate and Operate functions, the cyber environment extends the vulnerability surface. The estimations of digital transformation outcomes include 20x more lethal and 10x more cost-effective force. The extended vulnerability goes beyond BLUE's risk appetite. BLUE may come up with the following options to mitigate the risk:

• Accelerate the evolution of information security architecture and leap to Zero-Trust or Content-Based security models, which will diminish the vulnerability surface even if the digital realm grows much broader.
• Instead of building a joint information domain, BLUE creates several parallel domains that are not dependent on each other and can multiply force effectivity.
• Outsource their common information domain to global network and application service providers so big that RED cannot take them down. Then BLUE focuses resources on the anti-fragility of tactical and operational information spheres.

Figure 4: Strategic-level view of Cyber Defence

Contemporary Operational Theatre and an Old Concept for Survivable Command Posts

How does command and control survive against Russian use of force?

 An excellent article by Raido Saremat, “The issues with the command posts in modern warfare”[https://www.linkedin.com/pulse/issues-command-posts-modern-warfare-raido-saremat-n5jsf/],  brought to my mind the Transferable Operation Centre (TOC) prototype project from early 2000. I was privileged to participate in the Northern Command of Defence Forces Finland. 

The challenge to have enough human competency in proximity to create viable plans, conduct complex operations, or analyse sound assessments of adversary intentions while surviving on the battlefield was our driver in those scenarios and today’s Ukrainian theatre. 

Our team used the spiral development method over three years to incrementally build-test-improve a concept for Transferable Operation Centre that would ensure human proximity while improving survivability under intense C2 warfare. 

Instead of having a single, slowly transferable headquarters (HQ), the project introduced a swarm of command post elements. Each element consisted of five staff officers and two support persons. These elements could be housed in fixed shelters, transferable containers, civilian or military vehicles or only officers carrying their computers in suitcases. 

Concept

Command post elements could be deployed together in close quarters within protective facilities or distributed anywhere over a wide area network (WAN). Each element was designed to be operable within 15 minutes from arrival and dismantled within the same time due to departure. The access connection was wireless (WLAN). If the command post element was mounted in a vehicle, the assembly and disassembly could be even quicker. 

The survivability of the transferrable operation centre is adjustable to the threat environment by varying the location, number of elements, strength of assembly, and movement of elements. Swarming TOC concept supported, for example, the following scenarios:

• In peacetime, all components can be assembled in a large shelter or industrial warehouse to maximise physical proximity.
• For task or forward post situations,  a selection of planning, C2 and Intel elements could create a forward command post either on the same site or distributed within the access network.
• The elements would be geographically distributed and divided into shifts during intense operations and under high risk. The duty shift of C2 would be online and conducting operations. The second C2 shift would be resting, and the third shift would be training and readiness to take over if the duty element is lost.

The outcome is a virtual headquarters that is not dependent on any location or computer. All information services and databases are clustered in the cloud computer infrastructure, providing operational awareness, planning tools, and analysing applications to the whole theatre of battle. 

Adversaries would not have fat HQ targets to hunt with image or signals intelligence, but tens or hundreds of small elements of 5 experts distributed in the theatre and cloud computing infrastructure that would be distributed to tens of data centres in the country and abroad.

Lessons from experimentation

Because of the spiral development method, each year of development included several live exercises. One of them provided positive feedback, although reserve officers both used and operated the TOC services for the first time: [https://c4isys.blogspot.com/2013/01/spiral-development-of-c4isr-system.html]

1. Those processes staffed with off-duty and on-duty shifts suited the virtual CP concept well and allowed the CP site to transfer every time the shift changed.
2. With online support and IT-skilled reserve officers, the technical support for each element transfer was sufficient.
3. The establishment time needed for each user to gain access and start working with the operational picture and planning process was eliminated to minutes after arrival at the CP site.
4. All information and documents must be digital and stored in the cloud to enable digital staff work.
5. The security can be adhered to while working with secure and restricted information systems over a public access network.
6. The collaboration enhanced with VoIP-telephone and virtual whiteboard enables practical virtual staff work among distributed command post elements.

It seems that the military were foreseeing a scenario that we all were forced to adapt during the COVID pandemics.

 Zero Trust Security Architecture in Military Cyber Environment

Summary

• Zero Trust Architecture (ZTA) is rooted in the principle of “never trust, always verify.” Zero Trust design aims to protect modern cyber environments and enable digital transformation by using strong authentication methods, leveraging network segmentation, preventing lateral movement, providing Layer 7 threat prevention, and simplifying granular, “least access” policies. 
• ZTA is replacing the previous trust on domain ownership and airgap isolation in access management as part of information security.
• The military has adopted or is adopting the new foundation for security trust as they proceed with digital transformation.

What is a Zero Trust Security Architecture?

Information security architecture is about trust. The military has a long tradition of trusting an entity if it is a part of the owned domain (SIPRNET), physically separated from others (AIR GAP), situated in a know location (Camp), the user represents a trusted organization or uses authorized terminal (Workstation in a Command Post). 

Unfortunately, the digital transformation of military enterprises is not possible based on these old trusts (Snowden , Teixeira , data breaches doubled in 2022 in DoD ) but require access from mobile terminals (no place), Adhoc networks (no domain), quickly changing roles (no organization) and via a variety of terminal (no workstation). Therefore, it is hard to establish the foundation for trust when everything can change. Hence, A zero-trust architecture (ZTA) is an enterprise cybersecurity architecture based on no-trust principles designed to prevent data breaches and limit internal lateral movement. 

The NIST SP800-207  and the CISA ZT Maturity Model v2  are the most used references for the ZTA. They also provide examples of migration roadmaps from perimeter trust towards zero trust. The following principles define the zero-trust approach:

1. Every access request starts from a position of zero trust (applies to all entities - humans, devices, services).
2. Authorization is granted based on dynamic context (risk-based), ideally per request.
3. Assume a breach - of user ID (including machine or application service ID), access device, or transport network. 

Naturally, the above level of untrust requires 24/7 monitoring and a thorough understanding of one’s information and computing assets. Therefore, a consolidated cloud computing architecture usually enables Zero Trust and helps build Digital Trust. 

The NIST SP800-207defines seven tenets for ZTA as follows:

1. All data sources and computing services are considered resources.
2. All communication is secured regardless of network location.
3. Access to individual enterprise resources is granted on a per-session basis.
4. Access to resources is determined by dynamic policy.
5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets. 
6. All resource authentication and authorization are dynamic and strictly enforced before access. 
7. The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communications and uses it to improve its security posture.

How are Military Organizations Proceeding with ZTA?

Typically, military organizations are found somewhere along the evolutionary path of information security. Depending on their position, they can proceed with small steps or take a revolutionary leap to enable the full features of digital transformation.  For example, Table 1 provides a view of what is going on in military information security.

Armed Force	Areas of ZTA Application	Plans for the Future
FIN	2008 secured Internet service within a Confidential domain[1] 2009 Secret session over untrusted networks with trusted terminal 2015 Any confidentiality level session over any access network on any available terminal[2]	N/A
US	2021 Executive order to USG to move to Zero Trust Architecture[3] 2022 US DoD Path to Zero Trust Architecture (ZTA)[4]	FOC 2027 for cloud-based services JADC2 will be based on ZTA[5]
5 Eyes	2023 Aligning the 5 Eye Nations ZTA approaches[6]	N/A
EUMS	2022 Regulations for a high common level of cyber security, digital operational resilience, and resilience of critical entities  [7]	N/A

---

[1] https://www.is.fi/digitoday/art-2000001436589.html

[2] https://www.defmin.fi/files/1834/tietojohtaminen.pdf

[3] https://www.strongdm.com/blog/zero-trust-executive-order-14028

[4] https://www.defense.gov/News/News-Stories/Article/Article/3229211/dod-releases-path-to-cyber-security-through-zero-trust-architecture

[5] https://defensescoop.com/2023/04/12/army-at-the-crawl-phase-in-journey-to-zero-trust

[6] https://www.cybersecurityconnect.com.au/defence/8574-five-eyes-alliance-discusses-zero-trust-cybersecurity

[7] https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/

Link to original article in Adobe https://acrobat.adobe.com/link/track?uri=urn:aaid:scds:US:a62996a1-24a6-3cfc-b69c-c7b5fde8088e

Telecommunications service provider, Cyber security and European future

 Possible Evolution of European Society

Assuming that the Russia – Ukraine war will linger for several years without a final resolution (as Russia wants and Europe yields), the fact remains that the time for cheap Russian energy in Europe is passed. Consequently, the accelerated green transfer will disrupt European industry, energy-intensive manufacturing will vanish, and cyber-physical products and services will need to become the primary European export goods within the next five to ten years. Furthermore, Europe may compete with Asia and America with accelerated transformations in the industry (4th industrial revolution), focused science and technology investments (3D and AI-enabled engineering and design), getting rid of geographical distance (Metaverse) that constraints human collaboration, man-machine teaming that accelerates the design and manufacturing performance, open data that provides large enough models for human and machine behaviour, and with forward-looking European market (EU digital acts). On the other hand, the European future depends on fewer younger generations who can disrupt industry, economy, and finance by teaming with machines as the population ages. Finally, Europe needs more coherency to deal with energy transfer, digital transformations, total security, and protecting political and economic interests.

Figure: Digital Compass for Europe 2030 (DigitalEU)

Probable Evolution of Technology

The migration journey starting with digitisation, following digitalisation and further digital transformation, proceeds at a pace defined by knowledge, competency, cooperation, business, digital maturity, and trust. (Andrews, et al., 2018) Nevertheless the complexity, the rate of change has been unforeseeable since digitisation impacted over 50% of the world population within two decades. (UN, 2022) Currently, the world feels the impact of the following three waves of evolution in information and communications technology (ICT):

1. Wave: Mobile Internet and Platforms

• The Internet with IP protocol, WWW and Browser
• 3-4G providing mobile data connection
• Smart mobile devices
• Platforms for social behaviour and economic transactions (Kenney & Zysman, 2016)
• Big data and business analysis/intelligence

2. Wave: Cyber-physical products and services

• 5 G provides near-zero latency connections for masses of connected devices
• The Internet of Things will produce 75% of organisations' data by 2025 (Stackpole, 2022)
• Migration of algorithms and machine learning automate digitised processes and provide a variety of man-machine interfaces
• Cloud computing provides computing power for services like IaaS, PaaS, and SaaS, which are easy to replicate and provide

3. Wave: Real-time networks of machines and Metaverse for humans

• Non-latency and high bandwidth access networks (Wi-Fi 6, 5G and 6G) are connected through fibre optical connections for networks able to slice capacity for immersive 8K perception for humans and real-time connections between machines.
• Quantum technology will increase computing performance, disrupt encryption, and improve the sensitivity of sensors, accurate timing, and communications bandwidth. (Johnston, 2021)
• The automated function of networked machines enables the 4th industrial revolution, autonomous transportation, and smarter cities.
• Edge computing and data-driven machine learning improve the level of machine cognition (Brown, 2022)
• Digitisation and increasing connected devices will increase the amount of data by 2025 to 175 Zettabytes. Human cognition requires machine support and smart data to identify any pattern from the amount of data. (De Goes, 2013)
• Human-machine interface migrates from screen and keyboard to 3D Metaverse. (Gartner, 2021)

Europe has already lost wave two because US and China-hosted platforms have engaged most of the social, economic, and financial transfers, prominent US-borne LEO satellite constellations will compete with terrestrial wideband access to the Internet, integrated circuits manufacturing is outsourced, and the majority of software development takes place in US, China, or India. Furthermore, China pushes its cheap infrastructure and automation packages to global markets.

Wave three still provides an opportunity for European engineering, democracy, and economy, as Europe has some advantages in science and technology (S&T) together with active innovation and entrepreneurial culture. However, Europe will benefit from this opportunity only if the transformation is faster than the more voluptuous but slower competitors. Moreover, besides strong S&T, the transformation requires a supportive environment for small and medium enterprises (SMEs) that provide added value to common markets. Therefore, the European availability of capital, infrastructure, services, channels, supply chains, platforms, and cooperation networks are essential enablers.

Information Security Remains Essential for European Future

Since the disrupting transformation needs to happen faster than any previous journey on the evolutionary path, there will be several critical hurdles to overcome. Mitigating these hurdles requires a social contract based on trust within the democratic political and liberal (venture capitalism, individualism, private property) economy systems. While society and its services are digitising faster than ever, digital trust  has become a foundational enabler. Suppose people lose their trust in digital services, cyber-physical products, the information provided by authorities, digital healthcare, or smart facilities they live in. In that case, the transformation will halt, and the European opportunity to gain from the ongoing development wave will be lost.

Naturally, fast development produces mistakes and failures. Hopefully, industry and service providers will learn quick enough to keep the negative impact small and short. Nevertheless, the problem becomes more severe because the state-level competitors intentionally fragment digital trust while generating an advantage for their authoritarian style (loss of privacy, big brother control, new class society) cyber-physical services. (Fleming, 2022)

In conclusion, the inside and outside sources of security failures need to be managed better than during the previous waves of digital evolution. The fundamental ways of mitigation include, for example:

1. The digitised national critical infrastructure must be more robust and resilient against failures. In addition, the whole supply chain of components intended to create critical infrastructure needs inbuilt security (processes like SecDevSecOps) . 
2. All operators of critical infrastructure services need to have preventive, real-time monitoring, and reactive measures to manage cyber behaviour and possible violations in their area of responsibility. In addition, security operations require automated threat analysis, behaviour monitoring and reaction to incidents because human responses and persistence are insufficient.
3. The edge processing and storing of data requires distributed security policy and trust between operators and users. Therefore, data security that supports low-latency implementations becomes crucial for new services supporting green transfer, 4IR, smart cities, design & engineering and automated traffic.
4. Identity and access management in the digital realm create the foundation for trust. Notably, the exponentially rising number of connected devices will challenge average enterprises. A service provider or broker would make it easier for enterprises to improve their automation with trusted machine-to-machine transactions.
5. The security processes for development and operations take time to mature. Only at higher maturity levels will the processes systematically learn from mistakes and near-misses and improve their performance and quality. Unfortunately, SMEs do not have time to establish teams with high process maturity. Hence, they need providers or jump-start partners to accelerate their abilities.
6. Europe does not educate competent people enough to suffice for all entities to take care of their security.  Furthermore, small enterprises do not have time to establish security to meet higher digital trust. Therefore, security service providers and B-to-B cooperation are essential in building digital trust between all stakeholders.
7. A Service provider must comply with existing and emerging legislation of European Digital Markets, Data Privacy and Protection, sustainable digital infrastructure, etc. (EU, 2021) The compliance requires both in-organisation and third-party auditing, multi-country cooperation, and transparent performance indicators.

Bibliography

Andrews, D., Nicoletti, G. & Timiliotis, C., 2018. Going digital: What determines technology diffusion among firms? Brussels: European Council.

Brown, S., 2022. Why it's time for 'data-centric artificial intelligence'. [Online] 

Available at: https://mitsloan.mit.edu/ideas-made-to-matter/why-its-time-data-centric-artificial-intelligence [Accessed July 2022].

De Goes, J. A., 2013. `Big data is dead. What's next? [Online] 

Available at: https://venturebeat.com/2013/02/22/big-data-is-dead-whats-next/

[Accessed July 2022].

EU, 2021. 2030 Digital Compass, Luxemburg: Publications office of the European Union.

Fleming, J., 2022. Director of Government Communications Headquarters, UK [Interview] (11 October 2022).

Gartner, 2021. The IT roadmap for digital business transformation. [Online] 

Available at: https://emtemp.gcom.cloud/ngw/globalassets/en/information-technology/documents/insights/the-gartner-it-roadmap-for-digital-buisness-transformation-excerpt.pdf

[Accessed 2022].

Johnston, H., 2021. Quantum advantage takes a giant leap in optical and superconducting systems. Physics World, Issue October.

Kenney, M. & Zysman, J., 2016. The rise of the platform economy. Issues in science and technology, 32(3).

Stackpole, B., 2022. The promise of edge computing comes down to data. [Online] 

Available at: https://mitsloan.mit.edu/ideas-made-to-matter/promise-edge-computing-comes-down-to-data [Accessed July 2022].

UN, 2022. The Impact of Digital Technologies. [Online] 

Available at: https://www.un.org/en/un75/impact-digital-technologies [Accessed July 2022].