Defense Minister Viola Amherd wants to invest up to 2.4 billion Swiss francs to make the army fit for electronic warfare. However, cyber attacks are not in the foreground.
In the future, the army should be better equipped to locate enemy radio signals or jam radar.
What role will cyber attacks play in future military conflicts? The war in Ukraine does not provide any clear answers to this big question – also because many details are not publicly known. But it is undisputed that cyber attacks and disinformation campaigns play an important role.
The overall cyber concept shows how the Swiss army intends to do this in the future. It is a 120-page report, most of which was written before the war broke out in Ukraine. The Federal Council took note of the basic document on Wednesday. The army leadership explains where the army will need to have digital capabilities in the future and where there is a need to catch up. Not an easy task given the rapid pace of technological development.
The report is clear on one point – surprisingly clear: defending against attacks in cyberspace has the highest priority. In comparison, the offensive capabilities, i.e. the possibility of carrying out cyber attacks yourself, should only be expanded moderately. This prioritization is not self-evident, because the idea that the army should get involved in the fight against cybercrime keeps popping up. In Germany, the possibility of government counter-attacks, so-called hack-backs, was recently discussed.
The Federal Council has now decided on the middle ground: the defense department should implement the most military of the three options, which is financially in the middle. This provides for investments of CHF 1.6 to 2.4 billion by around 2035. The workforce would remain unchanged. The Cyber Command would one day comprise almost 1,000 professional military personnel and 6,000 to 7,000 members of the militia. The report speaks of the “most balanced overall package” in terms of costs and technology risk.
The backbone of the army must always be functional
Self-protection is at the center of further development over the next 15 years or so. The army must also be able to independently protect its IT systems against attacks in cyberspace. That sounds obvious and banal, but in view of the complex computer science, which also includes different networked weapon systems, it is a challenge. In addition, the systems must be protected and functional at all times, including in the event of a disaster or war. This should be ensured, for example, with small, mobile data centers in the battalions.
The importance of the army’s self-protection also has to do with a second capability highlighted in the report. Put simply, this is the “digitization of the army”. It’s about the operational skills for communication and data processing, for displaying the current situation and for commanding the troops via digital channels.
The war in Ukraine shows how important a functioning data connection is. The Internet is the lifeline of the Ukrainian state, says General Alain Vuitel, who heads the project for the army’s future Cyber Command. “President Selensky needs access to the Internet in order to be able to convey his message to the outside world.” Otherwise Ukraine would be a black hole on our screens, says Vuitel in an interview with the NZZ.
Although the Kremlin’s war is mostly conventional, the trends of the 21st century are clearly visible. After a suspected Russian cyberattack on satellite communications, Ukraine now has nationwide internet access via tech entrepreneur Elon Musk’s Starlink satellite system. The connection with the world remains.
This example shows what the report calls the increasing dominance of big technology companies. In contrast to the 20th century, technological progress is no longer driven by the military but by the civilian side. The Swiss army must also take this paradigm shift into account. It must not lose touch with technological developments and must streamline its procurement process.
The shortcomings of army IT will not be fixed until 2029
In order for the army to be networked, it needs the necessary infrastructure. This includes secure communication links for transmission and data centers for processing the data. The army launched the corresponding billion-euro project Fitania almost ten years ago. After some delays, it should now be ready by 2029.
One day, the data from the sensors in a fighter jet or an armored personnel carrier will be sent to data centers, where it will be processed using modern analysis methods. The results are used to display the current situation picture, on which the command can in turn transmit its orders to the troops in the field.
The Fitania program is also intended to remedy the sometimes blatant IT deficiencies that have accumulated in the army over the past few decades due to negligence. The cyber report points this out in several places. The biggest flop was the procurement of the command system for the ground forces. The FIS Army has only functioned to a limited extent to this day.
However, the major modernization step now brings advantages for security, says Vuitel: “The fact that we are building new data centers with a uniform platform enables us to use modern technology with the appropriate protective mechanisms.”
Counterattacks are a means of defense
In the future, the army should also be better able to carry out attacks itself. Vuitel is convinced that this expansion is needed: “In order to be able to defend yourself effectively, you must also be able to take offensive action if necessary.” The legal basis for this is in place.
The focus is on expanding electromagnetic capabilities, for example the manipulation of radio or radar signals. In the future, the army should be able to carry out independent operations down to the tactical level of the troops in the field. Ideally, the combat units are, for example, able to independently reconnoiter the enemy radio in order to know the enemy’s locations and movements. Or they have transmitters on their vehicles to jam enemy radar or the controls of an enemy drone.
The capabilities for offensive cyber actions, i.e. the actual cyber attacks, have a lower priority. Several sophisticated attacks against military targets should be possible at the same time: with planning, development of the software tools and implementation. But at the tactical level of the force, no units are designed for it. Cyber attacks take too long and would be too expensive for that. This is the biggest difference in the report compared to the maximum variant, which provided the troops with extensive means for independent cyber attacks.
Information warfare is not mentioned in the report. As the example of Ukraine shows, in the event of war it can be crucial for a country to influence public perception. But because the line between propaganda and disinformation is vague, such actions are tricky in a free state. However, the Swiss army is not entirely unprepared. According to reports, the Operations Command is definitely considering this, for example the question of how untrue statements can be recognized and countered.
Secure IT infrastructure can serve other authorities
Politicians repeatedly bring the army into play as a means of defending against cyber attacks. Such attacks can have far-reaching consequences, even if criminals are behind them. That was the case a year ago in the United States, when a ransomware attack on the Colonial pipeline on the East Coast cut fuel supplies for several days.
The report is clear on this point: in order for the army to provide subsidiary aid, the resources of the civil authorities and commercial service providers must be exhausted. Even in this case, the report mentions support in the background: for example, in restoring infected systems or in the technical analysis of the incident. The report deliberately omits the possibility of soldiers taking active action against cybercriminals.
The army is of course still an important partner for the civil authorities, even when there is no war. Even in the normal situation, it can make an important contribution to protection against cyber attacks with the situation picture around the clock. The secure infrastructure for communication and data processing is also a skill that can be of great use to authorities and critical infrastructures in the country, even in times of peace.