Project information
Project title: Comprehensive analysis and strategy for increasing resilience to cyber risks in the Slovenian Armed Forces’ ICT and weapon systems
Project acronym: CRP-MORS
Financial Schema: ARRS-CRP-2023
Funded by: (1) ARRS – Slovenian Research Agency, (2) MoDRS – Ministry of Defence of the Republic of Slovenia
Project Number: V2-2379
Project Timeline: 1. 10. 2023 – 30. 9. 2024
Project Budget: 90.000,00 €
Project Budget for UM FERI: 33.024,76 €
Project Coordinator at UM FERI: izr. prof. dr. Marko Hölbl
Participating Organizations
- University of Maribor, Faculty of Electrical Engineering and Computer Science (UM FERI)
- University of Ljubljana, Faculty of Electrical Engineering (UL FE)
- CREAPLUS, Inc.
Researchers
- MSc Primož Brajnik
- PhD Marko Hölbl
- PhD Marko Kompara
- Anže Schwarzmann
- PhD Urban Sedlar
- Nejc Sušin
- PhD Mojca Volk
- PhD Tatjana Welzer Družovec
Project Abstract
In today’s interconnected world, communication, information, and weapon systems in the military sector have become critical to maintaining operational readiness and national security. Armed forces depend heavily on these systems for effective command and control, information sharing and strategic decision-making. However, due to the increasing integration of digital technologies, these systems are also exposed to a number of cyber risks, such as unauthorised access, data intrusion, malware attacks and denial of service incidents, which pose a major challenge for the defence sector in general and the Slovenian Armed Forces in particular.
As the threat environment evolves, cyber-attack risks are constantly increasing in complexity and sophistication. Adversaries, ranging from cybercriminals to state-protected actors, are constantly developing new techniques to exploit vulnerabilities and hack into critical systems. The potential consequences of successful cyber-attacks on military systems are severe, including disruption of operations, theft or compromise of sensitive data and even threats to national security. Therefore, conducting a comprehensive cyber risk analysis of the SAF’s communication, information and weapon systems is essential to identify vulnerabilities and propose measures to increase their resilience.
A targeted and multidisciplinary approach is needed to address these challenges. The main objectives of this project are to develop a comprehensive methodology, to inventory Slovenian military systems potentially exposed to cyber risks, and to assess the level of exposure to cyber risks. Based on established cybersecurity frameworks, the methodology will define the steps, tools, and techniques for risk assessment. The inventory of systems will identify the key components, networks, and systems that are most at risk. The risk assessment will consider vulnerabilities, potential attack vectors, and existing security controls to prioritize risks and focus on critical areas for mitigation.
The key to managing cyber risks is to take advantage of best cyber security practices, state-of-the-art technology and expertise from the military, technological and political domains. In addition, it is important to follow the standards and recommendations of international organisations such as NATO, as Slovenia as a member, follows their guidelines.
The challenge of ensuring cyber security is complex and requires constant adaptation. However, with a comprehensive understanding of the risks, robust assessment procedures and effective risk management strategies, the Slovenian Armed Forces can significantly increase its cyber resilience. Proposed project represents an important step forward, as it will enable the creation of a comprehensive picture of cyber risks, the development of strategies to manage them and the establishment of a continuous risk assessment process. The ultimate goal is to protect the SAF’s communication, information and weapon systems against cyber threats and ensure operational readiness in a changing cyber environment. By working diligently in this area, the Slovenian Armed Forces will contribute to the broader objectives of national and collective security in an era when cyber threats are a pressing reality.
Work Programme
A1.1: Preparation of the system description methodology.
A1.2: Preparation of risk assessment methodology
R1: Methodology report (M5)
Work Package 2: Repository and Risk Assessment (M3 – M7)
A2.1: Specification of cyber risk scenarios
A2.2: Identification and repository of systems and subsystems
A2.3: Risk assessment
A2.4: Mission criticality analyses of identified risks
R2: Inventory of SAF systems and subsystems with risk assessment report (M7)
Work Package 3: Recommendations to address and manage cyber risks (M7 – M12)
A3.1: Recommendations for the technical and organisational management of cyber risks
A3.2: Dynamic cyber risk assessment processes
R3: Recommendations for managing and establishing dynamic cyber risk assessment processes (M12)
DP UV: PROJECT MANAGEMENT AND GOVERNANCE (M1 – M12)