Europe's defense ministers aren’t mincing their words these days when it comes to vulnerabilities of their armies.
This frankness saw German Defense Minister Ursula von der Leyen, for instance, tell a room of 2,000 people that while it may be hard to use a missile to shoot down a Eurofighter Typhoon, Germany's combat jet of choice, "it's relatively easy to bring one down through hacking."
Cybersecurity was a dominant theme at this year's Munich Security Conference, an elite event where government, military and arms industry officials can rub shoulders. A overarching cause for concern for many European members of NATO — one that was articulated in various speeches and panel discussions — was the fact that weapons systems are all computer-based.
"Any weapon can be neutralized with comparatively little effort," said Jüri Luik, the Estonian defense minister.
But politicians aren't the only ones aware of the need to cover their digital flank. "Vulnerability to cyber attacks and interoperability of weapons systems are the main concerns we're all worried about," said John Harris, a vice president at the American military contractor Raytheon and the head of its overseas division.
The very nature of cyber attacks against military targets or other "critical infrastructure," such as electricity grids or airports, makes it unlikely for an assailant to be operating alone. The idea of a guy in his basement hacking into the Pentagon’s servers is simply illusory. This changes leaders’ calculus, Mr. Luik said, as there is "always some government, not a hacker on his couch" behind today’s most complicated cyber threats.
For a country to effectively respond to an attack, it must first be able to recognize it as such. To that end, NATO offers its soldiers and allied defense ministers the opportunity to take part in cyber defense exercises at its Center for Excellence in Estonia.
The Bundeswehr, like every army in Europe, is vulnerable. Sandro Gaycken, director, The Digital Society Institute
Politicians, Mr. Luik said, tended to underestimate just how many — and how quickly — decisions must be made in the event of a cyber attack. And even when a digital strike is fended off, measures must be taken to prevent similar ones from happening in the future. (That's where the diplomats come in, he said.)
What many older military leaders fail to appreciate fully is that it will likely be another six or seven years before the military reaches an acceptable level of cybersecurity, said Sandro Gaycken, the director of the Digital Society Institute at the European School of Management and Technology and an expert on IT security.
"The Bundeswehr, like every army in Europe, is vulnerable because it cobbled together its IT technology in a way that was far from methodical. This resulted in many security flaws," Mr. Gaycken said, using the German word for the country's armed forces. He added that Germany's defense industry was similarly lagging in terms of its IT security.
Last year, the German army, the Bundeswehr, united its 14,000 IT specialists under a common umbrella called the "Cyber and Innovation Command," led by Lieutenant General Ludwig Leinhos. At the defense ministry, Ms. von der Leyen has also set up an "innovation hub" that is headed by former investment banker and startup founder Marcel Otto Yon. Mr. Yon has been tasked with pinpointing startups whose technology could be useful for the Bundeswehr and convincing them to work with the military.
"The Bundeswehr must create space for creativity. We need the courage to try and make mistakes," Ms. von der Leyen said.
One of the top priorities of European armies is to network their weapons systems, making it easier to coordinate joint NATO missions. But first, they must strengthen their digital defenses, lest their coordination makes them even more vulnerable to attack.