Conflict in the digital age requires a digital army

The views expressed here are those of the Head of Military and Law Enforcement at SANS Institute.

The British Army, a world class Army filled with highly trained soldiers, faces significant cyber threats from hostile nation-state actors and politically motivated groups. These threats aim to disrupt operations, steal sensitive information, and compromise national security. To address these evolving challenges, the British Army sought a robust solution to enhance its cybersecurity skills and capabilities and turned to the SANS Institute.

As one of the largest employers in the UK, the British Army is an attractive target for cyber adversaries due to its extensive networks, data repositories and the nature of the organisation itself. The modernisation and increasing complexity of military technology add another layer of risk. Soldiers must now be more technologically adept, understanding and using software systems that are increasingly interconnected and, thus, more vulnerable to cyber threats. “Other nations, particularly NATO allies, face similar challenges”, says Sharif Gardner, former Royal Marines Commando and now working at SANS Institute as the Head of Defence, Military and Law Enforcement, UK, Ireland & Nordics. “All NATO partners are rapidly increasing their technology stacks and, in some capacity or another, engaging in digital warfare, which introduces multi-layered cybersecurity threats that require robust defensive measures.” This shift necessitates ongoing and advanced training to develop skilled cybersecurity professionals within the Army. “The traditional modes of warfare are giving way to cyber warfare, requiring soldiers to be proficient in new technologies and cyber defence tactics.”

Cyber defence transformation

When the British Army first engaged with SANS, they were seeking a comprehensive solution to develop and enhance their cyber defence capabilities. Their goal was to create skilled cyber defence analysts and Security Operations Centre analysts who could effectively protect their networks and respond to cyber threats. The Army had already been working with SANS in some capacity, but they wanted to formalise this relationship into a structured programme. The turning point for this change was driven by the in-service training pipeline taking 18 months to deliver and they needed to respond quickly to ensure trained operators were in place to effectively deal with cyber incidents.

Streamlined cyber training

The military aimed to formalise and structure their cyber training programmes into a coherent, scalable framework that could provide long-term benefits and support large-scale organisational transformation. The existing training processes were slow, taking up to 18 months to produce skilled operators, so they needed a faster, more efficient training solution. “SANS was able to reduce this training period to around 13 weeks by leveraging our extensive experience and ready-made courses”, Gardner explains. Moreover, the British Army required practical, hands-on training content that could provide immediate and applicable skills. “Our training methodology aligns well with military training styles”, Gardner outlines. “We incorporated a rigorous, progressive learning pathway that mirrored the military’s approach to long-term skill development. This alignment made it easier for military personnel to adapt and excel in the programme.”

Adaptive cyber training

Gardner explains how SANS took the time to understand the unique challenges faced by the British Army and adapted their training programmes accordingly. “Additionally, we provided a structured and coherent training framework that supports their long-term organisational goals that replaces the previous ad-hoc methods, ensuring a more consistent and scalable development of cyber defence skills within the Army.” In addition to the training courses, the British Army utilises several other products and resources from SANS. NetWars Continuous is an interactive online platform that offers capture-the-flag (CTF) challenges, providing continuous learning opportunities and allowing participants to practice and refine their cybersecurity skills in a dynamic and engaging environment. At the end of their training, participants engage in a NetWars Tournament. “In this competitive event, they can pit their skills against each other, fostering both individual skill development and team collaboration”, Gardner explains. For officers and mid-level managers, SANS is working with the army to develop pathways that tackle best practices in security leadership, cyber strategy and policy, and security culture to enable the organisation to recognise and respond to cyber threats at every level.

Rapid cyber improvement

Since introducing the SANS training programme, the British Army has seen several significant improvements in its cyber defence capabilities. Firstly, skilled cyber defence professionals have rapidly developed, reducing the time needed to train effective cyber operators from 18 months to just 13 weeks. This accelerated training has enabled the Army to quickly scale up its cyber defence workforce, enhancing its readiness to respond to cyber threats. The quality of training has also seen a marked improvement. The practical, hands-on nature of the SANS courses has ensured that participants gain immediately applicable skills, making them more effective in their roles. Gardner: "The first cohort we trained had some of the best scores of any academy across Europe. The people we worked with showed typical British military tenacity and produced some of the best results we've seen."

Future cyber strategy

According to Gardner, the British Army can further enhance its cybersecurity capabilities by focusing on effective career management and retaining its cyber defence personnel. “This involves implementing strategies to keep individuals engaged and motivated, ensuring they have clear career paths, continuous professional development opportunities, and challenging and fulfilling roles. Fostering a sense of higher purpose among cyber defence personnel is crucial, as most individuals join the military to be part of something special.” Additionally, he stresses that the Army should continue to look ahead and plan for the future, addressing current needs while anticipating future challenges and scaling their capabilities accordingly. “Investing in long-term initiatives and upskilling will help them remain at the forefront of cyber defence”, says Gardner. “As the Army modernises and integrates more advanced technologies, they need to enhance their cybersecurity measures continuously, updating and upgrading their technological infrastructure to stay ahead of our adversaries and potential threats.”

Scalable NATO solution

Gardner emphasises that the SANS programme's success with the British Army demonstrates its potential for repeatability across NATO partners – of which they partner with many. “The structured, scalable and practical approach to cyber training can be adapted to meet the needs of other military organisations within the alliance, as they all face similar threats and digital challenges,” he says. In an era where conflicts are increasingly fought in the digital realm, Gardner underscores the necessity for a digital army capable of relentlessly outcompeting adversaries. He highlights that such an army must seamlessly integrate advanced technologies and foster robust cybersecurity cultures. “This transformation is not merely about adopting new technologies but also about cultivating an agile and resilient force prepared to address the dynamic challenges of modern warfare. By leveraging programmes like those offered by SANS, NATO allies can build and maintain the cyber capabilities required to protect their national security interests in the digital age.”

The UK Ministry of Defence MoD

The UK MoD, encompassing the British Army, Royal Navy, Royal Marines and Royal Air Force, is dedicated to the defence of the United Kingdom and its interests worldwide. With a rich history of service and an unwavering commitment to excellence, the UK MoD operates across land, sea, air, space and cyber to ensure national security, support global peacekeeping efforts, and respond to humanitarian crises. The UK MoD continues to innovate and adapt in the modern era, integrating advanced technologies and comprehensive cyber defence strategies to address emerging threats. Through rigorous training, strategic partnerships, and a focus on resilience and readiness, the UK MoD stands as a formidable force, upholding the values of courage, discipline, and integrity in service to the nation and its allies.

SANS Institute

Launched in 1989 as a cooperative for information security thought leadership, SANS’ ongoing mission is to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place. We fuel this effort with high-quality training, certifications, scholarship academies, degree programmes, cyber ranges, and resources to meet the needs of every cyber professional. Our data, research, and the top minds in cybersecurity collectively ensure that individuals and organisations have the actionable education and support they need.

SANS learning pathways for the British Army

SANS built a comprehensive training programme for the British Army designed to enhance their cyber defence capabilities through a structured and scalable framework. The programme begins with the SEC 275 course, which covers computer technology fundamentals, providing participants with a solid understanding of how computers and networks function. Following this, participants move on to the SEC 401 course, focusing on security essentials and covering core concepts related to network, endpoint, and cloud security. The training then advances to more specialised courses such as SEC 450, which focuses on blue team fundamentals and prepares participants to operate within a Security Operations Centre (SOC). The SEC 504 course teaches participants about hacker tools, techniques, exploits, and incident handling, helping them develop effective defence strategies and manage security incidents.

The views expressed here are those of the Head of Military and Law Enforcement at SANS Institute.