The Role of Civilian Cybersecurity Companies in Military Cyber Operations

Abstract

Abstract The Russia-Ukraine war has clearly shown that critical infrastructures are prime targets for cyber operations in addition to the physical domain. In practice, in many cases, these critical infrastructures are protected by civilian cybersecurity companies in the context of a managed security service, so their defense operations must necessarily be coordinated with military defense activities. This includes among others the sharing of information classified under different classification systems (national, EU, NATO) between different actors in national cyber defense, the inclusion of appropriate civilian experts in the armed forces, and the usage of cutting-edge cybersecurity technologies (e.g. AI-enabled solutions) that are first introduced for civilian use, with military organizations only having access to them later or possibly not encountering them at all due to procurement difficulties. The main goal of this paper is to introduce the existing opportunities and obstacles to civilians’ involvement in military cyber operations in the areas of legislation, technology, and human resources from the European perspective. Moreover, the paper deals with the actual questions of cybersecurity intelligence sharing between civilian and military entities and the European Union’s actions in order to improve the overall cybersecurity posture of the region.