The Internet of Military Things (IoMT), synonymous with the Military Internet of Things (MIoT) or Battlespace Internet of Things (BIoT), is a militarised extension of the Internet of Things (IoT) and describes the employment of a network of devices connected via the internet, and the actors operating within it.
Currently, the IoMT most commonly utilises a multitude of sensors, deployed across various domains, to achieve full situational awareness and control within complex and diverse conflict zones. Already, several advanced military forces – including the Australian Defence Force (ADF) – have invested in command and control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) infrastructure and systems in order to collect, analyse, and disseminate information.
These programs seek to deploy their network of sensors and relays within the battlespace to provide real-time situational awareness in minute detail, enable robust communications networks, and disaggregate C4ISR assets. This disaggregation would make devices virtually a non-target, denying the enemy a centralised node – or single point of failure – to neutralise.
In addition to this, there are a multitude of benefits which make the IoT attractive to the military; however, risks to overall security of the communication systems and networks must be considered.
Given the nature of the IoMT, there is much scope for the development of additional capabilities in the future through the integration of sensors, robots, munitions, wearable devices, vehicles, and weapons. For example, with current and applicable technology, weapon magazines could easily be made “smart”, allowing them to track and report ammunition states directly for the automated generation of logistical requests.
Wearable devices placed on the soldier could aid in human performance and management on the battlefield, and even allow for more accurate triage and improved medical treatment if required. These wearable devices could include sensors which augment the traditional Battle Management Systems (BMS) by collecting more accurate data on individual troop movements and the surrounding environment.
Similar sensors could be remotely deployed from an uncrewed aerial vehicle (UAV) to allow for the remote exploitation of sites – generating a detailed and manipulable three-dimensional model that could be explored and preserved by offsite intelligence analysts. The opportunities are only limited by the imagination and innovation of the creators.
The continued development of the IoMT is heavily debated due to the introduced risks to military communication systems and networks – especially when weighed against the potential advantages. Many believe that the IoMT would greatly increase the efficiency of the “observe, orient, decide, act” (OODA) loop, making it an invaluable tool through increased information collection, ease of communication between nodes, and supported decision-making. However, of utmost concern to a military employing an IoT capability is the potential for its communication systems and networks to be rendered ineffective – particularly the loss of control of communication systems or loss of data from a system through various hacking techniques.
This article seeks to identify some of the potential risks, and methods for mitigation them, to military communication systems and network security if the IoMT is widely employed. Specifically, this article will identify some of the risks posed by external and internal actors, and how these may jeopardise communication systems and networks. Finally, it will explore the potential risks posed by failing to develop the ADF IoMT.
The security surrounding the development and expansion of the IoMT presents a critical obstacle, especially with the rise of cyber and electronic warfare. It is a common thought that increased reliance and employment of smart devices within a network that includes communications would increase security risks to those military communications systems and networks.
This is reasonable, as it is known that breaches in cyber security can occur at multiple levels, including device, network, application, storage, and data levels. Specifically, the IoMT presents a large attack surface consisting of the IoMT devices, the communication channels between those devices, the back-end system and IoMT-specific back-end applications, and finally back-end data storage.
Given this, enhancing the security of the IoMT will likely be a complex challenge due to the subsequent increase in possible attack vectors. However, there are similarly a multitude of methods for identifying and monitoring risks, in addition to protective measures.
Physical Attack Vectors. A basic risk inherent to the deployment of the IoMT and its devices includes the increased likelihood of physical access an attacker may have due to the quantity of devices introduced into the battlespace – therefore physical integrity may not be guaranteed. Beyond presenting an opportunity for physical destruction of the device itself, physical access can sometime increase the ease with which it can be exploited, depending on the device.
Cyber Attack Vectors. The foremost risk inherent to the deployment of the IoMT is the security from cyber-attacks of devices, channels of communication, and back-end applications and storage. According to the Australian Cyber Security Centre, common attack vectors include ransomware, phishing, brute force, distributed denial of service (DDoS), compromised credentials, trojans, SQL injections, session hijacking, and man-in-the-middle attacks.
These electromagnetic attack vectors are often associated with the term “hacking”, which encompasses an array of different actors, methods, and outcomes. Specifically, this is a major concern surrounding the IoMT, which may risk ceding critical information or potentially the control of a system if exploited.
Risk Mitigation. Reports by the ACSC describe methods for reducing vulnerability to both physical and electromagnetic attack vectors such as:
- Remote-wiping capable devices.
- Private data storage.
- Network structuring.
- Investing in software engineering, quantum computing, machine intelligence.
Despite the increase in attack surface presented by the IoMT and the subsequent increase in potential attack vectors, there are a multitude of methods for risk mitigation. An IoMT could be made more secure by ensuring the maintenance of current data encryption to ensure transmission security, and tamper-proofing measures could be utilised such as remote or automatic wipe capabilities. However, beyond the security of the IoMT from external actors, it is also critical to consider the potential risk posed by internal actors.
Internal Threats. According to a study conducted by IBM and the Cyber Security Intelligence Index, cyber security breaches are most often caused by human error. Given the rise in grey zone activity, specifically electronic and cyber warfare, the education of users surrounding safety and secure employment of communication systems and networks is paramount.
With regard to the IoMT and the significant threat posed via electromagnetic attack vectors, particularly hacking, there are a range of actions which can be taken/trained in personnel to reduce system susceptibility and threat accessibility. Common insider actions – or inaction – which increase system vulnerability can include failure to utilise a robust password, downloading a malware-infected attachment from an email, or connecting unsafe devices to work computers. These may not seem too detrimental to the user at the time but can in fact range from minor to catastrophic – and all caused by insider actions.
Risk of Inaction
Finally, an important concept to be explored is the significant risk presented in failing to take further action in developing the ADF’s IoMT. Despite the likely security risks involved in adopting the IoMT, the benefits of developing such a capability are likely far more numerous and significant.
To understand this, first one must fully comprehend the changes in regional, domestic, and global operating environments – detailed at length in the Army’s Accelerated Warfare document – and the character of warfare itself (think domains and ranges).
The Accelerated Warfare statement notes that many of our concepts, processes, capabilities, and structures were not designed to adapt at a rate which allows us to remain adept at responding to threats. This forces the ADF to consider the establishment of a competitive advantage which incorporates evolved technology, robotics and autonomous systems, and the leverage of information and data. The key to success will lie in swift communications allowing for command and control, superior decision-making, and an informational advantage.
Key Benefits of the IoMT:
- Augment existing communications systems and network – more nodes, increases speed “real time”.
- Greatly increase information advantage.
- Opportunity to construct an integrated system which lends to decision-making using artificial intelligence (AI) and machine learning (ML).
This does not even touch the surface on the employability as training aids, health monitoring and care, and medical improvements.
By exploring both the risks and benefits of this capability, it is clear that the development and eventual deployment of such a capability is likely inevitable. Given the ability of an advanced military to mitigate much of the risks, as well as their subsequent ability to exploit the benefits, the IoMT is considered a necessary advancement in military communication systems and networks.
The security surrounding the development and expansion of the IoMT presents a critical obstacle, especially with the rise of cyber and electronic warfare – particularly hacking attacks. Insecurity in communications systems or a network can also be caused by user errors or lack of education.
Despite these not-insignificant risks, there are a multitude of existing methods of mitigation, and it is highly likely that the benefit of employing the IoMT far outweighs the risks it incurs. Consideration of these points is critical due to the decision many advanced militaries now face. Basic forms of the IoMT are in existence already, and with advances in technology it is likely its development will continue almost without limit. Ultimately, the question of whether advanced militaries should continue to pursue this capability has passed its time and found its final iteration in how to construct and operate it securely.