Design preview · adopts the Kaharagian design system
An official training service of the State of the Kaharagians
Royal Army CollegeRoyal Army CollegeRoyal Kaharagian ArmyThe College of the Army
SIG 410 Communications Planning for Small Forces
Lesson 7 of 10SIG 410

Cyber Defence of the Force's Communications

Lesson Overview

The communications of a modern force are not only radios; they are networks, servers, devices, and software, the Team Awareness Kit server, the connected devices, the internet bearers, the accounts and certificates that tie them together, and everything that is networked can be attacked through the network. A communications planner who has secured the force against interception, jamming, and the loss of equipment has still left a door open if the systems themselves can be hacked: a compromised server, a breached account, a corrupted picture, a denial-of-service that silences the network, any of these can defeat communications that are perfectly secure on the air. This lesson is about cyber defence of the force's communications: protecting the networked systems that carry and coordinate the force's communications from attack through the network itself. It carries the digital-security discipline that the Information Systems and Cyber Security speciality teaches into the specific problem of the force's communications, which the planner must defend.

Two principles govern the lesson, and both echo the wider speciality. The first is that the Army's posture is strictly defensive: like the comsec course and the cyber-security speciality, the force concerns itself with protecting its own communications systems, not with attacking others', and this lesson is about defence alone. The second is that the network must keep working under attack, not merely be kept secret: cyber defence of communications is not only about confidentiality, keeping the enemy out of the data, but equally about integrity (the picture and the messages are true and not corrupted) and availability (the network keeps working when the force needs it, even under attack), because a communications system that is confidential but can be taken down, or whose picture can be quietly falsified, has failed the force as surely as one that is read. So cyber defence is woven into the resilience the planner already builds: as the architecture survives jamming and lost infrastructure, it must survive cyber attack, falling back to means that cannot be hacked when the networked ones are threatened.

This is the knowledge layer. It teaches you the cyber threat to a force's communications, the defensive principles, how to design communications that are defensible and resilient under cyber attack, and the planner's part in it, so that you understand how the networked communications of a force are defended. The actual hardening, monitoring, and incident response are the work of the Information Systems and Cyber Security speciality, done in person and certified there. Read this to know how the force's communications are defended in cyberspace; the technical defence is the CIS speciality's craft.

By the end you will be able to explain the cyber threat to a force's communications and the defensive posture, apply confidentiality, integrity, and availability to communications, design communications that are defensible and resilient under cyber attack, and explain the planner's role and the boundary with the cyber-security speciality.

Key Terms

  • Cyber defence: the protection of networked systems from attack through the network, applied here to the systems that carry and coordinate a force's communications.
  • Attack surface: the sum of the ways a system can be attacked, the servers, devices, accounts, software, and connections an adversary could target.
  • Confidentiality, integrity, availability (CIA): the three properties cyber defence protects, that data is kept secret, kept true, and kept available when needed.
  • Integrity (of communications): the property that messages and the common picture are true and unaltered, not corrupted or falsified by an adversary.
  • Availability: the property that the communications network keeps working when the force needs it, including under attack such as denial of service.
  • Denial of service: an attack that aims to make a system or network unavailable, overwhelming or disabling it so the force cannot use it.
  • Segmentation: the dividing of a network into parts so that a compromise of one does not spread to all, limiting the damage of an intrusion.
  • Least privilege: the principle that each account and system has only the access it needs, so a compromised one yields the attacker as little as possible.
  • Defence in depth: the layering of multiple defences so that no single failure exposes the system, the cyber form of the resilience the planner already builds.
  • Defensive posture: the principle that the Army defends its own communications and does not conduct offensive cyber operations against others.

The cyber threat and the defensive posture

A force's communications have become, in large part, a set of networked systems, and networked systems have an attack surface: the servers (the TAK server above all), the connected devices, the accounts and certificates, the software, and the internet bearers, every one of which is a thing an adversary might attack through the network rather than over the air. This is a different threat from the interception, jamming, and physical capture the earlier lessons addressed, because it attacks the systems rather than the transmissions, and it can defeat communications that are flawless on the air: a hacked server, a stolen account, a falsified picture, a network taken down, none of which the radio disciplines of the earlier lessons touch. The planner who has built secure, resilient radio communications has still left the networked systems to be defended, and defending them is this lesson's subject.

The Army's posture here is strictly defensive, exactly as the comsec course and the whole Information Systems and Cyber Security speciality insist. The Royal Kaharagian Army, a small, lawful, humanitarian force, and a Principality whose very substance is in large part digital, concerns itself with protecting its own communications systems, accounts, and data, and not with attacking anyone else's; there is no offensive cyber here, no hacking back, only the defence of what is the force's own. The planner learns the cyber threat to defend against it, as they learned the threats of jamming and interception, and the lesson is about building defensible communications, not about attacking.

The threat matters especially because of what the Army is. A non-territorial Principality organised in large part digitally depends on its networks more than a conventional force does, with more of its communications and its very functioning riding on systems that can be attacked through the network. This dependence is the digital-state context the cyber-security speciality addresses, and it means the cyber defence of the force's communications is not a peripheral concern but close to the centre of the force's security, because the network that an adversary could attack is, for this Army, a large part of how it exists and operates. The planner therefore treats the cyber defence of communications with the seriousness the force's digital nature demands.

Confidentiality, integrity, and availability

Cyber defence protects three properties of the force's communications, and naming them, confidentiality, integrity, and availability, the CIA triad of the cyber-security speciality, gives the planner the frame for defending communications against cyber attack. Each is a distinct thing an adversary might attack, and a communications system must hold all three, because failing any one fails the force.

Confidentiality is keeping the communications secret from those not entitled to them, the property the comsec course chiefly defended, now applied to the networked systems: the data on the server, the traffic over the bearers, the contents of accounts, kept from an adversary who would read them. This is the most familiar security property, but it is, importantly, not the only one, and a defence that secures confidentiality alone leaves two other doors open.

Integrity is keeping the communications true, unaltered and not falsified by an adversary, and it is as important as confidentiality and more insidious when it fails. An adversary who cannot read the force's communications might still corrupt them, altering a message, falsifying a position on the common picture, injecting a false report, so that the force acts on information that is wrong, and a force that trusts a corrupted picture may be worse off than one with no picture at all, because it acts confidently on a lie. So the planner defends the integrity of the communications, the truth of the messages and the picture, as carefully as their confidentiality, because a falsified common operating picture is a weapon turned against the force.

Availability is keeping the communications working when the force needs them, including under attack, and it is where cyber defence meets the resilience the planner already builds. An adversary might not try to read or falsify the communications at all, but simply to deny them, taking down the server, overwhelming the network, disabling the bearers, so the force cannot communicate, the cyber equivalent of jamming. A communications system that is confidential and true but can be switched off by an attacker has failed, so the planner builds for availability, that the network keeps working under attack, which connects directly to the next section's resilience. The planner defends all three, confidentiality, integrity, and availability, because the force needs its communications secret, true, and working, and an adversary may attack any of the three.

   WHAT CYBER DEFENCE PROTECTS  (the force needs all three)

   CONFIDENTIALITY   the communications kept SECRET from the unentitled
                     ......... an adversary who would READ them
   INTEGRITY         the communications kept TRUE, unaltered, not falsified
                     ......... an adversary who would CORRUPT them (a false
                               position on the picture, an injected report);
                               a trusted-but-false picture can be worse than none
   AVAILABILITY      the communications kept WORKING when needed, under attack
                     ......... an adversary who would DENY them (take down the
                               server, overwhelm the network) = cyber jamming

   Securing only confidentiality leaves two doors open. Defend all three.

Designing defensible, resilient communications

The planner defends the force's communications in cyberspace mainly by design, building systems that are defensible from the start, and the principles, drawn from the cyber-security speciality, are applied at the planning level. Defence in depth layers multiple defences so no single failure exposes the system, which is the cyber form of the resilience the planner already builds against jamming and lost infrastructure: as no single bearer failure is fatal, no single cyber compromise should be. Segmentation divides the network so that a compromise of one part does not spread to all, limiting an intrusion's damage, so the planner designs the communications system in parts rather than as one flat network where breaching anything breaches everything. Least privilege gives each account and system only the access it needs, so a compromised account or device yields the attacker as little as possible, which applies the access discipline of the cyber-security speciality to the communications systems. And the securing of the key components, the TAK server, the bearers, the accounts, and the certificates and keys that authenticate the systems, follows the device and certificate security the comsec course introduced, now at the level of the force's systems.

Crucially, the planner builds for availability under attack by extending the resilience and graceful degradation already designed into the architecture. Just as the communications plan falls back from a jammed or failed bearer to another, it must fall back from a cyber-attacked networked system to means that cannot be hacked through the network, above all the radio and voice means that depend on no server and no internet. This is the cyber dimension of the PACE plan: the networked systems, the TAK server, the internet bearers, are high-value but high-vulnerability levels, and beneath them sit the radio and voice levels that a network attack cannot reach, so that a force whose servers are taken down or whose picture is corrupted drops to clean voice and radio that no hacker can touch. The planner who has designed the architecture for graceful degradation against jamming has most of the cyber resilience already; they need only recognise that cyber attack is another way the networked layers can fail, and ensure the fallback to the un-networked means is there. Defensible by design and resilient by fallback, the force's communications can be secured against cyber attack as they are against jamming, by the same planner thinking.

The planner's role and the boundary with the speciality

A word is needed on the boundary between the communications planner and the cyber-security speciality, because cyber defence is a deep technical field of its own and the planner is not expected to be a cyber specialist. The detailed hardening of servers, the monitoring for intrusion, the technical incident response, the configuration of defences, these are the craft of the Information Systems and Cyber Security (CIS) speciality, taught in its own courses and done by its own specialists. The communications planner does not replace them; the planner's role is to design communications that are defensible, to build in the segmentation, the resilience, the fallback, and the awareness of the cyber threat, so that the CIS specialists have a defensible system to defend, and to coordinate with them so the force's communications are protected by their expertise. The planner builds defensibility into the design; the specialists provide the technical defence.

Within that boundary the planner has real responsibilities. They must understand the cyber threat well enough to design against it, treating the networked systems as an attack surface and building for confidentiality, integrity, and availability. They must design for resilience so the communications survive cyber attack by falling back to un-networked means, which is the planner's own resilience work extended. They must ensure the force is ready for incident response, so that when the communications systems are attacked, the recognise-report-contain-recover discipline (which the comsec and cyber-incident courses teach) is in place and the communications can be restored, coordinated with the CIS specialists who lead the technical response. And they must carry the defensive posture and the awareness of the force's digital dependence into the communications plan, so cyber defence is designed in rather than bolted on. The planner who does this, designing defensible, resilient communications and coordinating with the cyber specialists, ensures the force's increasingly networked communications are as defended against attack through the network as against attack over the air, which a modern force, and this digital Principality above all, cannot do without.

In Practice: Communications That Survive a Cyber Attack

A communications planner of the Royal Kaharagian Army designs communications for a task knowing that the force's networked systems, its TAK server, its devices, its internet bearers, are an attack surface as real as the airwaves. A weak planner secures the radios and assumes the networked systems will look after themselves, and the force's communications are defeated not over the air but through the network, a server taken down or a picture quietly falsified. The College's planner defends the communications in cyberspace too.

She designs for the three properties: confidentiality of the data and traffic, but equally integrity, so the common picture and messages cannot be corrupted into a confident falsehood, and availability, so the network keeps working under attack rather than being simply switched off. She builds the systems defensible by design: segmented so a compromise of one part does not spread, with least privilege so a breached account yields little, and the key components, the server, the bearers, the certificates, secured by the cyber-security disciplines. Above all she builds for availability under attack by extending her graceful degradation: the networked layers, the TAK server and internet bearers, sit high in the PACE plan, and beneath them are the radio and voice means that cannot be hacked through the network, so that if the server is taken down or the picture corrupted, the force drops to clean voice and radio no hacker can touch.

She respects the boundary: she is not a cyber specialist, so she designs communications that are defensible and coordinates with the CIS specialists who provide the technical hardening, monitoring, and incident response, ensuring they have a defensible system to defend and that the recognise-report-contain-recover discipline is ready. When, on the task, the force's TAK server is indeed attacked and degraded, the communications survive: the force drops to the un-networked voice and radio means, the CIS specialists lead the technical recovery, and coordination is never lost, because the planner designed communications that were defensible and resilient against cyber attack as against jamming. The force's communications held, over the air and through the network alike, which is what defending a modern force's communications requires.

Check Your Understanding

  1. Explain the cyber threat to a force's communications and how it differs from interception, jamming, and physical capture, and why the Army's posture is strictly defensive. Why does this matter especially to a non-territorial, digitally-organised Principality?
  2. Set out confidentiality, integrity, and availability as the three properties cyber defence protects, with an example of an attack on each, and explain why securing confidentiality alone is not enough, in particular why a corrupted (false) common picture can be worse than none.
  3. Describe how a planner designs defensible, resilient communications (defence in depth, segmentation, least privilege, securing key components, and availability under attack by fallback to un-networked means), and the boundary between the planner and the cyber-security speciality.

Reflection (write a short paragraph): This lesson argues that cyber defence is not only about keeping communications secret but equally about keeping them true and keeping them working, and that a force which trusts a corrupted common picture may be worse off than one with no picture at all. Why is the integrity attack, falsifying rather than reading, so insidious, and why might a force not even notice it? Then think about availability and the fallback to un-networked means: how is designing communications to survive a cyber attack the same kind of thinking as designing them to survive jamming, and what does that tell you about the value of always keeping a means beneath the networked one that no hacker can reach?

Summary

  • A force's communications are now largely networked systems (servers, devices, accounts, software, internet bearers) with an attack surface, and can be defeated through the network even when flawless on the air. The Army's posture is strictly defensive, protecting its own systems, which matters especially to a digitally-organised Principality that depends heavily on its networks.
  • Cyber defence protects three properties, the CIA triad: confidentiality (kept secret), integrity (kept true, not corrupted or falsified, a false picture can be worse than none), and availability (kept working under attack, against denial of service, the cyber form of jamming). Securing only confidentiality leaves two doors open.
  • The planner builds defensible, resilient communications by design: defence in depth, segmentation (a compromise does not spread), least privilege (a breach yields little), and securing the key components (server, bearers, certificates). Above all, availability under attack by extending graceful degradation, falling back from networked systems to radio and voice means that cannot be hacked through the network, the cyber dimension of the PACE plan.
  • The boundary with the CIS speciality: the planner is not a cyber specialist but designs communications that are defensible and coordinates with the CIS specialists who provide the technical hardening, monitoring, and incident response, ensuring they have a defensible system and that recognise-report-contain-recover is ready.
  • This is the knowledge layer; the technical hardening, monitoring, and incident response are the CIS speciality's craft, done in person and certified there. This lesson extends the comsec of SIG 220 and the resilience of Lesson 04 to the cyber threat, draws on the Information Systems and Cyber Security speciality, protects the common picture of Lesson 06, and is governed by the orders and SOPs of Lesson 10.

Crown Copyright © 2026 | Published by Authority of H.R.H. The Prince of Kaharagia

Lesson 7 · Knowledge Check

Question 1 of 3

What is the Army's cyber posture?