In a year in which National Defense has been the target of at least two serious cyber-attacks – one of which was discovered by US authorities exfiltrating secret NATO documents and posting them on the Dark Web – the Secretary of State for Helena Carreiras, was unable to see the planned budget implemented to strengthen the capacity and qualification of human resources for the Cyberdefense Centerwhich must defend all computer networks of the armed forces and the ministry.
In August 2022the Ministry of National Defense (MDN) authorized an expenditure of 11.5 million euros (+VAT) until 2030 to contracting training and consultancy services sufficient to ensure the qualification of the human resources allocated to national cyber defense”.
It would be the first step on the way training of military personnel in the field of cyber defensea measure that Helena Carreiras considered in this post “imperative” to ensure “the qualification of human resources allocated to national cyber defense, ensuring the capacity to conduct the full spectrum of military operations in and through cyberspace of national importance, ensuring its defense and national sovereignty is protected”.
For last year, 1.65 million euros was provided, but the plan did not progress, despite the governor’s priority. During a parliamentary hearing last October, Helena Carreiras emphasized that “the cybersecurity of any organization and its ability to act depends primarily on its human resources”, as “it is of utmost importance (…) to streamline training tools that are essential for qualification”.
It is recalled that, as reported by Expresso and the portfolio holder will have confirmed at this hearing, according to the same newspaper, the Cyberdefense Center is not meeting the needs in qualitative and quantitative terms: at that time about 40 military personnel were deployed, while that year there should have been 90, with the aim of reaching 250 in 2026.
O process for hiring a specialized company in cyber defense training started in early 2020 and it has been finalizing it for several months, by direct agreement, justified by the urgency and taking into account the sensitive issue at hand.
According to sources who have followed the process, an Israeli company certified by the state’s top cybersecurity agency has already been contacted.
However, according to information already published by DN, a tender was also later decided in October “preliminary consultation” to three companies, identifying Israeli, US and Singaporean companies.
In parliament, Helena Carreiras was confronted with this delay, but she did not respond to the PSD deputy who questioned her, nor to the DN.
Contract procedure still pending
Five months passed and asked the Defense Secretary’s office again about the status of the “Cyberdefense School,” the spokesman said now refers to the General Staff of the Armed Forces (EMGFA).
For its part, the EMGFA, now commanded by General Nunes Fonsecaconfirms that “hiring of specialist training and consultancy services in the field of cyber defense and operations in cyberspace started in October” with the “pre-contractual procedures”.
However, it also points out that no decision has yet been taken on the contractual procedure. “This is an acquisition process involving classified material of high technical complexity, that’s how it is the definition of the contractual procedure to be followed is currently being analysed”.
About the value of 1.65 million expected to be implemented in 2022says the spokesman for the Chief of Staff of the Armed Forces that “it is an investment that must be supported under the military programming law, the same was moved to the following yearswhile maintaining the time horizon defined for building this capacity”.
Added to this delay is anotherwhich equally concerns everyone working in this field, whose “priority” has grown even more with the current geopolitical context – the Russian invasion of Ukraine, with Moscow also taking revenge in cyberspace against NATO allies, and the technological “war” between the United States and China.
New ones were planned facilities for this “Cyberschool”, with an extension of the current National Cyber Defense Center, located in the EMGFA and MDN buildings, first in an outdoor space of the Armed Forces, and later at the current location (but then in the area of the Military Judiciary). Although, even the engineering project has not yet been completed, which also requires a tender.
clear that the mobilization of resources for this project is not in line with the assumed priority by the highest officials.
Also the former CEMGFA, Admiral Silva Ribeiro, wrote in a document in June 2022, in his “Strategic Vision for the Portuguese Armed Forces”believed that “it is essential to execute the Cyberdefense Operations Command so that it can, under the coordinating authority of the Joint Command for Military Operations, conduct operations in and through cyberspace, in support of military objectives, while respecting freedom of action guaranteed of the armed forces in this area”.
For this the Admiral has already pointed out, “there is an urgent need to build the School of Cyberdefense, an innovative project whose aim is to consolidate a solution for the future, sustainable, able to respond to the problem of scarcity of qualified personnel”.
Don’t forget that in 2021, budget execution for cyber defense, under LPM, was only 27%. By 2030, it is expected to spend about 45.5 million (nearly 3.8 million a year that should have been spent since 2019), a value that will rise to more than this week in the revision of this diploma proposed by the government than 70 million, for the period between 2023 and 2034 (annual average of 5.8 million).
In 2020, a report from DN at the Cyberdefense Center made in 2015 stated that the team would have 10 times more “cyber soldiers” by 2023.
Source: DN
