National security and digital security go hand in hand. A nation’s strength depends on secure access to digital technologies when malicious actors can target critical infrastructure from half a world away.
This week at the Munich Security Conference, we’re talking with government leaders about how innovative technologies can help solve these complex national security challenges. To support these conversations, we’re launching a new whitepaper, “Staying Ahead of the Shadows: Digital Resilience in the Era of AI,” which outlines how Google is partnering with defense organizations to equip democracies with the tools for a unified defense.
Recently released analysis by our Google Threat Intelligence Group has identified several critical trends that underscore the need for a unified approach to security in the defense sector. These include:
- Targeting defense tech: State-sponsored actors are targeting U.S. and European defense suppliers, with a focus on next-generation technologies like drones and other unmanned serial systems. China in particular is targeting the defense sector; running more cyber threat campaigns by volume than any other county.
- Threatening the industrial supply chain: Hackers and extortion operations increasingly threaten the manufacturing sector and its supply chain, threatening the ability to surge components where they’re needed during crises.
- Exploiting the human element: Adversaries are targeting employees through fake job portals and other manipulations of the hiring process.
- Increasing activity from China-nexus espionage groups: In the last several years, China has run more campaigns by volume than any other country or category of threat actors; and we’ve observed persistent targeting of the defense sector by China-nexus espionage groups.
A full-stack approach to resilience
Addressing modern threats requires a unified approach that protects every part of our digital world — from the physical infrastructure, like subsea cables, to the data stored in the cloud, and on the devices people use every day. Our strategy for digital resilience focuses on five critical layers:
- Infrastructure: Google’s subsea and terrestrial network spans 2 million miles, with 43 cloud regions and more than 200 points of presence, providing massive performance and security. Google’s Sovereign Cloud solutions deliver global scale and local control for public and private sector organizations of all sizes.
- Architecture: Google’s flexible data architecture helps defense and national security organizations break out of rigid data siloes. Google AI is helping the U.S. Defense Logistics Agency tap into real-time supply chain intelligence.
- Models: Gemini and other models from our world-class research research lab, Google DeepMind, are empowering governments to adopt AI on their own terms and citizens to access high-quality information and public services, even in war-torn Ukraine.
- Applications: Cloud-native applications like Google Workspace enable users to collaborate securely from anywhere with an Internet connection. The Ukrainian Government’s decision to shift official business to Workspace kept its civil servants connected online, despite threats to localized infrastructure.
- Security: We don’t just fix bugs; we believe in eliminating entire classes of threats. We’re using AI-powered security tools, such as CodeMender, and delivering guidance through the Secure AI Framework (SAIF) to give defenders a decisive advantage in cyberspace. And our investments in post-quantum cryptography (PQC) are helping our global users and customers future-proof their security.
As part of this full-stack approach, we’ve made strong commitments to enabling digital resilience via rigorous technical and legal controls. We empower customers to control access to their data, ensuring an open digital future by supporting open-source software and eliminating lock-in, and actively supporting global cybersecurity and regulatory frameworks. That includes our partnerships with S3NS (achieving the highest SecNumCloud standards focusing on stringent Sovereignty and Security controls) and our Sovereign Cloud solutions like Google Cloud Air-Gapped offerings built on industry-leading open-source components and designed to run independently from Google and from the Internet.
We are proud that Google Cloud is becoming a partner of choice for the defense community, selected by organizations like NATO’s Communication and Information Agency, the U.S. Department of War, the German Armed Forces, the UK Ministry of Defence, and Australia’s Ministry of Defence to deliver critical, secure computing and AI capabilities at the tactical edge.
To build resilience in critical infrastructure, we need effective public-private partnerships focusing on three core pillars:
- Speed is security: Modernize procurement to reduce timelines and streamline permitting for critical infrastructure.
- Integration through interoperability: Adopt open standards and shared encryption to break down data silos and mitigate vendor lock-in.
- Control without compromise: Achieve resilience through technical excellence rather than “buy local” requirements that can exclude leading innovators.
The digital frontier is where global security will be decided. Following our bold and responsible approach to innovation, we stand ready to help design the resilient and interoperable platforms to ensure democracies lead.
