Defense industry: What if the next cybersecurity breach comes from outside your information system?

By Mohammed El Khadiri, Cybersecurity Expert at Daher

07/02/2026

At Eurosatory 2026, the world’s leading defense and security exhibition, which brought together industry leaders, armed forces, and policymakers from June 15 to 19, 2026, in Paris-Nord Villepinte, cybersecurity emerged as a cornerstone of integrated multi-domain defense.

In practical terms, the capabilities of the systems on display – whether drones, weapon systems, or other advanced platforms – depend as much on their technical performance as on the digital systems that connect, control, and protect them.

A proven model in a changing environment

The French defense industry has built a robust cybersecurity posture. Frameworks such as IGI 1300 have established strong safeguards for classified information through highly secure information systems, strict governance, and rigorous control of sensitive data.

Within this scope, the model has proven effective. However, it was designed for a relatively stable and controlled environment. Today, the landscape has evolved, and cybersecurity strategies must evolve with it.

Security is no longer limited to the internal information system. A vulnerability at a supplier can become a vulnerability across an entire defense program. Security now extends to an ecosystem that includes Tier 1, Tier 2, and Tier 3 suppliers, specialized subcontractors, technology partners, cloud platforms, and artificial intelligence components. The boundaries of the information system have expanded – and so has the scope of responsibility.

Ukraine, AI, and quantum computing: a rapidly evolving risk landscape

The conflict in Ukraine has highlighted a new challenge for both military operations and defense manufacturers: producing low-cost drones at scale, accelerating innovation cycles, and relying increasingly on civilian technologies.

These developments are reshaping the way information security is approached.

Inside a drone manufacturing facility in Ukraine (Source: Sky News)

At the same time, cyber threats are evolving at an unprecedented pace.

Artificial intelligence is accelerating attacks and making them more adaptive. Yet AI is also becoming a powerful defensive tool, helping organizations detect anomalies, analyze threats, and speed up incident response.

The time between the discovery of a vulnerability and its exploitation has shrunk dramatically. The ability to respond quickly is becoming just as important as the level of protection itself.

From Vulnerability Disclosure to Exploitation (Source: zerodayclock.com) The #ZeroDayClock graph speaks for itself. In 2018, it took an average of 2.3 years after disclosure for a vulnerability to be actively exploited. By 2026, that delay had fallen to just one day.

Technological dependencies – components, software, and platforms – are also becoming a growing factor in discussions around industrial sovereignty.

Finally, the emergence of quantum computing is already raising questions about the long-term resilience of encryption mechanisms, requiring organizations to anticipate architectural changes today.

These transformations do not invalidate existing foundations. Rather, they require those foundations to evolve in order to remain effective against threats that are faster, more distributed, and more complex.

Balancing multiple objectives requires trade-offs

Defense manufacturers now operate in an environment where requirements continue to multiply:

  • Protect critical data, including industrial secrets, intellectual property, and program information.
  • Develop international collaborations with partners, customers, and allies operating under different regulatory frameworks.
  • Accelerate innovation through AI, data, and cloud technologies in a rapidly evolving technological landscape.
  • Preserve operational sovereignty over strategic assets.

At first glance, these objectives may appear contradictory. In reality, they require trade-offs that directly affect our ability to secure and modernize industrial capabilities. It is neither necessary nor realistic to protect everything in the same way. Organizations must be able to define confidentiality requirements, assess risk appropriately, and adapt security measures accordingly.

Five levers for cybersecurity that matches today’s challenges

Against this backdrop, several key priorities are emerging.

  1. Establish clear and effective governance

Only a well-structured governance framework enables organizations to align and guide decision-making across the enterprise. It transforms cybersecurity from a purely technical topic into a strategic risk-management capability.

  1. Move from periodic control to continuous monitoring

Periodic security audits remain essential, but they are no longer sufficient in an environment where threats evolve continuously. Real-time detection, shorter response times, and rapid adaptation have become hallmarks of cyber maturity. This is also one of the areas where AI is already delivering some of its most tangible benefits.

  1. Strengthen segmentation and control data flows between environments

Although this topic deserves an article of its own, segmenting environments according to their level of sensitivity is now an absolute necessity.

The challenge is to manage exchanges between classified environments, industrial operations, partners, and innovation ecosystems without creating excessive barriers that slow down operations. Finding the right balance between security and efficiency is becoming a critical challenge for defense manufacturers.

  1. Define a pragmatic approach to sovereignty based on critical assets

For an international industrial group, digital sovereignty is not a binary concept. It must be built both locally, for specific needs, and globally, around strategic capabilities. It should also enable organizations to adapt their technological dependencies whenever necessary.

Sovereignty is not a fixed state – it is a dynamic process. And that is precisely what makes it operational.

  1. Raise the cybersecurity maturity of the supply chain

Supporting the cybersecurity maturity of the entire industrial ecosystem has become imperative. A vulnerability at a supplier can now jeopardize an entire program.

This requires greater sharing of threat intelligence, harmonized standards, the development of shared capabilities (such as Security Operations Centers, common frameworks, and training programs), and the integration of cybersecurity from the earliest stages of project design.

In defense, cybersecurity is no longer simply a matter of individual performance. It has become a collective challenge involving culture, resilience, and sovereignty.

Finding the right balance between security and operational efficiency is becoming a defining challenge for the defense industry.

Cybersecurity as a driver of value creation

The defense industry already benefits from strong foundations: a culture of excellence, robust standards, and experienced teams that have built a high level of protection over time. However, in an environment shaped by accelerating threats and increasing system interconnectivity, we must go further.

The next step is adaptation: the ability to absorb technological disruption and evolve our corporate culture to meet tomorrow’s challenges.

At Daher, this conviction guides our approach. Today, cybersecurity is as much a performance enabler as it is a protection imperative. Going forward, the differentiator will not simply be the level of security achieved, but the ability to continuously adapt operations in order to combine performance, security, and agility.

EyePulse, Daher’s MALE (Medium-Altitude Long-Endurance) drone demonstrator