Your SIEM Can’t Defend a Country. Neither Can a Drone
Modern defense is converging on a problem cybersecurity worked out a decade ago: when the threat is distributed and concurrent, the individual asset stops being the thing that matters. The coordination layer is the system — and the people who know how to build resilient distributed systems under attack are, mostly, already working in tech.
Disclosure: The author is a co-founder of DK NEJET, a Ukrainian-Latvian defense-technology group. The arguments below draw on that operational vantage point and are offered as analysis. No product is being sold here.
If you run security for distributed infrastructure, you already hold the mental model for modern defense — you just apply it to different nouns. Dozens of endpoints become dozens of autonomous drones. Contested communication channels become active electronic-warfare environments. An adversary knocking nodes offline faster than you can respond is, well, an adversary knocking nodes offline faster than you can respond. The job is identical across both worlds: not to make any single node invincible, but to keep the system coherent as you start losing nodes.
That convergence was the through-line at Drone Summit Riga 2026, and it is worth the attention of people who have never read a defense-procurement document in their lives. The hard problems in this field are now the ones the software industry already understands best.
The single-asset problem
There is a failure pattern common to cybersecurity and physical defense: architectures built around individual-unit excellence collapse the moment threats become distributed and concurrent. In cyber, organizations learned that a best-in-class firewall, a best-in-class endpoint agent, and a best-in-class SIEM — none of them talking to each other — still lose to an attack that chains weaknesses faster than any analyst can triage. The tools were never the problem. The missing coordination layer was.
Physical defense is hitting the same wall. A single advanced interceptor can be in exactly one place at one time. A swarm of cheap threats defeats it through concurrency, not firepower.
A swarm of drones costing $20,000–30,000 can blind a corvette worth several hundred million and take it out of the fight. The doctrine has changed. Ukraine and russia have both adapted. Europe largely hasn’t. —
Co-founder DK NEJET GROUP - CSO / Head of Norway Division
Alberts Spila
It is the DDoS lesson rendered in aluminum and explosives: volume and distribution beat point strength. An internet defender internalized that years ago. The defense-procurement pipeline is still catching up to it.
Coordination is the actual product
The interesting engineering in defense right now is not making a platform faster or a warhead heavier. It is building the layer that makes many platforms behave as one. A single operator sets an objective; the software handles task allocation, real-time repositioning, shared situational awareness, and mission coherence as individual units drop off the network. The operator commands. They do not pilot.
If you have run a Kubernetes control plane or a SOAR pipeline — anything that orchestrates distributed, semi-autonomous processes toward a declared end state — you are already in the right frame. The differences live in the constraints, not the concepts. The reconciliation loop here does not restart a failed pod; it re-tasks an asset under fire. And the feedback loop is not an A/B test. It is combat deployment, which is both why iteration is fast and why the failure modes are unforgiving.
EW is an adversarial network
Electronic warfare is the part that should interest security engineers most, because it is a control-plane attack. This is not packet loss from a bad cable. It is an adversary deliberately jamming, spoofing, and severing your links in real time, then adapting as you adapt — a live, intelligent attacker sitting directly on your command channel.
The architectural response is the one resilient distributed systems already use: assume the channel fails, and design for graceful degradation. Push decision-making to the edge so an asset can hold its last-known objective when the coordination layer goes dark, then rejoin the swarm when comms return. The pattern that matters is local autonomy with eventual reconciliation. A terminal-guidance capability that can lock a target and complete an engagement after total loss of the operator link is simply that principle taken to its logical end. You do not engineer for the clean network. You engineer for the network the adversary is actively trying to take away from you.
Human-in-the-loop, not human-in-the-way
The operating model emerging in advanced autonomous systems mirrors where mature security operations are already heading: the human is a commander, not a button-pusher. They set objectives, define constraints, and intervene on edge cases; the automation executes at machine speed inside those bounds.
In a swarm, the operator doesn’t think about flying — they think about the mission. We remove the piloting. We give them the outcome. — CTO, DK NEJET
Anyone who has watched a SOC move from manual triage to policy-driven automation recognizes the trajectory: keep the human where judgment is irreplaceable, remove them where human latency is a liability. This is also where the ethical and reliability questions concentrate — and a control plane wired to lethal effectors is precisely the kind of system that should be argued over in the open, not buried in a spec sheet.
Sovereign software is a supply-chain problem
Here is the part that maps one-to-one onto a debate cybersecurity has been having for years. A defense capability built on someone else’s software, updated on someone else’s release schedule, and maintained under someone else’s contract is not a sovereign capability. It is a dependency — and in security terms, a dependency you cannot inspect or control is an attack surface.
The European industrial base for sovereign, software-native autonomous systems is thin. Intra-European procurement for this category remains minimal; one large country recently ran a major tender and selected two or three suppliers for the entire nation. Whether the rest of the ecosystem survives is genuinely unresolved, and it is a security question as much as an economic one. The same supply-chain reasoning the cyber world applies to dependencies and SBOMs applies, at higher stakes, to the code that flies the interceptor.
The short version
Strip away the hardware and the headlines, and modern defense is a distributed-systems problem under adversarial conditions: resilience, graceful degradation, edge autonomy, control-plane integrity, supply-chain trust. These are not defense problems that the software industry happens to touch. They are software problems that now happen to wear armor — and a meaningful share of the expertise to solve them is already sitting in tech. Some of it is going to be needed here.
Interested? Get in touch.
We are happy to discuss partnership opportunities, media inquiries, and procurement conversations.
Co-founder DK NEJET GROUP - CSO / Head of Norway Division
Email: [email protected]
DK NEJET is a Ukrainian-Latvian defense technology group specializing in autonomous operations platforms, swarm intelligence systems, and coordinated multi-asset architectures. Its products carry NATO codification and have been approved and implemented by three national ministries of defense.