An Introduction to The Cyber Path
Welcome to the Cyber Path, my monthly blog on cyber topics.
Let me begin with a welcome and a confession. I have had the good fortune during my career in the Canadian Armed Forces to be continuously employed in CAF cyber activities for the last decade working across operations and force development and including a posting as the Canadian Liaison Officer to United States Cyber Command. Throughout that time I have been greatly aided by our strong operational community and the exceptional professionals I worked with. Nevertheless I believe that I have a lot left to learn, a topic I will return to shortly. One item that became clear to me during my time in the US though was just how thin, in comparison, our military writing community is. As a group we seem to be hesitant to put our thoughts in writing, something that I know I have been personally guilty of.
That stops with this blog.
I want to start with a short explanation for why I’m going to focus on cyber operations. Military cyber operations combine the mindbogglingly fast evolution of information technologies with the emergence of apparently new forms of international activity. “Ground-breaking” cyber activities are never far from the news – the recent SolarWinds hack springs immediately to mind. Anyone in this field not actively seeking to improve their knowledge is already behind. This means that everyone needs a good dose of personal humility in the face of massive complexity and change. Such humility is particularly important for those with significant experience.
Cyber knowledge is never a destination, only ever a journey. Although that is true of knowledge generally, the complexity, degree of change, and frankly relative ‘newness’ of the domain make it particularly relevant to cyber. The same factors also imply that there is intellectual space for anyone’s contribution. Unlike some other domains where significant expertise is needed to inform the debate, for some topics in cyber even the broad outlines of the answers are not yet clear and any well thought-out ideas will be of interest. The opportunity for new perspectives to significantly influence our thinking about cyber is real. What is, to me, essential is a willingness to engage in thinking – to walk the path.
So I’ll repeat – I do not pretend to have the answers for how to address all of our challenges, as I said in the opening, I very much see my own views and perspectives evolving. That said, I do believe that as a community we are a whole lot closer to the right answers than each of us are on our own. Indeed, the idea or concept to move us forward could come from any of us, or even from outside our community. I have been profoundly influenced by others, and not always the most experienced. So, I encourage you to come join me about monthly on this journey as I look at a new idea, new perspective, new information source, or even thoughts on long held views.
As with other blogs of a similar nature, there are a few disclaimers I need to emphasize. This blog is not intended to pass along either operational or force development ‘insider knowledge’ from the Canadian Armed Forces. Others, and from time to time perhaps even me wearing a different hat, have that responsibility. Likewise matters of Branch policy and activities rightly belong to others. This blog is intended to drive a community focused professional conversation among practitioners and others with an interest. So – “what about cyber operator promotions” maybe a good question – but not one I’ll be working with here. Rather, I intend to look at questions like: How can we actually make the concept of key cyber terrain work? Should we? What could the role of a network admin be in a military defence? What are military defensive cyber operations that IT security is not? Some of these questions have been asked with various answers, others our doctrine purports to solve – but for many of them as a community we seem to remain unconvinced. For some questions the answers themselves seem to evolve and transform. I want to talk about why that is too.
To wrap up – I hope to engage in an ongoing dialogue about the things that challenge us. I will share perspectives that are incomplete, unfinished and occasionally downright wrong. I hope many of you will join me. I already have a number of topics I would love to discuss including the nature of cyber operations and paradigms we use to think about them – but please feel free to make other suggestions. What would you like to talk about?
The Cyber Path
*This blog contains errors and that’s a good thing. Don’t be afraid to make some of your own.