Welcome to the first full Cyber Path Blog.
As previously mentioned my goal will be to examine new ideas, sources of information, concepts and elements of the cyber domain that I believe warrant thinking about. Today I’ll discuss a paper by our community’s very own LCol Eric Jodoin, one of our most accomplished cyber thinkers. His paper is an outstanding example of exactly what I think we need more of, and frankly what I began this blog to encourage. Under the provocative title “The C&E Branch is Dead. Long live the Cyber Branch” he unpacks one of the most daunting challenges we currently face – how to better understand the integration of network service delivery and the execution of cyber operations. His framework – essentially leaning into the domain construct for cyber operations – re-imagines network service delivery as ‘cyber lift,’ drawing a powerful analogy between airlift in the air domain and cyber lift in the cyber domain.
Using this novel analogy he pulls apart airlift operations – drawing parallels to the cyber domain – to not only highlight a key source of tension but also illuminate potential mitigations. He highlights three key activities to providing military lift, be it sea, air or cyber including: building a ‘lift’ capability, addressing ‘environmental’ risks in the domain, and finally mustering the military capabilities to maintain freedom of manoeuvre in the face of enemy action. The first two of these are also true for commercial versions of lift – air and sea and our current IT service delivery. He notes that to integrate the last element in cyber – maintaining freedom of action in the face of enemy action – we have largely turned to specialists at the Canadian Forces Network Operations Centre who operate separate from the other two lines of activity.
If Eric’s paper ended there I would nevertheless applaud its contribution to the discussion. It doesn’t. Eric goes on the highlight the true gap, the need to have the operators who live day to day in the domain (most importantly network service delivery personnel) play a role in maintaining military freedom of action within it. The C&E community as a whole will be required to integrate the three requirements of effective ‘cyber lift’ – build the capabilities, handle the environmental risks, and defend it from the enemy in a cohesive fashion. Eric illustrates this dynamic with a great example from naval warfare.
|“We no longer can keep two separate yet closely linked set of activities.” – Eric Jodoin|
Although I would not necessarily expect the language of ‘cyber lift’ to catch-on, I do think Eric highlights an absolutely critical element of the military cyber domain. Given cyberspace is a domain created and maintained by humans, not robustly including the humans who create and maintain it in our defensive measures would be short-sighted. In my mind how best to manage the integration of cyberspace delivery and defence remains, despite some success, an area for significant development. Eric’s framing is useful to help illuminate the issue and his plea for greater unity within the C&E community I believe is spot-on.
Perhaps to return to my introduction’s comments though – more crucial in my mind than whether LCol Jodoin has it right or not is that he is thinking about it. Even more crucial than that even is that he is writing about it, so we can share the ideas and expand the conversation. I know that he is not alone in having thought long and deeply about the challenges we face. I encourage you to write about them too – I would love to discuss your results here.
The Cyber Path
* This blog contains errors and that’s a good thing. Don’t be afraid to make some of your own.
* J’écrirai en anglais, car j’en suis plus confortable. Je vous invite à répondre dans la langue que vous préférez.