Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1065131
cYBer www.vanguardcanada.com DECEMBER 2018/JANUARY 2019 17 This article will discuss key points for planning that will help enable today's commanders and command staff to be effective, as well as some pitfalls to avoid. This discussion will be limited to Defensive Cyber Operations (DCO), or enabling mission success by countering the adversary use of cyber tools, and highlight what can be done to enable it. ance and direction, for multiple reasons. Technical people tend to focus on technical issues rather than the mission or operational objectives that the system itself supports. The IT security community tends to lean toward compliance and policy enforcement as a mechanism to manage highly complex systems in repeatable ways. Inexperienced intelligence analysts tend to see ghosts ev- erywhere and confuse the possible with the likely. Standard cyber lexicon is anything but standard. Risk and decision-making models are network and technology centric and were developed largely without under- standing how commanders make decisions. If a commander was confused or hesitant to give direction relating to cyber, it is clearly understandable. The good news is that commanders do not need to be cyber ninjas in order to provide the direction needed for the in- tegration of cyber into operations to suc- ceed; they need to be able to contextual- ize their own experience, knowledge, and skills and make it relevant. In fact, as will be discussed further, being able to look at cyber threats and risks without the bias of IT security or cyber operations is very beneficial for making sure planning, prepa- ration, and respond actions are measured and operationally meaningful. Key points for planning Commanders need to understand the con- text around cyber events, rather than the technical details of the issue. When pre- sented with a cyber threat or event, a com- mander needs to find a way to discover this context. For example, a cyber incident could be reported as 'a set of malicious emails that was sent to two members of the finance section that ended up sending 8 GB of data to an internet server.' The incident would have been dealt with by technical staff and closed once the infec- tion was removed and the user restored. A commander may not care about what seems to be a routine incident that the technical community is happy to run with. If this is changed to 'a group of two peo- ple broke into the headquarters building, sought out two desks in the finance sec- tion, and stole three specific files and left,' the commander would not likely be okay