Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1065131
18 DECEMBER 2018/JANUARY 2019 www.vanguardcanada.com cYBer with closing the file once the cabinet and door was fixed. They would ask about the intruders, what they stole, and what could be done to find them. Don't conflate the means by which an event occurs with the context of the im- pact. An event may have occurred through cyber, but that does not mean that the ef- fects and their ability to counter those effect are limited to cyber means. In the example above, cyber entities could gather all of the relevant data on the event, but that is only part of the complete picture. To determine the who and why, a commander needs to treat the event like any other sort of theft or espionage and task appropriate investigative and intelligence teams. The absence of a holistic and synchro- nized approach to cyber can impact a com- mander's mission specifically: the cost of cyber efforts increases unnecessarily; cyber efforts are unfocused and take cycles away from operational planning and execution (Ops) personnel; a mission may not be prepared for predictable and preventable cyber threats; or, a mission is uncapable of countering deliberate and integrated adversary effects delivered through or enabled by cyber means. Practical plan- ning activities should answer fundamental questions, such as: who are the adversar- ies I care about and what will they aim to achieve; what are the realistic ways that their aims can be achieved or assisted through cyber means; what can be done to form the technical terrain (the state of mission networks) to provide a defensive advantage; what potential actions need to be prepared; and what plans, tools, and training are required to prepare for likely threat scenarios. Use the same thought process for cyber as any other threat and ensure planning is integrated into broader Ops and Int processes. Objectives of an adversary do not change when using cyber tools. Criminal groups want to make money, hacktivists push an agenda, foreign intelligence ser- vices conduct espionage, foreign states seek to project influence and power, and militaries want to cause specific effects at the time and place of their choosing. Cy- ber is one tool of many that adversaries can leverage. This fact should prompt the consideration of the following: priority for planning and preparation should be given to cyber threats that could support adver- sary objectives; any contingency plans for dealing with real-world objectives should include a cyber component within them; any planning activities that aim to counter adversary objectives should consider what possible actions the adversary could take using cyber tools. Be confident that your experience and knowledge in the military domain is highly relevant to making effec- tive decisions relating to cyber within that same domain. If a commander cannot see how a particular cyber threat could help an adversary support their objective, then it is likely not a valid threat to the mission. Assets or information that are critical to the mission may not be of interest and value to an adversary. In most cases, the two sets can be represented in overlap- ping Venn diagrams that should inform IT security and cyber defensive activities. IT security is a tool to project assets that are critical to the mission, where cyber defence is a tool to counter adversary outcomes. Both activities should be well coordinated with each other as they are highly interdependent. Ensure that asset and service criticality is used to drive IT security, that adversary interest is used to drive any additional specific defences or response actions, and that both mutually support each other. The effectiveness of DCO is determined before the engagement occurs, through planning and preparation of the environ- ment. If an adversary chooses to use cyber against an operation, they will be forced to interact with the networking and se- curity environment that the defender has established. In this respect, the defender has the advantage unless they have chosen to cede it deliberately or through inaction. Should a commander not wish to cede the advantage, they have the option to cause the planning to occur that will design and deploy the equipment and processes required to establish it. Any related ac- tivities need to occur before a network is put to use supporting a mission, as trying to retake the advantage within a system that has already been built, shipped, and turned on is akin to trying to design and install reactive armour on a tank while it is in combat. Seize the advantage in the cyber environment before a system is de- ployed, and direct accordingly. Succeeding in cyber is a team sport. Commanders are uniquely positioned to obtain significant support from national cyber elements if they choose to ask for assistance. To obtain effective support, Commanders need to understand the context around cyber events, rather than the technical details of the issue. When presented with a cyber threat or event, a commander needs to find a way to discover this context.