Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/139409
CYBER C Q Do you now have a Canadian Forces cyber strategy? Federally we have a strategy, which is a broad whole-of-government approach to looking at what Canada needs. Drawing from that, we don't necessarily have a strategy but we have a plan and that is what we have been working on for the past couple of years. And it's not a plan where the ink dries and that's it. We are dealing with a highly dynamic domain and taking a force development approach means you have to account for those changes and update that plan. It is one thing to say we need new capabilities or we need to improve some capabilities, but that has to be weighed against all the other needs and demands across the Canadian Armed Forces in a time of fiscal restraint. Q Have you progressed beyond defence of your networks at home and on operations, to developing offensive capability? We are aiming to operationalize the cyber domain and that will ultimately yield a range of capabilities. To be honest, our focus has been on a couple of areas in the near-term, evaluating the defensive end of the spectrum of capabilities because the threats and risks are on the rise. One key aspect of operationalizing this is to put it into the command domain, which involves command-driven information requirements, situational awareness, deliberate planning, monitoring and execution. And that certainly includes defensive operations. Ultimately, we want military commanders to have the freedom of action to have key aspects of force protection as it applies to the cyber domain to undertake the things they need to do in any conflict or battle space. Q General Keith Alexander [commander of U.S. Cyber Command] has spoken publicly in recent months about the need to expand offensive capability and has even announced the creation of 13 units for that purpose. Where are you in that discussion? We are looking at the full range of capabilities that are out there from a conceptual perspective. You cannot hope to get better at any defensive capability if you don't understand how an offense is going to work. There are a lot of actors across the spectrum from hacktivists to criminals, to state-sponsored or state actors, and you need to have defenses that cover all of it. So we look to a layered defensive system that allows you to deal with incidents coming in and manage the consequences after the fact. I can't speak to the details of what capabilities we are going to build, but our aim is to make cyber like any other domain. A modern military has to understand where their interests lie in cyber space, where the risk are, where the vulnerabilities are, where the opportunities are, and make best use of them. And in some ways we struggle with cyber and what is offensive and what is defensive and how do we navigate an emerging policy space. It will be an evolving discussion inside the department and within government as to the level of ambition for capabilities. We will ultimately develop what is the right level of ability from a Canadian perspective. But what's old is new again: we have been in the radio frequency cyber environment, and involved in "cyber operations," for many, many decades as it applies to electronic warfare, and we have found a way to normalize that. Q Where does cyber eventually reside given that it cuts across the air, land, sea and space domains? Does it require its own command or is it part CJOC (Canadian Joint Operations Command)? As others before me have commented, form has to follow function. We have made leaps and bounds in our progress of the functional analysis. We're now at the point of specifically addressing the form aspects of the question and we'll be looking with keen eyes at what some of the options are. If that warrants some changes in structure, then that will be proposed and hopefully implemented. But we are not yet at the point of making those decisions. It ultimately depends on what the level of ambition is for building capabilities and, most importantly, in normalizing cyber operations. Q As the army, navy, air force and special forces build their networks, how are you ensuring you are able to protect and operate on them? From a force development perspective, we have the remit to look at concepts and doctrine and capabilities and identify the gaps, and then look at some of the alternatives for building the future. Underneath my authority as DG Cyber, I now have a C4ISR directorate and their mandate is to look at that joint capability space as it applies to networks, command and control, communication and information systems. They are looking at that future architectural space to determine what we have to build. It's quite a useful evolution in our organization to bring these things under one director general. Part of my cyber plan for getting better into the future is about building cyber forces, and part of that is getting at how we architect and build our systems so the security layers are built in from the start. If you have to layer it on afterwards, it is infinitely more difficult from a technical and systems perspective. Q How does that tie into the cyber capability that NATO and allies are developing? Are you developing compatible skill sets? This is absolutely a team sport. It involves whole-of-government effort at home and close interaction with our traditional Five Eyes allies as we all go through the same process of trying to operationalize and bring traditional warfighting into the environment. We have significant involvement with NATO. With my C4ISR mandate, we are involved in some of their architecture for their systems development. And for cyber, we are involved in some key projects to improve NATO situational awareness in the cyber domain. We're also leveraging to pretty good effect NATO efforts for collective cyber training in ways that will only help build the human relationships that have to sit behind the networked relationships. Q In 2009, the Canadian Forces School of Communications and Electronics launched a campaign plan to start deļ¬ning the "Net Ops Warrior." Do you have a better sense today of who that individual is? I would say we have a better sense but we have not landed on any final answers. I believe our cyber forces of the future will involve a www.vanguardcanada.com JUNE/JULY 2013 13