Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/139409
C CYBER mix of Regular, Reserve, civilian and perhaps contractor or managed services support, integrated in the right way. In terms of individuals, we have a two-phased approach. We have classifications and trades today that draw from some of the right technical backgrounds to offer a starting point to develop higher order cyber functions, skills and knowledge. That's providing a bit of a filter in terms of aptitude and interest, and in building teams. We have also engaged our personnel specialists for the full analysis – job analysis, skills analysis, training needs – to come up with more formal options. I can't tell you if the trades and classifications we have today will be the right pools to feed future cyber forces, or if we will need separate trades and classifications. I will say the human resources piece of this is by far the most difficult. What we call the cyber environment is the cyber marketplace for everyone else – there is a lot of growth in cyber security looking for the same kind of talent. So to retain the talent you need will be an immense challenge. And it's a broader whole-of-government issue. Now, if we train a cyber warrior or operator and they go on to work somewhere else in government, that's not a bad thing; we end up with a more cyber- savvy public service in the broader sense. Q Defence Research and Development Canada as begun embedding scientists to understand operational needs. Are there projects you can discuss that illustrate this stronger relationship? Absolutely. For the cyber environment, although it may not have been labelled as such, there has been longstanding connections between our force development efforts and our S&T folks working in these areas, whether it be in C4ISR or in cyber as it has emerged. There has been a specific effort to fully align S&T efforts with the overall Chief of Force Development campaign plan; we've integrated across all capability areas to have a more joined up effort so that DRDC's plans are based on our desires for immediate outcomes and ultimate objectives. Cyber was a pilot effort in their own transformation – as they have changed their business model, they have used cyber specifically. So we now have an S&T cyber program that is fully aligned with our own future cyber forces campaign plan. The questions we need to have answered are now on their short list. That is a real success story. Q Given how quickly technology changes, how do you manage the pace of change in this domain? It's a huge challenge. From an operations and maintenance of information technology perspective, our government procurement systems do not always lend themselves to keeping pace. That is going to be an even bigger challenge from a cyber perspective: not only do you have to keep pace with the changes in technology, you also have to keep pace with how unsavory actors might use that technology against you. You have to have the right individuals as part of the force development team, to be connected with S&T, and you have to have better connections with industry because they are at the forward edge of this battle. You have to accept that the model for cyber force development is not like air, land or sea where you are going to build a big platform and keep it for 40 years. Your platform is changing on a daily basis. It speaks to a force development team that understands change and is queued to respond to those changes. 14 JUNE/JULY 2013 www.vanguardcanada.com Q How successful have you been at shifting peoples' mindsets? I think we are at the front end of that. There is always a balance between what we in uniform consider to be an absolutely critical requirement to be addressed now and the limitations of government systems and resources. Procurement, for example, is not just a Defence challenge. Other government security agencies will also have to deal with the fact that the pace of change will necessitate a new approach to how we respond. I think that is increasingly understood by senior actors in the government. Q The weak link in cyber defence is still the individual. What's your role in internal cyber education? That's a key question. It highlights the point that at times we narrow our focus, in this case to the network space and how to make it more secure. There are all the traditional aspects of security that we still have to be mindful of, from emission security to transmission security, what you talk about, where, with whom – how you compartmentalize your work. There is a departmental program looking at that and there is obviously a nexus of interest between that security transformation effort and our own look at cyber defence. There are at least four important components to this. The first is everyone in the department, military and civilian, because they are sitting at a keyboard; they have to understand the consequences of their actions. We have worked with our Provost Marshal to develop some of the computer-based training to help users. Above that, there are the people who maintain our systems and network environments; they are more switched on than most but we have to reframe their information protection, information assurance activities so they understand that this is an actual operational environment – they are looking after command and control and weapon systems, and there are implications and repercussions if you don't get it right. Then there are commanders and staffs, and we have a role to play so that every operational headquarters understands how they integrate cyber operations into their normal command post operations as they do land, air and maritime. And last, there are the folks who are going to be involved in executing cyber operations, and they have a different level of sophistication. But normalizing this across the Canadian Armed Forces means everyone has to get it. Q What lessons are you taking away about cyber? Probably the biggest thing I have learned is the importance and, at times, great difficulty of reaching out across government to knit up that whole-of-government effort. It is so important, shifting from what at times can be a competitive inter-departmental environment to a more collaborative one. I firmly believe that for the government to get better in cyber space, it means a number of key federal departments must integrate their efforts and share information. That has been evolving over the past two years. As a typical, impatient military officer, it is always too slow for what you want, too slow for what you think the circumstances demand, but it is vitally important and it's encouraging to see amongst these departments with a key stake in cyber that there is the growing realization that we are in this for the long haul and that the sum of our efforts should be greater than the individual contributions.