Special Edition Number 3 - Technology

The following article has been provided by external source. The Government of Canada and Royal Military College Saint-Jean are not responsible for the accuracy, reliability or currency of the information supplied by external sources. Users wishing to rely upon this information should consult directly with the source of the information. Content provided by external sources is not subject to official languages, privacy and accessibility requirements.

 

Cyber Operator: Are you sure you want to do that?

Canada faces an array of challenges (and opportunities) in the cyber domain. This essay identifies how the Department of National Defence’s (DND) disposition towards (and approach to) developing and sustaining a cyber-capability is inefficient, and counterproductive to the need. The nature of the Profession of Arms (POA) may be the critical vulnerability facing cyber capability development in Canada’s military. The CAF’s hierarchical command structure, universality of service, terms of reference, and even the general composition of the military are factors which contribute to challenges facing the development of a cyber-capability in the CAF. These factors inhibit the CAF from harnessing the full spectrum of technical talent from society that would be capable of meeting Canada’s cyber defence needs. As a remedy, it is suggested that the CAF look to the officer corps, to leverage Civil Military Cooperation (CIMIC) and cooperation in a whole-of-government response.

Sgt. Lee Lunn, 3 Squadron, 36 Signal Regiment; Torusoft.


Biography

Sgt Lee Lunn is squadron operations NCO for 3 Squadron, 36 Signal Regiment. He holds a Bachelor of Computer Science with distinction from Dalhousie University, and has over two decades of private sector industry experience. Sgt Lunn worked at the Pearson Peacekeeping Centre for close to ten years as a software developer and database administrator, primarily in the development of military exercise management software. He is presently employed as a senior developer at Torusoft, where he has worked on the CAF Road to Mental Readiness app, as well as numerous software products for Defence Research & Development Canada, supporting CCSB, CJOC, CFHS, RCAF and other federal agencies outside DND. Sgt Lunn participated in the most recent CFSCE Cyber Challenge, and has a keen interest in CAF cyber capability development. He lives in Dartmouth, Nova Scotia with his wife Jodi, their dog Rumple, and their two cats, June and Bug.

Since the early 1990s, the exponential growth of the Internet has propelled Canada and the rest of the world into the information age. The internet arguably came into existence through the pursuit of military superiority by the United States Department of Defence. More specifically, it was enabled through, and funded by, advanced research projects by the Defence Advanced Research Projects Agency (DARPA) (Waldrop, 2015, p.85). DARPA, which is the United States’ equivalent of Defence Research Development Canada (DRDC) invested heavily in the development of an early version of the Transmission Control Protocol/Internet Protocol suite that we all know of as TCP/IP: the fundamental enabler of our connected lives. The information age has brought the world significant benefits, but not without costs and the internet presents real defence and security challenges for Canada that span the full spectrum of conflict from political-strategic, operational and tactical.

Certainly, entire books could be written on the array of challenges (and opportunities) that Canada has with respect to the cyber domain. For this essay, the focus will be to address how an information warfare challenge may be overcome at the operational level with regard to developing a cyber-capability. It will be argued that the Department of National Defence’s (DND) disposition towards (and approach to) developing and sustaining a cyber-capability is inefficient, and counterproductive to the need. The nature of the Profession of Arms (POA) may be the critical vulnerability facing cyber capability development in Canada’s military. The CAF’s hierarchical command structure, universality of service, terms of reference, and even the general composition of the military are factors which contribute to challenges facing the development of a cyber-capability in the CAF. These factors are, in each case, orthogonal to the wants and desires of the technical talent that would be capable of meeting Canada’s cyber defence needs. As a remedy, it is suggested that the CAF need only look inward to the officer corps, which has an existing capability to address the need: DND is already equipped to address the challenge by leveraging Civil Military Cooperation (CIMIC) and participating in a whole-of-government response.

Command Structure

There is no question that the command structure of the military is one of hierarchy; through literature and experience, it is shown that lateral relationships and out-of-hierarchy influence can and does exist (Canadian Defence Academy, 2005). Nevertheless, the overall structure of the military is incongruent with the norms and expectations of the younger generations of Canadian citizens who readily possess the skills and talent to be cyber operators. As a member of the POA, a former mature student with a recently acquired degree in computer science from a public university, and as a member of the private sector tech industry, I have witnessed this firsthand. Younger generations favour flattened organizational structures with fewer barriers in place for movement in and out of an organization, as well as within the organization. Formal titles, areas of responsibility, tasks to perform, and rigid working hours often prescribe more structure than necessary or desired by members of this cohort.

Further, the military’s command structure and its sheer megalithic size necessitate extensive bureaucratic processes, which often impede flexibility and reduce the agility of the organization - two qualities that younger people actively seek in their workplace. The administrative overhead introduced by the CAF’s command structure and size act as deterrents to younger technology workers that prefer less oversight and working conditions that are responsive and dynamic as circumstances change.

Universality of Service

Universality of service aims to ensure that Canada’s military is a capable, conventional war-fighting force. The terms of service within the military fulfill the obvious requirement for the military to be able to force generate effective combat power, but its rigidity imposes a burden on the ability to recruit from the Canadian population. Indeed, by the definition of the principle of universality of service, the military reserves the right to exclude or discharge otherwise qualified individuals that are not capable of performing general duties that may not be a normal aspect of a person’s occupational training (Government of Canada, 2018, s2.4). Further, the Defence Administrative Order (DAOD) affirms the military’s commitment to apply this policy (Government of Canada, 2018, s2.5).

DND’s demonstrated hard stance on universality of service further exacerbates the inability to retain and recruit technical personnel. Indeed, as Serré (2019) duly points out, some challenges with retention are wholly attributable to policies such as universality of service (p.116-117). Further drawing on Serré’s research, over five thousand members of the force were medically released over a three-year period from the CAF. From the Queen’s Regulations and Orders (QR&O), the two defined justifications for medical release are both directly attributable to universality of service (QR&O Volume 1, 2017). Clearly, there is a case to be made that at least a portion of these trained, indoctrinated and valuable members possess or have the requisite aptitude to bolster the needs of the military’s cyber capability. Canada’s military represents far less than one percent of the total population of Canada, which begs the question of recruitment: how much talent is the CAF turning a blind eye to based on the grounds of universality of service?

Building on the recruitment and retention of technical personnel, yet uniquely distinct from this challenge, are the obstacles posed by the integration of cyber capability, force composition and terms of service.

Terms of Reference

The military’s answer to developing the cyber capability has been the creation of the Cyber Operator trade as part of the departments 2017-2018 plan, which is predominately available to only full-time Regular Force members (Smibert, 2019). The integration of the CAF’s cyber capacity within the construct of the Regular Force stands in the way of developing the capability. Deriving from reporting by Williams (2020), the nearly wholesale exclusion from this trade and the slow integration of the Primary Reserve further restricts the ability for the military to force generate a cyber-capability. Indeed, from experience, the general message to existing reservists was along the lines of, “if you do not come with an education-backed skillset already, please do not apply.” However, the structure and terms of service for the Primary Reserve is inherently well suited to host a cyber-capability.

Primary Reserve members enjoy additional freedoms, and are not restricted by Regular Force terms of service, such as obligatory service to deploy abroad and to relocate within Canada. For some, the restrictions imposed on Regular Force members are a deciding factor between seeking a military career in the Regular Force over the Primary Reserve. Further, it is established that Primary Reserve members are both younger and have more diversity of education than their Regular Force counterparts (Park, 2015). Youth and education are both indicators of technical competence for information technology tasks. Through its reluctance or failure to recognize the potential, the CAF has essentially shut the door on the Primary Reserve to host a cyber-capability; instead, it looks to draw talent through recruitment of new members.

The pool of Canadians capable of conducting and sustaining cyber operations is already limited; the CAF’s choice to recruit, as a primary source, from this already sparse pool of assets weakens Canada’s overall capability to address cyber challenges.

Officer Corps and CIMIC

It has been argued that Canada’s military is not currently well-suited to develop and maintain an operational capability in cyber operations by non-commissioned members but nor does it need to be; instead, Canada’s military has a strong officer corps with a finely tuned, developed, and easily sustainable capacity to address the need. My position is that the NCM Cyber Operator trade is not practical from neither a sustainability nor a capacity building. Instead, officer's acting as liaisons can effectively coordinate/communicate/define the needs of DND to third parties. This is a superior option because it requires no substantially new capacity. Although being rooted in the waging of conventional warfare, the CAF’s Principles of War doctrine is applied to support this claim (Government of Canada, 2009).

The cyber challenges that Canada faces are non-conventional. Indeed, nothing is conventional about the cyber domain: there are no offensive or defensive lines; section attacks and flanking maneuvers do not apply; and neither bombs nor bullets can defeat Canada’s opponents that levy undeclared cyber warfare. Regardless of the properties of the cyber domain, the flexibility of our well-established doctrine supports its application to novel battle spaces.

Selection and Maintenance of the Aim is of primary concern. Doctrine states that distractions to the aim present real risk to success. The requisite skills to effectively operate in the cyber domain requires years to develop highly technical skills and knowledge, and of development and continuous professional development. The areas of study are outside of traditional military training regimes, such as networking, cryptography, operating systems, and programming languages. Further, specific human level characteristics are required, such as prolonged abilities to focus on a single task, complex logic reasoning skills, and immaculate attention to detail. However, these are difficult skills to develop and maintain. Collectively, the required skills, ongoing commitment, and scarce human resources with inherent traits to succeed represents a burdensome distraction to maintaining the aim. Instead, by utilizing the officer corps in a liaison capacity, the CAF would minimize the impact that personnel requirements have with respect to the maintenance of the aim.

The requisite time and effort to develop effective cyber operators represents a significant delay in having an effective capability. This delay is contrary to the principle of Offensive Action and forces Canada into a reactive, defensive posture. By mobilizing the officer corps, an immediate response can be levied by working with civil actors (e.g. via CIMIC), and with Other Government Departments (OGD) through inter-agency cooperation with the other instruments of state power that already have a cyber-capability. Effective liaison by CAF planners and staff officers with other agencies, such as Global Affairs Canada (GAC), the Canadian Security and Intelligence Service (CSIS), and the Canadian Security Establishment (CSE), by definition exhibit the principle of Cooperation.

Given the challenges the CAF faces with recruitment and retention, one would be remiss to not fully consider the principles of Concentration of Force and Economy of Effort. The siphoning of talent from the civil sector reduces the ability of OGDs to maintain staffing levels. Furthermore, the CAF’s interest in cyber capability is much narrower than the range of needs in the civil service and private sector, such as financial system security, or the protection of civil infrastructure. Individuals within the CAF’s structure are constrained by the CAF’s defence priorities, and therefore are unable to contribute towards Canada’s other cyber capabilities and needs. The net effect is a dispersed talent pool and a decreased ability to counter threats in all areas that they may be met. By utilizing the officer corps in a coordination role, Economy of Effort is maximized by reducing the effects of barriers introduced by competing mandates and eliminating the overhead of directly training operators. Working collaboratively enables the CAF to maximize the potency of Canadian cyber talent for the interests of all, and minimize the requirement to develop and maintain the skills required in this highly technical area.

In conclusion, this essay has suggested that DND’s approach to developing and sustaining the capability to deal with challenges in the cyber domain is counterproductive to the need. There is room for improvement at the operational level. The military would be much better served to adopt new approaches, to take on the challenges in partnership with other agencies, and to better leverage the expertise of OGDs and the private sector in order to remain current and flexible. There is no question that Canada is investing in all domains of the conflict spectrum when it comes to cyber (Brewster, 2018), but a more unified, collaborative approach is desirable as the rate of emerging threats continues to grow. DND would be well served to study the effects of DARPA’s pursuits of military capability. By limiting the effectiveness of Canada’s ability to respond, DND may be contributing to the conditions that allow nefarious activity in the information age to flourish, which affects all Canadians.

References

Brewster, M. (22 Feburary, 2018). Federal budget to spend up to $1 billion on cybersecurity. Canadian Broadcasting Corporation. https://www.cbc.ca/news/politics/budget-billion-cyber-security-1.4547685

Canadian Defence Academy. (2005). Leadership in the Canadian Forces: Conceptual Foundations. Canadian Defence Academy - Canadian Forces Leadership Institute.

Government of Canada. (2018). Defence Administrative Orders and Directives (DAOD) 5023-0. Universality of Service. https://www.canada.ca/en/department-national-defence/corporate/policies-standards/defence-administrative-orders-directives/5000-series/5023/5023-0-universality-of-service.html

Government of Canada. (2017). Queen’s Regulations and Orders (QR&O), Volume 1 - Chapter 15 Release. Government of Canada. https://www.canada.ca/en/department-national-defence/corporate/policies-standards/queens-regulations-orders/vol-1-administration/ch-15-release.html

Government of Canada. (2009). Canadian Military Doctrine (CFJP 01) B-GJ-005-000/FP-001.

Park, J. (2015). A Profile of the Canadian Forces. Labour and Household Surveys Analysis Division. Statistics Canada. https://www150.statcan.gc.ca/n1/pub/75-001-x/2008107/article/10657-eng.htm#a4

Serré, L. (2019). A comparative analysis of medically released men and women from the Canadian Armed Forces. Journal of Military, Veteran and Family Health. 5(2) 2019. doi:10.3138/jmvfh.2018-0008

Smibert, D. Building cyber operations in the Canadian Armed Forces: A blueprint to lay a solid foundation. Canadian Forces College. https://www.cfc.forces.gc.ca/259/290/318/286/smibert.pdf

Waldrop, M. (2015). DARPA and the Internet Revolution. Defence Advanced Research Projects Agency. https://www.darpa.mil/attachments/(2O15)%20Global%20Nav%20-%20About%20Us%20-%20History%20-%20Resources%20-%2050th%20-%20Internet%20(Approved).pdf

Williams, B. (10 February, 2020). Cyber Warriors: Army Reserve units take up mission task of cyber operators. Canadian Army Today. https://canadianarmytoday.com/cyber-warriors-army-reserve-units-take-up-mission-task-of-cyber-operators/

 
Date modified: