Lately, hardly a day goes by without media headlines stringing out the latest on the SNC Lavalin scandal with proliferous filler, like the Norman affair and China (anything to do with China). With the words ‘bribe,’ ‘breach’ and ‘bureaucrats behaving badly’ hanging over Canada’s woes, headlines were made around the world. Canada, no longer the apologetic neophyte, had slid into the mud alongside thuggish hogs of other nations; indeed, the worm had turned.
Likely, the last thing on anyone’s mind was Canada’s defence policy and military capabilities in cyber. Except here. With this edition of Vanguard focusing on Strong, Secure and Engaged: Canada’s Defence Policy, released in June 2017, I pulled it out again to re-examine its cyber domain offerings and began to parse out the old from the new for this column.
Solid and diversified, it was a reminder of how far we have come as a nation in technology, innovation and substantial advancements in our military. Although thin on strategic detail and funding, Strong, Secure, Engaged replaced my earlier ambivalence with cautious optimism, at least for this sector.
Supporting Strong, Secure, Engaged is the Government of Canada’s commitment to grow annual defence spending from $18.9 billion in 2016-2017 to $32.7 billion in 2026-2027 on a cash basis ($17.1 billion to $24.6 billion on an accrual basis) over a twenty year horizon. Representing only 1.4 per cent of the GDP (up from 1.2 per cent, although critics claim it was closer to 1.0 per cent) that puts us on par with Guyana and Finland. Worth noting, our Five Eyes (FVEY) partners, except the U.S., are spendthrifts as well. In 2017, the UK spent 1.83 per cent of their GDP on defence, Australia 1.99 per cent, New Zealand 1.16 per cent and the U.S. 3.15 per cent. (An aside: Saudi Arabia spent a whopping 10.29 per cent.)
With the success of Strong, Secure, Engaged relying on so many moving parts, including the economic, political and technological climate over time, budget allocation may pale as a concern. Developing solutions in an uncertain climate is never ideal. While an optimistic policy, the agility and flexibility needed to meet unknown and unforeseen challenges will form a greater part of the success criteria.
Continued Efforts and How Cyber Fits
Over the past decade, Canadian Armed Forces (CAF) operations have dramatically evolved, in spite of less than adequate budget priority. Strong, Secure, Engaged reinforces the need for this to continue with more focus placed on robust innovation that will respond to the future complexity of warfare and conflict, impacts of globalization and changing balances of power.
As always, core to this will be Canada’s continued role in traditional alliances – such as NORAD, NATO and the FVEY community – to promote and sustain peace and stability through operational support and intelligence-sharing. While Strong, Secure, Engaged emphasizes the asymmetry and ambiguousness of the global threat landscape, new threat actors and industry-driven technology that outpace legislation, cohesive alliances and partnerships will add to response and detection capabilities.
A little difficult to categorically pin down, cyber is illustrated in Strong, Secure, Engaged as both the cyber domain and cyber capabilities. A closer look reveals that cyber is well-woven throughout the CAF elements, extending to FVEY and international partners, and cornerstone to every defence priority area, initiative and project, recognizing it as a comprehensive, integrated utility and long term investment.
Firmly situated within priority initiatives and well-defined areas of concentration, cyber will also be predominant in supporting CAF efforts to transform and modernize defence, in what will be an extraordinarily different security environment. Already, military personnel, equipment, platforms and information technology systems are networked, interdependent and interoperable and become even more embedded and essential.
The need for intelligence has steadily increased and will continue to do so, putting additional strain on cyber capabilities, technologies, architectures and resources. Defence intelligence, comprised of disciplines, such as human intelligence (HUMINT) and identity intelligence (I2) – not to mention GEOINT, OSINT, SIGINT, TECHINT, MASINT, etc. – is highly diversified and sensitive. Playing a key role in military operations – such as targeting, forecasting flashpoints and identifying emerging threats – defence intelligence relies on cyber for security, confidentiality, integrity and availability enabling access, generative and standard analysis, transmission/sharing and storage.
At home, CAF has worked closely with Communications Security Establishment, Public Safety Canada, Global Affairs Canada and Shared Services Canada for many years on cyber security standards, identifying vulnerabilities and threats, developing counter intelligence and integrating defensive cyber operations into broader military operations. These will continue to strengthen and evolve to committee governance, as seen with the Canadian Committee on National Security Systems (CCNSS) and National Security and Intelligence Committee of Parliamentarians (NSICOP).
Strong, Secure, Engaged restates the importance of efforts in conventional areas to disrupt terrorist networks, prevent and counter terrorist financing, planning and communications, and detect and respond to threats by groups who promote violent extremist ideologies. Acknowledging the reach of social media, IoT and other modes, a more ‘borderless’ view has been adopted, integrating cyber into multi-faceted approaches including online intelligence gathering, counter radicalization and community outreach.
New Areas of Focus Include Cyber
In step with the needs of defence intelligence, cyber resources with exceptional capabilities and skills ensure secure intelligence-sharing across the Government of Canada and with allies. Improving the precision of military operations, all of CAF’s national security initiatives rely on these resources as much as on the technology itself. Strong, Secure, Engaged plans for increased military, civilian and reservist personnel who are dedicated to cyber functions and the creation of a CAF cyber operator occupation, bolstering advanced intelligence activities.
Making the move to further professionalize cyber occupations will be crucial and will seed the foundation for better performance measurement, standards adherence, skills transfer and the growth of other cyber-related skill sets that will serve CAF’s future needs. Acquiring and retaining cyber resources in a competitive market that is experiencing a skills shortage will call for changes and improvements to recruiting processes and, likely, the organizational culture to compete with the private sector.
Helping meet some of these resource and research and development requirements, the Innovation for Defence Excellence and Security (IDEaS) program will foster innovation, incubate solution options, and bring together private sector, academics, industry and other partners to form collaborative networks. Advanced research and development areas will include surveillance, cyber tools for defence and space, data analytics and the human dimension (mental health and operational stress) to shore up growth areas that are crucial in CAF’s success trajectory in defence.
The Ubiquitous Cyber Domain
Strong, Secure, Engaged envisions a future with a greater emphasis on developing and acquiring advanced and transformative technologies – deep learning, machine learning, autonomous systems, artificial intelligence and quantum computing – and their multi-modal integration, in order to operate and compete in the new environment.
While offering significant benefits to military operations and national security, these transformative technologies will bring unique challenges and risks, some not yet identified. Requiring assessment and mitigation to ensure security for systems, equipment and intelligence and safety and ethical use for human assets, the challenges and risks will vary depending their development or acquisition source.
Hinted at with the establishment of a Cyber Mission Assurance Program that will incorporate cyber security requirements into the procurement process, both supply chain and third-party vendor/supplier security will need to be comprehensive and prioritized. The dual effort to streamline the procurement process will need to balance the cost and availability of services and equipment with security needs and policy objectives.
Likewise, technologies that support and provide platforms for interactive collaboration and testing and training – both internally and with partners – will require similar risk assessment.
With the lateral integration of the cyber domain and its peripheral supports across military operations, it will continue to be an attractive target for potential adversaries, state proxies and non-state actors already developing the means to exploit vulnerabilities, embed surveillance and reconnaissance activities, exfiltrate assets and disrupt command, control, communications and intelligence transmission.
An enormous but crucial undertaking, balancing the flexibility, agility and accessibility of cyber-enabled technology with the security to protect humans, assets and sensitive or special intelligence will require close and constant monitoring of networks, equipment and devices and frequent assessment of threats, vulnerabilities and security processes to prevent cyber espionage, disruption of cyber operations and detection of ever-evolving attack types.
A Touch of the Grey Zone
The reemergence of the grey zone and hybrid warfare is attributed to vast changes to the international environment. More specifically, close power rivalries are looking to tip the balance in their favour – especially revisionist nations – avoiding overt warfare, severe retribution or escalation. Strong, Secure, Engaged references the grey zone and hybrid warfare as a means to counter adversarial threats, primarily in the intelligence realm, “demanding a new understanding of how and when to lawfully use or threaten to use military force in support of diplomatic engagement to manage and shape conflict and international relations….”
While true, the grey zone and hybrid warfare, when adopted by an adversary, results in a formidable threat that requires sophisticated countering techniques involving intelligence, alliances and decisiveness, all constrained by international laws and treaties for NATO allies. Employing hybrid warfare will be essential; founding these comprehensive countering capabilities, which are effective below traditional warfare and on unfair practices, will be a necessity.
Although lacking agreed upon definitions, the grey zone can be generally described as the space between peace and war that, when the climate is right, presents opportunities for hybrid warfare. Hybrid warfare, as a tactic – unfair trade tariffs and sanctions, dissemination of misinformation or exploitation of human rights – aims to create discord and divisions by manipulating diplomatic, informational, cyber, military and economic domains. Amounting to what is described as ‘guerrilla-style geopolitics,’ hybrid warfare often goes beyond the actual threat of warfare and attempts to shift the end state by influencing or exploiting the morality of other nations
In general, hybrid warfare can employ cyber in any form, such as intelligence support, dissemination channels and the means for research and planning, whether offensively or defensively. But, if there was any indication of the extreme complexity of global security in the future, the grey zone and hybrid warfare are fearful examples when combined with technology. When technologies, like artificial intelligence and their potential for misuse, are introduced to hybrid warfare by adversaries, risk levels can increase exponentially presenting a multitude of challenges for Canada and NATO allies, as international legal and governance systems race to catch up.
Some of the Same, More Analysis
Overall, Strong, Secure, Engaged reaffirms Canada’s commitment to technology – and manifestations of cyber – as a vital instrument and investment for military operations and longstanding alliances and partnerships that will ensure the CAF has the necessary tools to achieve their mandate through short and longer term defence goals. Although ambitious, it also shows an understanding and appreciation for our military’s critical role in maintaining security for Canadians at home and in support of our diplomatic partners.
Strong, Secure, Engaged shows extensive analysis and adoption of cyber as a broad-based utility and core capability in the efficient, effective and safe operation of our military, as it continues to ensure our national security. Putting my shades of doubt aside, hopefully a decade from now we’ll look back on Strong, Secure, Engaged and deem it an outstanding, or modestly applauded, success.
For now, ignore the headlines; they will play out as they will. Instead, focus on the incredible accomplishments of our young nation, characterized by uniqueness, diversity and resilience. Within that, take pride in the women and men of the Canadian Armed Forces who generously serve us. Canada owes them so much. Far more than $32 billion.