Of all the organizations in government, the Canadian Armed Forces (CAF) is one of the most resilient. Through a century of wars, changes in structure, and new strategic directives, it has delivered world-class capability. But like all organizations, it faces risk. As it makes decisions in one area of capability to deal with decreased budgets, it can often induce effects that ripple across the organization.

Nick Martyn is the founder and CEO of RiskLogik, a small software and consultancy company near Ottawa that is working with federal departments, provincial governments and municipalities to understand the risks of cascading effects across critical infrastructure and how to introduce greater resilience. The retired army officer spent a significant a portion of his 27 years in service writing doctrine and training, and working with transformation teams in Canada and Afghanistan to assess and mitigate risk. He spoke with editor Chris Thatcher about operational and organization risk, and some of the CAF’s larger challenges.


The Canadian Armed Forces are in the process of refreshing the Canada First Defence Strategy. As they rebalance government ambition with near-term budgets, what are the areas of greatest risk they need to manage?

I think in this case there are two broad categories of risk to manage. The first kind of risk is operational. To address that we have to think about what comprises operational capability. There are several models used to describe it, but essentially it is what effects a force can project into the conflict space, kinetic or non-kinetic. That is the product of all the doctrine, training, equipment, leadership and organizational culture (and much more) that comprises the force. It is far more than the kit. History and experience have shown that forces with very meagre equipment can defeat far superior forces when they are well trained and brilliantly led.
There is no question about the excellence in leadership of today’s CF, but training, particularly collective training is taking a serious hit.

The reduction in the operating budget means that for all intents and purposes meaningful collective training has all but ceased. There are precious few non-operational sea days, field days or flying hours available for commanders to weld their teams into confident fighting units, and even less training fuel and ammunition to train with. It takes 124 training days to take a Battle Group to pre-deployment standard and from what I can gather now few if any units get that. So the first risk is to operational capability. If we are lulled into thinking that having world-class equipment translates into operational capability when it is needed, we are much mistaken. Collective training, science and technology, operational research, doctrine, logistics: they are all vital parts of the mix. We disregard them at our peril.

I think the second dimension of risk going forward is institutional. Institutional risk is complex and encompasses such seemingly “soft” elements on the moral plane of war as culture, and ethos, and it culminates in institutional credibility. After the Somalia mission we learned that they are anything but “soft” and, in fact, they are core elements, more important in many respects than our equipment. Fortunately, through the visionary leadership of General Mike Jeffery and General Rick Hillier, the Army in particular was able to reshape its culture, re-affirm its ethos and re-establish its institutional credibility.

The crucible of organizational culture in the Armed Forces is training, both individual and collective. While individual training generates individuals with the skills, knowledge and attributes to perform their operational roles, collective training is where those individual capabilities are tested and welded together to form operationally capable teams. Soldiers, sailors and airmen all know when they are part of an operationally capable team and when they are just making a good show of it. Without the crucible of structured, sustained, graduated and realistic collective training they loose confidence in their abilities to perform, the ability of their leaders to lead them and the institution’s ability and will to support them. When it all goes wrong on the day because of it, the CF loses institutional credibility – its center of gravity. No one wants to go back to the decade of darkness, but the risk that we will increases in direct proportion to the reduction in collective training.

Just as we are integrating old technology with new technology, we are also integrating legacy decisions with new decisions about capability. CFD has a pretty robust process for challenging that today, but are there steps to mitigate some of the risk around legacy decisions about capability.

The short answer is, yes, there are ways to reduce that risk, but they are difficult to get at in many cases. Let’s first of all be clear about what the risk really is. The risk in this case is in not having the operational capabilities we need when we need them because we either couldn’t afford them or we simply got the strategic calculation wrong. In a post-Afghanistan environment characterized by diminishing defence resources but a global strategic context with an increasing threat spectrum, I can imagine Chief of Force Development (CFD) has more than a few sleepless nights over this question.

As with all complex problems, a simple answer is usually not available. Broadly speaking, however, some simple guiding principles apply. The first is agility. Our tactical forces have shown remarkable agility, adapting to asymmetric warfare in all of the three services without missing a step. During the Afghan campaign the doctrine, training, operational research, lessons learned and, to a large extent, the procurement system more or less kept pace. But that was because we could invoke the Immediate Operational Requirement (IOR) protocols that removed most of the impediments. Now we can no longer invoke IOR and it has become fashionable to gut doctrine, training, operational research, lessons learned and any other force component labeled “tail” in favour of preserving the “teeth” – the complex system-of-systems that is force development is slowly grinding to a halt. Since we can’t afford capabilities across the entire threat spectrum we have to choose those that will maintain the most relevant foundation from which to adapt. But this presupposes that we maintain the capacity to adapt, and that capacity is the very thing we seem to be shedding as we adjust the tooth-to-tail ratio. The risk, therefore, is that by sacrificing tail for tooth we will lose the very strategic agility we base our defence posture on.

There is some mitigation available from technology, however. Lew Platt, the former CEO of Hewlett Packard, once quipped, “If only HP knew what HP knows we would be three times more productive.” What he was referring to is the perennial curse of the posting cycle in which, try as we might through hand over notes etc, corporate knowledge seems to have a two-year life span in the CAF. This of course is not intentional; it is just a fact the CAF and the department have not yet fully overcome. This has the effect of retarding progress on any file when the desk officer is posted. Given the complexity and highly interdependent nature of force development files, it can take months for sufficient situational awareness to be acquired by the new incumbent for the inertia to be overcome and momentum restored. To mitigate this CFD could initiate a Force Development dependency model that would depict the connections and dependencies for each project from doctrine development through to capability integration into the operational force. In this way the “CAF could know what the CAF knows, and both productivity and agility would drastically increase.” The technology exists within the CAF to do this now and an initial attempt was made under the Defence Integrated Management Environment (DIME) project several years ago. Sadly, it was not carried forward to completion.

But given the pace at which technology is changing, how do you develop that agility to make those decisions quickly enough? The rate at which the CAF can incorporate new capability now would suggest that is going to be difficult.

Ironically the question of introducing new operational capability to the operational force was the genesis of DIME. Early in 1997, while I was writing CFP 300-8 (Training Canada’s Army) I realized that the production of operational capability was almost accidental. If government called on the Army to field a brigade sized force for operations longer than a year, it would rapidly have become unsustainable. So it seemed to me that we needed a predictable system that would produce a predictable volume and quality of Army operational capability over sustained periods. That idea became what is known today as the operations and training cycle. As most readers know the cycle has three phases: operations, refit and training. The idea is that training phase is focused on building and testing teams up to full operational capability; operational phase is where this capability is deployed and used: and refit phase is where new skills, equipment and personnel are introduced to the unit, command is changed and it prepares to re-enter the cycle again. Synchronizing the introduction of new capability in the Army is now quite simple, and the Army commander can maintain configuration control over the field force because capability upgrades (apart from IORs) are introduced on a predictable cycle. This idea was carried over in varying degrees to the Maritime and Air components during CF transformation. So I think it is fair to say that the mechanisms to incorporate new capabilities into the operational force without disrupting the production of operational capability exist within the CAF now. The risk is that they may fall into disuse because people don’t know what they don’t know – the Hewlett Packard curse. Obviously this ties back to the previous question and the mitigations to that risk lie in the effective use of the technologies we have already and the preservation of the human capacity at the tail so the teeth can profit from them.

From a risk mitigation standpoint, how do you understand the cascading effects across your tail if you start pulling out pieces? Is it through DIME?

Well, that was certainly the intent of DIME. Force development is a very complex system-of-systems. Instead of trying to blueprint it, which would simply have made a static picture that would not have been especially useful, we used directed path graph techniques to build a dynamic model of it. We used data from the Dynamic Object Oriented Requirements System (DOORS) to cross connect capability requirements to projects in train in order to understand what would happen if certain projects were delayed or cancelled. We discovered a lot. In a similar way we linked the fielding plans for projects in delivery phase to the operations and training cycle of the Army and averted some potentially costly mistakes such as units that were scheduled for LAV III upgrade actually being deployed at the same time.

The system was also designed to manage the production of operational capability from the very basic individual level to full operational capability at the joint level. This ensures that component commanders have the same situational awareness of their force generation status as they do about their deployed forces, including ammunition consumption, flying hours, fuel, field days, both actual to date and forecast, to a high degree of accuracy. This not only means they can re-balance priorities with full appreciation of the consequences in near-real time, but they can synchronize the introduction of new capabilities easily and understand the resource implications on any course of action they might choose. The risk mitigation DIME offers is to vastly increase institutional agility and help the “CAF know what the CAF knows.”

If operational training is the most vulnerable piece to this, can you build resilience into it?

There is an apt quote by Josephus that addresses this. He said, “The Romans are assured of success; their exercises are bloodless wars and their wars are bloody exercises.” At the risk of sounding like a broken record, there is no substitute for structured, progressive and realistic training that builds the trust, confidence and capability teams need when it counts. Remember, the bad guys don’t give you a re-test. But training can be expensive, so some mitigation to that cost can be found in constructive simulation and part-task trainers such as gunnery simulators, flight simulators and bridge simulators. They all have a role to play, but it is a supportive one and they are not a training replacement. There are also a few facts at play here that are not dependant on post operational draw-down. Some skills just have a very short life and have to be practised and confirmed frequently in order to remain valid, while others can survive quite a long time as long as the teams that perform them remain stable. The moment the team changes the skill set is lost entirely. There is a residual capability that resides as experience within the organization, but it is not reliable and could not be deployed if needed. So sadly the answer to this question is “no,” there is no substitute for training. We get what we train for as long as we keep training for it.

Are we focusing our limited resources, then, in the right direction? If, as demographics suggest, urban populations are increasing, most large cities are coastal, and the rate of networked connectivity is increasing, is an emphasis on general purpose combat capability appropriate if we are going to be asked to intervene when services, infrastructure and governance/rule of law collapse in urban littoral environments?

I served 27 years in the combat arms and in that time we did an awful lot of general purpose combat capability (GPCC) training, but in operations it was always adapted, sometimes unrecognizably, to fit the circumstance. The GPCC we learned and practiced emerged from the doctrine of machine warfare between industrialized nation states on the north German plain. Although we did not deploy to Iraq in either of the Desert Storm operations, those skills would have been widely applicable there if we had. But as you rightly observe, the nature of warfare is changing, much as the Tofflers predicted it would. We have to adapt the GPCC baseline the CAF uses so that the gap between that baseline and the conflicts Canada will fight next does not become un-crossable. The risk is that we paralyze the ability to adapt quickly – our agility in other words – by reducing our training and force development capacity below the critical mass it needs to drive that adaptation in time.

There is another aspect to this that bears thinking about. It may well be that the asymmetric and to some degree fractal future battle space you describe requires a complete rethink of the type of force needed to dominate it. It is not unreasonable to suggest that the GPCC baseline my generation learned and practiced cannot be adapted to this new reality and that it is more suited to the special operators. It is well known that unconventional operations require a different set of skills and attributes than those learned in what we think of as conventional operations. Even though many special operators begin their careers in conventional warfare units, many more come from extremely different backgrounds in many other branches of the service. They succeed despite not having that background and they do so as much because of their adaptive minds as their physical abilities. It just may be that the units required to succeed in the chaotic environment you describe will be populated by soldiers that have no GPCC training at all but rather come to the forces by some other route. The risk is that we fail to recognize this possibility and adapt to it.

Back to your first point about organizational risk, what are the most significant threats to the organizational side of the CAF?

I think there are three. I think right now the rising number of suicides are the most immediate and troubling. We strive to look after everybody and we think we understand combat and operational stress injuries – Pat Stogran and General Dallaire have made great strides bringing that forward – but we haven’t reduced the suicides. In fact, they are going up. We haven’t yet figured out how to recognize the changes in a personality that lead down that path of despair and end in a suicide. Canadians have a right to ask, what the heck is going on here? However, I don’t think it is fair to point fingers at the Army Commander, the CDS, or the health care system. This is a new phenomenon and everyone is trying their best to deal with it. But if joining-the-armed-forces-leads-to-suicide becomes a mantra in the minds of Canadian parents, that poses a tremendous institutional risk to the CAF.

I think the second organizational risk is procurement, or at least the public perception of it. There have been some spectacular missteps, but if we look at the requirements organizations and the tools that support them, we should be pretty good at it. No matter the reason, these failures shake public and government confidence. We can’t be agile and adaptive if we cannot define requirements quickly, validate them and procure the capabilities to meet them effectively. But whatever the causes of inertia and/or failure are, the organizational risk to the armed force’s institutional credibility posed by such missteps is clear.

The third risk is potentially critical. If we continue to cut operational training so ships can’t go to sea, airplanes can’t fly and troops can’t train in the field, when government calls on the CAF to deliver operational capability as advertised, the CAF won’t be able to deliver. As Prime Minister Chretien is reputed to have said once when he got an answer he didn’t want to hear, “I give you $16 billion a year and 60,000 people; ‘no’ is not an answer!” In many ways he was right. The government and the people of Canada know they are paying a lot of money for operational capability that can protect their interests at home and abroad. If we prioritize the acquisition of the latest equipment over the generation of credible operational capability, perhaps at the third generation instead of the fourth, and the capacity to adapt quickly to a new reality, then there is a very real risk that the CAF might posses the latest military hardware in the world, but would not be able to respond when called on. The consequences of that would be profound and lasting.

With Olympics underway in Sochi, what lessons regarding risk and resilience did we take away from Vancouver 2010? How well did we do?

You can do nothing but take off your hats to the folks who ran a world-class Olympic event. Graham Thornton ran all the logistics – a fantastic effort, flawless in execution. Dr. Paul Chouinard, who works with DRDC’s Centre for Security Science, did a lot of the work on integrating the infrastructure, and his point was: “I don’t think we understand the interconnectedness of our infrastructures.” The lessons learned out of that were that major critical infrastructure providers were very protective of their data. There is a project now under the Canadian Safety and Security Program that we are participating in, led by the government of Saskatchewan, to try and provide an environment where critical infrastructure connections and risk can be known by the owner in their own silo and protected but connected when necessary. So when we have something like V2010, everything can be brought together in a model that can inform operators and then disaggregated when it is no longer relevant. Now that is a very tall order. It requires effort, first of all, from the private sector operators that really is not going to get recouped in their bottom line. They are going to have to participate in something they probably don’t think they need to nor want to – it is somewhat counter to their interests to share this kind of information. Public Safety Canada is constructing this national model and we are going to have to get to the municipal level, to the private sector infrastructure level. The question is what level of granularity do you need to understand the risk and then mitigate it? So the answer to the question is that through the efforts of some great people and great good fortune we seem to have done well. I would not be surprised if Mr. Putin has a similar view of Sochi.

As we bring whole-of-government partners together, do we now understand how risk cascades across departmental systems?

No. One of the things government departments are beginning to discover is that risk is irrelevant right up until it isn’t. It is generally thought that as long as there is a risk manager and she goes through the compliance exercise of looking at the risk and following the ISO 3100 enterprise risk management process – ticks off all the boxes – then the job is done. Some departments go a little further to manage risks to their information technology infrastructure (ITI) but not many. It is fair to say that no department understands how their organizational and operational risks are connected and how an event could trigger a cascade of consequences across their operation. This can be done and in fact it can be linked up so effects can be understood across government departments and vertically form the federal to the provincial to the municipal level, and all these operations can be made resilient. It is encouraging to note that the Government announced national resilience programs in the throne speech.

But has the Vancouver Olympic experience not left us with a legacy of whole-of-government collaboration around these risks?

Yes and no. One might expect a collaborative risk analysis and monitoring system as a legacy, but that has not happened yet. But Public Safety Canada has initiated a national critical infrastructure model project which will be complete in 2016 based o the lessons learned in Vancouver, and that may very well evolve into a WOG risk management environment.


In December, Risk Logik announced the additions of General Rick Hillier, former Chief of the Defence Staff, and Bob Huggins, a digital media entrepreneur, to their board of advisers. Gen. Hillier will serve as a paid board member, providing guidance, strategic vision, insights on leadership and relationship-building.