Editor's Note: The Pentagram prints work by published writer and JBM-HH Commander Col. Patrick Duggan. This is the second in a two-part feature written originally for Small Wars Journal, reprinted with permission here. Small Wars Journal is a professional medium that uses contributed content from serious voices across the small wars community to "help fuel timely, thoughtful, and unvarnished discussion of the diverse and complex issues inherent in small wars," according to SWJ editorial policy. For the original, cited work, see http://smallwarsjournal.com/jrnl/art/to-operationalize-cyber-humanize-the-design.
Modern militaries have incorporated operational design into campaigns, strategies and battles since the days of Carl von Clausewitz. Interior and exterior lines, lines of operation, lines of effort and logical lines of operation are all linear in nature and have served to arrange and link spatial, temporal and physical objectives to a greater purpose or a grand design.
According to Army Doctrine Reference Publication 3.0, lines of operations and lines of effort link objectives to an end state, and commanders may use one or both to describe the operational design. In short, linear designs and thinking have dominated Western military thought for hundreds of years and continue to pervade.
While the value of linear design to military operational art is well beyond the scope of this paper, this paper does advance an unorthodox approach to operationalize cyber.
Figure 1 depicts an example of traditional lines of effort, as reflected in the U.S. Army Cyber Center of Excellence's 2015 Strategic Plan.
Figure 2 depicts a non-traditional approach that iteratively emphasizes humans in the design.
The real contrast between the two is not in their specific objectives, but in their orientation, as Figure 2 emphasizes the centrality of humans in continuous cycles of effort. Humanizing cyber requires the acceleration of every single Soldier's cyber-education and the velocity of every branch's collaboration. Individually, Soldiers must internalize and adopt cyber in their daily lives.
Organizationally, every branch must develop its own concepts and adapt cyber to suit its distinctive cultures, missions and needs. Ultimately, an iterative human design builds enterprise-wide trust and pushes cyber to the heart of Soldier identity--themselves as individuals and themselves as an organizational branch.
Every Soldier must become cyber aware. The U.S. Army must demystify cyber by accelerating enterprise-wide education. Similar to the rifle marksmanship training every new recruit receives upon initial entry, cyber proficiency builds in degrees of comfort and skill throughout a Soldier's career. Blocks of cyber-education must be incorporated into all NCO and Officer Professional Military Education courses, perhaps culminating in a yet to be established Department of Cyber Warfare at the U.S. Army War College, or a new National Cyber War College for the entire Department of Defense.
Cyber-education could be categorized into three distinct levels: foundational for every Soldier, generalist for junior officers and NCOs, and specialist for both open and closed-circuit officers and NCO tracks. Civilian cyber-security certifications could also be aligned to rank, experience and education levels, as intimated by DoDI 8570, with junior Soldiers completing A+, junior NCOs and officers completing GSEC and specialists acquiring CISSP certification.
Must build a bench of cyber-Soldiers. While the U.S. Army recently built 41 active-duty cyber mission force teams and 21 National Guard and Reserve teams, they will still not be enough. As described in the scenario earlier, to be successful, the U.S. Army must build more capacity, capabilities and deepen its cyber-bench. As every Soldier becomes increasingly more cyber-aware, the U.S. Army could establish three new cyber-tracks for Soldiers to pursue.
The first track would be for all Soldiers as they ascend their respective branches. The second would be for non-traditional cyber-talent in an open-circuit track, and the third would be for traditional cyber-talent in a closed circuit, similar to the U.S. Army Special Force's recruitment, selection and training.
In the open-circuit track, branches would select and send Soldiers to attend specialized cyber-schools at the U.S. Army Cyber Center at Fort Gordon. These Soldiers would remain assigned to their parent branch, and after completing 6-12 months of training would be closely-managed by an Additional Skill Identifier. Open-circuit Soldiers would return to their respective branch and infuse new perspectives, new methods and insights for best tailoring cyber-practice inside their branch. Cyber-trained branch-practitioners would stimulate an explosion of fresh and diverse ideas across all U.S. Army branches. By recruiting the best of the best from open-circuit graduates, the Army would also expand its pool for closed-circuit cyber-talent.
Every Soldier must develop an increased sense of control over cyber. As every Soldier's cyber-education accelerates, and training opportunities increase, cyber will become less of a thing at all, and more of a verb. Cyber the verb will engender countless new actions, as Soldiers learn to develop a sense of control over it and forge new emotional bonds by using it in their daily lives. Cyber-exposure is the key to feeding the simultaneous and independent innovation of tens of thousands of Soldiers, and enabling them to seize control over some of the millions of devices being connected to the IoT daily. This important shift will gradually change the conversations from how many Soldiers it takes to run a machine, to how many machines a Soldier can run. For the Army, the IoT isn't about "things" at all, but about changing its organization and culture.
As the barriers of entry drop for controlling devices in an exploding IoT, the decentralization of once abstract notions and technical concepts is inevitable. Thus, Soldiers must be trusted more to self-regulate in this rapidly changing environment. The IoT will provide a myriad of new attack vectors such as: surveillance cameras, thermostats, monitors, automobiles and wearable technology, just to name a few.
Soldiers must be given greater input to customize unique solutions for accomplishing their respective missions, as it will soon be impossible to exercise centralized command and control. Fortunately, the U.S. Army's long experience with Mission Command provides a useful template for fostering individual initiative within a broad framework of overall intent. Ultimately, a Soldier's ability to internalize and adopt cyber-technology is essential to driving the new concepts every U.S. Army branch requires, but more importantly, provides the confidence to do it.
Subcultures. Every U.S. military service possesses distinctive organizational cultures and subcultures, and within every subculture there are different norms and comfort levels for hierarchal control. Some U.S. Army subcultures prefer more rigid hierarchy, referred to as high "power-distance," while other branches prefer less.
Power-distance is the degree to which a Soldier's branch expects power to be distributed; if distance is high, leaders expect higher obedience, more hierarchical decision-making and less collaboration. In essence, organizations with high power-distance exhibit less autonomy, flexibility and creativity when operating in ambiguous environments. At the opposite end of the spectrum are subcultures characterized by low power-distance, like the U.S. Army Special Forces, where there is a widely held view that power-distance "is significantly less than the regular Army," and have "a reputation across the military community for being flexible, adaptive and assertive."
Unfortunately, as the U.S. Army contemplates operationalizing cyber, it also wrestles with the paradox of an enduring culture that gravitates towards centralized control and linear thinking, while actually needing more decentralized innovation and thinking "out of the box." Meaning, if the U.S. Army is to be successful at operational cyber, it must dissipate high power-distance subcultures that perpetuate linear thinking and retard new ideas, while emulating subculture climates that embrace adaptation and learning.
Every U.S. Army Branch must develop its own cyber-concepts. As certainly as every U.S. Army Branch exhibits its own distinctive culture, missions and notions for warfare, each branch is also in the best position to envisage its own cyber-concepts. Branch-conceived concepts will create as many diverse ideas and fields of application as there are disciplines and units in the U.S. Army.
The arsenal of ideas will feed non-linear thinking, fuel collisions of ideas and offer a market of fresh options to explore cyber's inherently non-military space for new ways of warfare. Even more, this vibrant renaissance of branch-based contemplation will produce new knowledge and better harmonize subculture differences as ideas are exchanged.
As cyber-thinking evolves, a form of subculture determinism will independently square branch notions of warfare against the ambiguity of cyber. By decentralizing the thinking, human trust is engaged, and Soldiers will become more willing to develop and implement change. This form of decentralized branch adaptation is critical because when innovation does not align with distinctive subcultures or concepts for warfare, innovation is resisted. Every branch, Infantry, Armor, Aviation, Logistics, Special Forces, et al., must do its own thinking, develop its own concepts and project its own unique missions in cyber, to fully operationalize the space.
Harness the collective power of Soldier-branch identity. Every Soldier in the U.S. Army is categorized by his or her branch, and every branch conveys a sense of identity to the individual Soldier. While power-distance plays a role in the degree of attachment a Soldier has for his or her assigned branch, branches still convey significant meaning for how Soldiers define their identities. This "identity imperative," is a natural occurring component of the U.S. Army and an innate element to all professions.
Instead of de-emphasizing its occurrence, the U.S. Army should leverage identity imperative's collective power by igniting branch cyber-initiatives to kindle pride and encouraging every branch to take ownership of cyber-problems. All branches must use cyber to amplify core aspects of their identities and use it to increase organizational strengths while mitigating their weaknesses. By taking ownership, the collective power of Soldier identity is engaged and decreases any institutional compulsion of foisting cyber-thinking on closed-circuit organizations.
Increase concept collaboration. Humans are natural designers and "have a surprising and infinitely expandable ability to create stories, forms and concepts."
This innate human ability to design can be improved by focusing on three crucial processes: improving concept expandability, designing new learning devices and looking for new forms of social interaction.
Luckily, the U.S. Army can accelerate concept generation by engaging all three processes. Specifically, it can offer new forums to test concept expandability, it can decentralize authorities for branches to proto-type and build cyber-garages, and the U.S. Army can prompt new forms of interaction by fueling something known as the "Medici Effect."
The Medici Effect is a phenomena of innovation that occurs at the intersection of multiple fields, disciplines and cultures, by combining existing concepts to create extraordinary new ideas. As the U.S. Army develops new concepts, it can then remix the technology it already has to innovate even better ones. This is because most innovative new technologies are simply combinations of earlier primitive technologies that have been rearranged and remixed, thus only need the seed of a new idea to conceive new tech-births.
Conclusion
The indispensable means to operationalize cyber is to humanize the design. Simply wedging Soldiers into a contrived war-fighting domain is not enough. Instead, we must recognize human centrality to conceive better designs.
To do this, we must think less linearly and stop forcing military notions into an inherently non-military space.
We must accelerate the cycle of learning and sharing, build enterprise trust and push cyber to the heart of Soldier identity--themselves as individuals and themselves as an organizational branch. This iterative process requires every Soldier to internalize cyber and every branch to adapt cyber to its own distinctive culture, missions and needs. For the U.S. Army to operationalize cyber, it must maximize the autonomy of individuals, while amplifying the power of branches.
In the end, to paraphrase Herbert Simon, the proper study of cyber, is the human in the design.
Social Sharing