2025-04-05

Cyber and Electromagnetic Activities (CEMA) in All-Domain Battlespace

 ‘In fact, future conflicts will not be won simply by using the electromagnetic spectrum and cyberspace; they will be won within the electromagnetic spectrum and cyberspace.’ 2013 Adm Greenert, Chief of Naval Operations, USN

What are Cyber and Electromagnetic Activities (CEMA)?

Contemporary adversaries aim to integrate lines of operations across information, cyber, electromagnetic, and kinetic domains, as illustrated in Figure 1. They take advantage of the digitalisation of the information realm, which opens avenues to cognitive and social realms. It becomes more cost-efficient to attack through the cyber domain, launch terrorising strikes, and create confusion and fear in these realms. (Clarke & Knake, 2020) 

Besides the expanding cyber environment, the demand for mobility and dispersion in the battlefield multiplies the need for transceivers and wireless communication. Naturally, this increases targets for electronic attacks; for example, suppressing the GPS signal will increase the circular error probability. Moreover, battlespace transceivers open new venues to breach logically isolated cyber domains. (Álvarez, 2025) 

Kinetic line of operation may use the electromagnetic and cyber realms to multiply the systems effect, e.g., an adversary may destroy a central control hub with gliding air-to-ground payload and simultaneously overload defender sensors with fake targets while suppressing means of communications. The combined course of action (CoA) will suppress the surveillance system, prevent its repair, and make the adversary lose trust in any similar C5ISTAR  support system during that conflict. 

Figure 1: A View to Evolving Realms of Military Force Projection

Cyber and Electromagnetic Activities (CEMA) are coordinated offensive or defensive courses of action that either improve BLUE’s freedom of movement and survivability or degrade RED’s electromagnetic and cyber environment use. Since CEMA predominantly comprises hardware nodes, transceivers that utilise electromagnetic propagation, and software-defined features that define the cyber environment, it offers more advantages as the forces of digitalization and mobility intensify. Hence, the Western type of military force is more vulnerable to CEMA effects than a 2nd generation industrial force optimised for attrition, or loosely controlled insurgent teams optimised to terrorise the local population. On the other hand, when any force adapts dual-use consumer electronics, it opens possibly unrecognised vulnerabilities for CEMA attacks. The fast evolutionary pace of dual-use electronics during the Russia-Ukrainian war proves this. Russia is enhancing its electronic warfare (EW) and sensor development and updating its existing equipment to counter Ukraine's rapidly evolving capabilities (Bronk, 2025).

Militaries are globally gaining interest either during their digital transformations or creating asymmetric but systems-effectors against more digitised adversaries. Nations that are wielding information war against their adversaries are particularly interested in these emerging technologies and innovative courses of action. 

What is the CEMA Environment as a Battlespace? 

The Cyber and Electromagnetic environment continues to expand within military forces as they modernise and digitise their platforms, connecting them to a military system of systems-based (SoS) capabilities. (Dahmann, 2012) These systems of systems extend cyberspace and utilise the electromagnetic environment to support military affairs. The defenders' interest is to protect the BLUE system of systems and prevent the systemic effects (Beagle, 2001) of the Attackers (RED) that may suppress essential BLUE capabilities, as illustrated in Figure 2.

Military System of systems

The US Defense Acquisition Guidebook defines a System of Systems as “a set or arrangement of systems that results when independent and useful systems are integrated into a larger system that delivers unique capabilities.” Typical SoS include Joint Fires, integrating effectors and platforms in the air, ground, and sea; Joint C5ISTAR, integrating Command and Control with Cyber Defence, Surveillance sensors, and Intelligence systems; and Combined Air Defence, integrating space air, sea, and ground-based air defence platforms for joint engagement zones. 

A model for a system of systems may be illustrated, as in Figure 2, with a layered structure of Physical platforms or facilities and auxiliary systems that host hardware capacities for processing and transmission; Electromagnetic performance that transfers effective radiated power (ERP) to propagate in an electromagnetic environment (EME); Logical software and data-defined features and flows that enable processes for military affairs. The technical illustration may scale towards socio-technical SoS with users and administrators. (Mattila, 2023) Furthermore, it may extend to enterprise-wide system networks that support the main military functions of Operate, Generate and Support. (DANSE, 2025) These systems of systems open new domains and attack vectors for adversaries to penetrate, exploit, and suppress defenders' capabilities through the means and ways of cyber and electromagnetic warfare. 

Cyber warfare can be thought of as techniques to create effects or gain intelligence on hostile systems through the medium of digital code. (Bronk, 2025 ) Electronic warfare can be thought of as techniques to create effects or gain intelligence on hostile systems through the medium of electromagnetic energy pulses. (Bronk, 2025 )

Cyberspace within SoS

Militaries are embracing the 4th Industrial Revolution and its key enabler: software-defined cyber-physical products, enabling faster decision-making and manoeuvring. (McNamara, Modigliani, & Nurkin, 2025) The software-defined military systems promise advantages such as:
  1. Modernising legacy platforms with cutting-edge technology-enabled features, like anti-missile and anti-drone defence.
  2. Building future software and artificial intelligence-driven autonomous forces with an iterative approach, such as swarming effectors and loitering sensors.
  3. Delivering time and cost efficiencies in administrative and operational processes, such as continuous software integration and AI agents capable of learning multiple tasks. (McNamara, Modigliani, & Nurkin, 2025)
As software-defined features take over from mechanical functions, the amount of software code explodes. Unfortunately, the industry average for coding errors remains 15-50 defects per 1000 lines of code, and at best, the quality may reach 0.1 defects per 1000 lines. (McDonnell, 2004) The exponential rise of software code in armament, the integration of system-of-systems, and big data together increase the area of vulnerability within the technical layer of SoS. 
  • Example: More than 30,000 public and private organisations were exposed to the SolarWinds hack between 2019 and 2020. Apparently, a Russian agent was able to inject malicious code into SolarWinds Orion management software. When customers updated their management software, the malevolent code created backdoors for hackers to access data. (Oladimeiji & Kerner, 2023) 
On the other hand, the evolving digital transformation of the Armed Forces requires competent military personnel to manage and use software-defined features and processes. Otherwise, the increasing number of people interfacing with machines will provide lucrative avenues of attack. (Entrust Network, 2022)
  • Example: The Russian Ministry of Internal Affairs is advising residents and soldiers in areas near or within Ukrainian Forces not to use online social media, dating apps, geotagging, geolocational links, or unsecured messaging applications. (Linder, 2024)
Software-defined and data-driven cyberspace is both more vulnerable but also provides strategic advantages for the military. Hence, Information technology security, Cybersecurity, and Cyber defence operations are more critical as the military's digital transformation advances. (Whyte & Mazanex, 2023)
  • Example: Outdated technologies in enclaves expose the military to strategic vulnerability. An unpatched operation system in a fleet of main battle tanks may become a lucrative way to suppress the entire armoured capability. (Military Dispatches, 2024) 

Electromagnetic environment within SoS

Cyberspace relies on an electromagnetic environment (EME) as part of the physical layer performance and protection. The EME extends cyberspace through the air via propagation, ensuring information flow, surveillance, and precision targeting, among other things. Unfortunately, the EME also exposes cyberspace to bit errors, interference, interception, and jamming. (Adamy, 2015)

Propagation in EME depends mainly on frequency, effective radiated power (ERP), antenna radiation patterns, atmospheric attenuation, and diffusion caused by elements along the propagation paths. This means that a significant concern in EME is the distance between the transmitter and receiver/reflector. Hence, both ES and EA sensors and effectors need to be networked to select optimally located EW sites for intercepting or jamming. (Clark, Walton, Tourangeau, & Tourangeau, 2021) Any EW system, therefore, has cyberspace and needs to be protected against adversary electromagnetic and cyber effects.
  • Example: Ukrainian forces are combining electronic attacks, attack drones, and advancing infantry to penetrate behind Russian lines and create confusion. First, the Russian surveillance drones are jammed; then, attacking drones hit both aerial and ground targets; and finally, infantry can advance and take over crucial points on the ground. (Álvarez, 2025)
As the vulnerability of any radiating site increases, the need is to distribute, for example, surveillance radars and create low-size, weight, and power (SWaP) radar networks (Knight, 2025). While improving systems resilience, the distributed architecture also provides more comprehensive coverage, especially in complex terrains. With the distributed and more disposable radar structure, the cognitive electronic warfare (CEW) attributes will enhance both offensive and defensive capabilities. (Vernhes, 2025)
  • Example: Artificial intelligence-driven electronic protection (EP) can adapt in real-time to conventional radar configuration and avoid detection. (Knight, 2025)
Combined cyber and electromagnetic domain from a C5ISTAR system of systems viewpoint
Figure 2 presents a technical figure of the CEMA environment. It is a snapshot from the viewpoint of a Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, Target Acquisition, and Reconnaissance system of systems, illustrating both vulnerabilities to attacks and defensive measures. Cyberspace can be used to attack transceivers and create a systemic disruption in communications services.
  • Example: Russians used a strain of wiper malware, ‘AcidRain’, to remotely erase vulnerable modems and routers of the Viasat service, disrupting Ukrainian access to broadband space communications for up to a week. (CyberPeace Institute, 2022)
Electromagnetic attacks can be used to jam wireless transceivers and cause denial-of-service effects in cyberspace.
  • Example: Russians are reportedly jamming GPS and other satellite-based navigation systems in the vicinity of the Baltic Sea as part of their hybrid operation to create fear of flying by degrading flight safety. (Waterman, 2024)
Cyberspace data flows can be captured by intercepting the GSM signal with a software-defined transceiver and analysing the data flow of ongoing sessions. (Louwers, 2024) By rerouting GSM traffic through compromised switches and exchanges, adversaries can capture mobile data flows.
  • Example: The Russian FSB operates communications interception devices (SORM) in telecommunications exchanges to collect and analyse traffic. (Soldatov, 2014)
A hacker can take over a router in cyberspace by accessing it through a wireless interface, exploiting outdated firmware, and using the hijacked router as part of a Denial-of-Service (DoS) botnet, distorting routing protocols or capturing IP packets. (Rau, 2023)
  • Example: Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street. (Greenberg, 2024)

Figure 2: A View of the CEMA Environment in Typical Forces Confrontation

CEMA in an Operational Context

Since the CEMA domain overlaps cognitive and physical realms and covers most of the information realm, as illustrated in Figure 1, it is an avenue to support both kinetic and information operations. Both Electronic and cyber-attacks can contribute to kinetic fires for joint systemic effect, as presented in Figure 3. The Russian Fancy Bear hacker group successfully infiltrated a Ukrainian artillery application used to control fires. Through the breach of 2014-2016, Russian artillery was able to locate both fire controllers and weapon sites on the Ukrainian side and destroy them more efficiently. (Crowdstrike, 2016) 

Moreover, information operations benefit from Cyber or Electronic attacks that suppress official media sites or utilise hijacked cyberspace elements to disseminate influence messages. (Microsoft, 2023)  Within the information realm, CEMA operations can also be employed independently as a covert arm, operating below the conventional threshold of war or providing an asymmetric advantage (Russian Defense Policy, 2017) against modern forces. Russia has also used CEMA as part of a broader hybrid campaign to create terror, break the trust between population and government, and manipulate polarisation within a population. (NATO, 2024)

Since CEMA primarily focuses on the synchronisation and coordination of cyber and electromagnetic activities, the components and their combination in support of operations are more critical in various contexts. (UK MoD, 2018) The Electronic Warfare components are Electronic Attack, Electronic Support, and Electronic Protection, as shown in Figure 3. 
  • Electronic Attack (EA) broadly refers to the use of electromagnetic energy to degrade the performance of hostile systems for offensive purposes. It may contribute to kinetic, information, and CEMA operations independently.
  • Electronic Support (ES or ESM) encompasses the exploitation of passively collected electromagnetic emissions to identify, track and possibly even target hostile systems. It supports EA, EP and Network operations directly and provides essential awareness for force protection.
  • Electronic Protection (EP or ECM) involves the use of electromagnetic energy by a platform to defend itself against enemy attacks, typically by degrading the signals received by enemy fire control radars, datalink connections, or missile seekers. (Bronk, 2025 ) EP support is used directly in kinetic operations security and survivability but also contributes to Network operations and EA.
Cyberspace actions are network operations, cybersecurity, cyber defence, and cyber-attack. 
  • Network operations (NO, NOC) encompass actions taken to design, build, configure, secure, operate, maintain, and sustain the C5ISTAR system of systems in a manner that ensures and preserves data availability, integrity, confidentiality, as well as user and entity authentication and non-repudiation. (Senft, 2016) Network operations contribute directly to Cyber defence operations, but they also enable all military activities that use digital information. NO requires cybersecurity operations and other security measures to provide C5ISTAR support services.
  • Cyber defence operations (CDO) utilise both passive and active cyberspace capabilities to protect data, networks, net-centric capabilities, and other designated C5ISTAR system of systems. (FM 3-21, 2021) CDO supports Information, CEMA and kinetic operations, ensuring the survivability of C5ISTAR services.
  • Cyberattack operations (CAO) are conducted in cyberspace aiming to create noticeable destructive effects (i.e., degradation, disruption, or destruction) in cyberspace or manipulation that leads to denial-of-service impacts in physical domains. (JP 3-12, 2018) CAO supports Information, CEMA, and kinetic operations, opening options for achieving systemic effects in an adversary's system of systems.
Figure 3: A view of CEMA and its components relationship and architectural ontology

Understanding the interrelationships and dependencies of the CEMA in Figure 3 is crucial for effective operational planning and execution, given its complex nature. One instance of negligence renders the entire C5ISTAR system vulnerable to attacks. Naturally, this also applies to adversaries; hence, the coordinated CEMA's offensive activities, whether by themselves or in support of other operations, may yield surprising victories.

How does the CEMA Contribute to and Integrate with Operational and Tactical-level Operations?

The CEMA concept in Figure 4 provides a view of CEMA support to joint operational and component tactical levels of projecting military power. (Plott & Keller, 2020) Joint operations, in this case, assume an all-domain setup, where CEMA is one of the lines of operation (LoOs), in addition to the legacy lines of space, air, ground, and sea. Hence, the joint CEMA may deploy Cyber and Electronic attack effects independently from the other domains and create an alternative line of operation. The CEMA LoO requires specific operational planning, with an understanding of the environment and system of systems engineering (SOSE) of both blue and red systems, in order to contribute to joint operations planning. The execution of CEMA operations requires the orchestration of multiple activities in coordination with the execution of joint operations. Naturally, the CEMA offensive operations planning is facilitated by the Joint Operations Command (JointOpsCmd) and executed according to Operation Orders. 

The Joint CEMA Centre (JCEMA), with particular SOSE competencies, is responsible for supporting the Joint Operations Command with joint CEMA planning and the execution of joint CEMA offensive operations. This requires close cooperation with the Staff that plans and executes the Joint Operations. Hence, the JCEMA usually resides within the Joint Staff and contributes to intelligence, planning, information operations execution, kinetic targeting and logistics processes. JCEMA also collects joint-level situational information and contributes to the Joint Operation Picture.

Joint CEMA effectors, such as Joint Cyber Attack (JCA) and Joint Electronic Attack (JEA) units, are under the command of the Joint Operations Command.  The JCEMA controls them, while the Forces run platforms. CEMA-related sensors and effectors are integrated into the C5ISTAR support system, enabling seamless data flows and the dissemination of CEMA knowledge.

Defensive Joint CEMA activities may be planned and coordinated in J3 and J6 of the Joint Operations Command.


Figure 4: A Simplified Concept of CEMA Operations

At the tactical level, the CEMA centre (CEMAC) that supports each Component is usually close to the Component Command Staff for tactical planning and mission execution. A Component Command may have CEMA sensors and effectors assigned to it by the Joint Operations Command, or they are integral parts of units under operational control or in support. CEMA's offensive activities primarily support tactical-level fires, while defensive activities contribute mainly to force protection, operations security, and network operations.

The CEMA Centre focuses on supporting CEMA planning and coordinating offensive activities within the Component Staff. It also collects electronic threat information and maintains threat catalogues for electronic protection. Furthermore, the CEMA Centre collects CEMA-related situational information from all sensors and transceivers, contributing to the Component Recognised Picture.

The Network Operations Centre (NOC) and Cybersecurity Operations Centre (SOC) are typically part of the C5ISTAR service provider organisation, supporting both Joint operations and Component missions.  The NOC executes, for example, spectrum management operations, communications security, IT security and other ICT-related support, as illustrated in Figure 3, for operations and missions. The SOC conducts cyber surveillance and reconnaissance, monitors assigned cyberspace, detects breaches, and, in conjunction with the NOC, responds to and recovers from adversary cyber-attacks. 

Tactical-level CEMA units include, e.g., Cyber-attack teams (CA), Direction-Finding and Jamming platforms (EA), and EME sensors and transceivers (ES). They are assigned to Joint Operations Command and further delegated under the Component control. In addition to their platforms, all tactical-level CEMA units are connected to either the Joint or Component C5ISTAR support system to integrate with CEMA support, protection, or attack information flows.

Tactical-level CEMA defence aims to provide protected cyberspace and enable freedom of use of the Electromagnetic Environment.

Operational level concept of use

The Joint Operations Command (JointOpsCmd) plans an influence operation to effect the adversary public opinion of their government. INFOOPS requires contribution from kinetic and CEMA lines of operation. JCEMA is tasked with creating a Course of Action to take down adversary governmental sites and broadcasting, while INFOOPS would disseminate their message through troll factories and bought influencers. After analysing the adversary broadcasting systems and websites, the JCEMA assesses that jamming the TV signal transfer site in the capital and, at the same time, using a botnet for a distributed denial of service (DDoS) attack on the IP gateway that separates government intranet from the Internet would isolate the population from their government for about 24 hours.

Following the Commander of JointOpsCmd's decision, an influence operation is executed under joint coordination. JCEMA orchestrates the CEMA jamming from airborne platforms and DDoS attacks over the Internet, measures the impact, and keeps JointOpsCmd informed of the operation.

Tactical level concept of use

A: The Air Component Command (ACC) plans to target a strategic manufacturing site in adversary territory. The site is defended by a strong ground-based air defence (GBAD) that would prevent any successful air strike. The Air CEMAC is tasked with determining how it can support the future mission. After analysing the adversary's primary GBAD and secondary support systems, Air CEMAC identifies possible vulnerabilities in the power supply system for the manufacturing site. The electric grid has only one transfer station that feeds the site.

Air CEMAC drafts a mission order as part of the Air Tasking Order, and after the approval from the Commander of ACC, the mission execution is launched. The Air CEMAC coordinates parallel wiper attacks to suppress the grid control system and electromagnetic pulse attacks to burn auxiliary HVAC controllers. 

B: Cybersecurity Operation Centre (SOC) surveys and reconnoitres the Internet and adjacent Intranets within the Area of Interest for adversary activities. When detecting an imminent threat and analysing its potential impact in Blue Cyberspace, the SOC creates courses of defensive action in collaboration with the NOC. 

The NOC communicates CoAs either to the Component Commander or the Joint Commander, depending on the area of potential effect. After the decision, the SOC and NOC implement preventive actions, monitor the situation and prepare for recovery.

Conclusion

Cyber and Electromagnetic Activities do not integrate well in support of all campaigns and areas of operation. The more digitised and mobile the adversary, the more vulnerabilities and potential for systemic effects there are for CEMA's offensive activities, either independently or as a course of action in support of information or kinetic operations. The more network-enabled the Blue Force is, the more options the adversary has for asymmetric effects. Hence, the integrated CEMA defensive actions are necessary for Forces that aim to improve through digital transformations. Whereas, in other operational confrontations, the integration of cyber and electronic warfare means and ways do not necessarily achieve the intended ends. 

2025-02-28

Emerging Technologies that Will Enable the Next Digital Transformation Wave for Military Affairs

What are the Emerging Technologies, and Why the Military are Interested?

The military has evolved using emerging digital technologies in three waves (Kale, 2020): 

  1. Digitization transferred content from analogue to digital format and improved military administration and office work.
  2. Digitalisation introduced enterprise-wide systems, like Enterprise Resource Planning, which enabled human, financial, material, and facilities management or battle-space management systems for faster situational awareness.
  3. Digital transformation has enabled revolutions in military affairs, such as Network-Centric Warfare in the US Department of Defense and network-enabled Capability in the UK Ministry of Defence.  

Current waves of transformation enabled by emerging technologies are revolutionising industry (The Fourth Industrial Revolution), commerce (digital biology), facilities (smart homes, cities, and government), and the military (Combat Cloud).

This paper creates an enterprise architecture view of possible digital infrastructure that military affairs may benefit from while planning their second wave of digital transformation for further capabilities. Meanwhile, lethality in battlespace increases, dual-use technology creates tactical advantages, weapon and counter-weapon development takes place in days, arms races raise prizes of armament, and additional defence finances are complicated to gain.

A Systematic Perspective to a Military C5ISTAR Technology Stack Enabled by Emerging Technologies

For a systematic assessment of emerging technologies' impact on Military Affairs, this study divides the technology stack into infrastructure, data, systems, and business models aligned with common enterprise architectures. In this approach, digital modelling or digital twins are the points of interest because they are virtual representations that allow the modelling of the state of a physical entity or system. They are created by digitalising data collected from physical entities through sensors, so various predictions can be made by understanding the behaviour of the physical entity.  Virtualising and digitising the physical world seems a beneficial feature for Military Affairs because it enables the military to :
  1. Create digital models of physical phenomena, run accurate simulations, and gain foresight into possible future.
  2. Improve the man-machine interface with more immersive ways to interact with machines.
  3. Maintain the faster OODA loop at the tactical level with less delayed data transfer, optimised computing, and algorithm-accelerated sense-making.
  4. Bring machine interoperability from recognising the data to sharing the understanding.
The following gives a more detailed view of possible military C5ISTAR technology stack changes.

Infrastructure Layer (networking, transfer and processing)

In this case, the infrastructure layer includes networking, data transfer and processing functions, as illustrated in Figure 1. The wireless 5/6G evolution improves the access network from the edge to terminal capacity and connectivity and lowers the latency if cellular base stations are connected via a high-bandwidth terrestrial network. Non-terrestrial, air- and spaceborne base stations are available, improving accessibility and simplifying the integration. The terrestrial and non-terrestrial 5G base stations compose a three-point access network with standard transfer and networking functions.  This multi-domain connectivity will replace legacy tactical data links while improving the availability of access and roaming and extending the range over the horizon, features essential in the Joint All-Domain C2 (JADC2) concept promoted by David Deptula. 

Furthermore, with higher frequencies, the cell sizes are smaller, and the Effective Radiated Power (ERP) is less, which means that transceivers' low probability of detection and identification (LPI/LPD) improves. However, with lower frequencies, higher transceiver density, and smaller radiation patterns, deploying dual-use Radio Frequency Identification (RFID), the Internet of Things (IoT), and Operational Technology on the battlefield becomes feasible. 

 With 5/6 G enhanced wireless communications, the access network becomes more versatile than the legacy Local Area Network (LAN) topology. For example, command posts can be distributed across a wider area without losing seamless collaboration connectivity. Platforms become cell base stations, providing access points to Mobile Adhoc Networks (MANET) within and between platoons, squadrons, teams, and higher organisations. Expendable, swarming sensors and effectors can be connected to a larger tactical unit even in an electromagnetically contested environment. 

Furthermore, the new Open Radio Access Network (ORAN)  and all-encompassing Internet Protocol (IP) solve the current technical-level interoperability issues. They allow you to create virtual, sliced, or private military network domains parallel to other network users without creating congestion points or bottlenecks. 

The flexible network and transport layers support data flows that enable hybrid clouds and hybrid computing, which varies between different clouds, edges, and endpoints. Hybrid computing provides optimal data processing for a task, addressing anything between real-time, big data, or algorithm-crunching requirements.  

Data Layer

In Figure 1, the data layer is on top of the infrastructure layer. Enabling technologies may include Data flows with different Quality of Service (QoS), Data warehouses, Data Lakes, Lakehouses, Table formats, Business Intelligence, and Synthetic data.

These technologies may be implemented in three main categories of data architectures: Stove-piped, centralised, or data mesh. Stove-piped data architecture is a direct continuum from system-based data architecture. It enables the legacy of functional data owners who use proprietary data models and do not share data unless forced. Centralised data architecture breaks the stove-pipe boundaries and brings data to data warehouses, lakes or Lakehouses. A centralised approach establishes central data functions and provides development and Data as a Service (DaaS) to functions and Forces. However, the central entity may become an administrative bottleneck, isolating data from Forces. Conversely, data mesh prioritises domain-driven design while enabling the teams closest to big data sets to take control of meeting their data preparation and analytics needs. Data mesh enables the democratisation of data so that it’s available to everyone in an enterprise, regardless of their technical expertise, function, or organisation. Each Command of sense and decision-making becomes a citizen data scientist, an officer who can analyse data but doesn’t take on that task as their primary role.  Gartner recognises this with the estimation that by 2027, organisations faced with AI and data security requirements will standardise on policy-based access controls to unlock the value from more than 70% of their data.

Data Flow follows uplinks, and downlinks may become bottlenecks if flow management is not prioritised. Since the transfer layer enables Quality of Service prioritisation, military affairs may arrange vertical and horizontal data flows to provide real-time awareness and longitudinal big data for modelling and forecasting.

Data Warehouses are central data repositories integrated from disparate sources, namely operational systems. They enable straightforward business intelligence queries because the data is aligned, cleansed, and structured. 

A Data Lake is a system or repository of data stored in its natural/raw format. The repository may be a single data store but includes raw copies of source system data, sensor data, and social data in structured, semi-structured, or unstructured formats. Data from a data lake may be used for reporting, visualisation, advanced analytics, and teaching machine learning. 

A Data Lakehouse combines the flexibility of data lakes for working with raw and often unstructured or semistructured data with the reliability and performance of traditional data warehouses that store consolidated sets of structured data.  

A Data fabric is a data management design concept for attaining flexible, reusable and augmented data pipelines and services supporting various operational and analytics use cases. Data fabrics support a combination of different data integration styles and utilise active metadata, knowledge graphs, semantics and machine learning to augment data integration design and delivery.  

The Data Table Formats provide cross-platform compatibility, transaction support, and schema evolution. Developing the Data Lakehouse ecosystem requires open table formats like Apache Iceberg, Delta Lake, and Apache Hudi. Enabling schema evolution is essential for managing data structures over time while maintaining data integrity and backward compatibility. Data Schema management improves interoperability at the upper layers and facilitates establishing a smart machine system of systems.

Synthetic data is created by taking a database, creating an ML model for it, and generating a second set of data. The generated synthetic data has the same patterns and properties as actual data, but it’s not tied to any actual data identifiers. Synthetic data is generated fast, automatically tagged, and provides high-quality data regarding events that rarely happen in the real world, which is very applicable in military affairs. 

Available data in both arranged and raw formats enable a variety of data analytics:
  • Traditional analytics requires a team of IT analysts to comb through data, theorise potential insights, test those insights, and report on their findings.
  • ML-based models can continuously monitor data, pick out anomalies, and alert the appropriate teams in real time without human input. 
  • Business intelligence tools harness raw data to extract meaningful patterns and actionable insights.

Systems and Services Layer

The next layer enabled by the data layer is the systems and services layer in Figure 1. Emerging technologies opening new options for military affairs include human-machine interface (HMI), immersive technologies, spatial computing, metaverse, algorithms, energy-efficient computing, and classical and quantum computing.

The Human-Machine Interface will evolve using immersive-reality technologies based on the current industrial and office interfaces enabled by multitouch video technologies on tablets and smartphones. Human actors will experience real-time interactions in three-dimensional virtual worlds that eventually incorporate the physical world. The evolution runs from a fully computer-generated space in virtual reality (VR) to mixed reality (MR) and further towards augmented reality (AR), where computer-generated objects are superimposed on the real world.

Spatial computing maps indoor and outdoor physical spaces (including people and furniture). Then, the digital content is anchored within the physical world, enabling users to interact with it realistically. 

Furthermore, the metaverse interconnects digital spaces where users can interact, socialise, and create. Spatial computing ensures users' accurate positioning and synchronises their actions. The human-machine interface allows people to have lifelike personal and business experiences online.

Virtualisation and decentralisation of the processing layer enable the distribution of computing workloads across different sites, such as hyperscale remote data centres, regional centres, on-premises centres, and edge points. This ability to distribute workloads supports optimising latency, data transfer costs, adherence to data sovereignty regulations, autonomy over data, and security considerations.  Gartner recognises the trend as follows:
‘By 2025, Gartner predicts more than 50% of critical data will be created and processed outside the enterprise’s data centre and cloud.’ 
‘By 2027, approximately 5% of large enterprises will deploy a hyperscaler distributed cloud solution for edge computing workloads outside data centres.’

Edge computing involves processor-intensive, often repetitive, mission-critical data analytics within devices on the outer edge of a network. With supporting networking and data layers, edge computing enables more real-time intelligence and faster sense-making from tactical to operational levels. Furthermore, edge processing supports machine-to-machine cooperation within the Intranet of Military Things (IoMT)  sensors and actors.

The decentralising layer hosts a variety of algorithms, including AI, optimised to specific functions in support of the business layer. Gartner forecasts this in the business as follows:
‘By 2028, 50% of enterprise platforms will leverage specialised infrastructures to support AI infusion, a significant increase from less than 10% in 2023.’

Next-generation systems and services are developed with tools and technologies that enable modern code deployment pipelines and automated code generation, testing, refactoring, and translation. These can improve application quality and development processes.  The Gartner sees this emerging trend as follows:
‘By 2027, 80% of AI-generated SaaS applications will be up to 80% composite for efficiency of human-AI digital engineering.’ 
‘By 2026, 40% of development organisations will use the AI-based auto-remediation of unsecured code from application security testing (AST) vendors as a default, up from less than 5% in 2023.’

Digital Business Modelling Layer

The last layer enabled by the technology layers is the digital business layer in Figure 1. The next-generation technology layers enable features like digital twin, artificial intelligence-based image recognition, optimisation, expert functions, robotic process automation (RPA), AI agents, autonomic systems, synthetic media, ambient, invisible intelligence, polyfunctional robots, and data-driven military.

A digital twin is a virtual representation of an object or system designed to reflect a physical object accurately. It is built on big data, spans the object's lifecycle, is updated from real-time data, and uses simulation, machine learning, and reasoning to help make decisions. Military Affairs may benefit from digital twin features in the maintenance and repair of platforms, developing system of systems, capability life-cycle management, force generation, and strategic modelling. 

Applied AI technologies use models trained through machine learning to solve classification, prediction, and control problems, automate activities, add or augment capabilities and offerings, and improve decision-making.  These features may benefit military affairs, for example, in financial optimisation, personnel promotion, facilities management, supply chain management, and learning management.

Robotic Process Automation and AI Agents refer to a system or program capable of autonomously performing tasks on behalf of a user or another system by designing its workflow and utilising available tools. Beyond natural language processing, AI agents can encompass various functionalities in military affairs, including decision-making within processes, problem-solving in real-time situations, interacting with external environments, and executing actions. The Gartner foresees emerging features in business as follows:
‘By 2027, GenAI tools will be used to explain legacy business applications and create appropriate replacements, reducing modernisation costs by 70%.’
‘By 2027, more than 40% of digital workplace operational activities will be performed using management tools enhanced by GenAI, dramatically reducing the labour required.’
‘By 2028, 60% of IT services will be powered by the trifecta of GenAI, hyper-automation and metaverse, radically changing the services buyer landscape.’

Data-driven military affairs may witness changes among supporting entities like Intelligence, Military Survey, Logistics, and Operation Centres that provide continuously improved data products to their supported entities. Secondly, the data-driven approach may change military supply chain management as products and support become more cyber-physical, and data outside the military will become more valuable assets with emerging commercial space and cyber operators. Thirdly, the military may be able to execute so-called ‘information-driven operations. The defence organisation should not only be capable of obtaining an authoritative information position (or information dominance), but it must also use information as a ‘weapon’, i.e. as a means or instrument of influence.  Fourthly, the quantitatively thinking commanders may be able to mitigate the analysis paralysis usual with current risk-avoiding sense-making supported with less machine-based analysis. 

Altogether, the digitalisation illustrated in Figure 1 supports the Fourth Industrial Revolution (4IR) and provides potential for Military Affairs to benefit from. The second wave of military digital transformation may create strategic advantages for the Operate, Generate, and Support functions. The UK Army’s digital transformation program, THEIA, has three headline outputs: out-compete the adversary, partner better and integrate with partners, and improve efficiency.   The US Army aims to improve and leverage innovative and transformative technologies: modernisation and readiness, optimised digital investments, and a technically savvy, operationally effective digital workforce.  NATO is talking about using these “emerging and disruptive technologies efficiently.” NATO could improve its operations with military, industry, and civilian partners in every warfighting domain, including sea, land, air, space, and cyber operations. 



Figure 1: An illustration of a possible technology stack on top of more efficient communications


2025-02-26

Why 5/6G Will Accelerate the Digital Evolution of Military Affairs?

 What is 5/6G Wireless, and Why the Military are Interested?

Civilian wireless technology has been advancing steadily through generations of cellular communications, from GSM to 5G, and is now waiting for 6G to be deployed. This evolution of wireless communication has enabled online commerce and social media, almost killing radio and TV, smart cities, smarter governments, etc.  The military has been applying new ways of person-to-person communication, seeking information, and doing everyday business. Sometimes, this application has followed the development of Military Affairs, and sometimes, new services have replaced military proprietary services. Many militaries assess smartphones and 5G connections as Operational Security issues rather than enablers in the Area of Operation.

Nevertheless, ISIS used commercial telephony and personal computing as the foundation for their Command and Control support. National Security Agencies' separate TETRA and P25 systems are being replaced with virtual and sliced push-to-talk services on top of 4 and 5G. Furthermore, 5G waveforms are replacing manufacturers’ proprietary to improve connectivity and interoperability at the tactical level. The dual use of 5G technology is gaining traction within Military Affairs.

Current Military Approaches to Benefit from 5G Technology

Table 1 shows that the Military is not merely a spectator of emerging technologies but actively applies them to military affairs. The intentions vary from enjoying faster wireless bandwidth to integrating sensor-commander-effector-loops on the battlefield. 

Table 1: Samples of Military Initiatives and Approaches to benefit from 5G technologies



What else may the 5/6G technologies offer the military besides faster wireless connectivity? Let’s have a systematic view of possible benefits.

5/6G Changes the Infrastructure Layer (networking, transfer and processing)

In this case, the infrastructure layer includes networking, data transfer and processing functions, as illustrated in Figure 1. The wireless 5/6G evolution improves the access network from the edge to terminal capacity and connectivity and lowers the latency if cellular base stations are connected via a high-bandwidth terrestrial network. Non-terrestrial, air- and spaceborne base stations are available to improve accessibility and simplify the integration. The terrestrial and non-terrestrial 5G base stations compose a three-point access network with standard transfer and networking functions.  This multi-domain connectivity will replace legacy tactical data links while improving the availability of access and roaming and extending the range over the horizon, features essential in the Joint All-Domain C2 (JADC2) concept promoted by David Deptula.  

Furthermore, with higher frequencies, the cell sizes are smaller, and the Effective Radiated Power (ERP) is less, which means that transceivers' low probability of detection and identification (LPI/LPD) improves.  However, with lower frequencies, higher transceiver density, and smaller radiation patterns, deploying dual-use Radio Frequency Identification (RFID), the Internet of Things (IoT), and Operational Technology on the battlefield becomes feasible. 
 
With 5/6 G enhanced wireless communications, the access network becomes more versatile than the legacy Local Area Network (LAN) topology. For example, command posts can be distributed across a wider area without losing seamless collaboration connectivity. Platforms become cell base stations, providing access points to Mobile Adhoc Networks (MANET) within and between platoons, squadrons, teams, and higher organisations. Expendable, swarming sensors and effectors can be connected to a larger tactical unit even in an electromagnetically contested environment. 

Furthermore, the new Open Radio Access Network (ORAN)  and all-encompassing Internet Protocol (IP) solve the current technical-level interoperability issues. They allow you to create virtual, sliced, or private military network domains parallel to other network users without creating congestion points or bottlenecks. 

The flexible network and transport layers support data flows that enable hybrid clouds and hybrid computing, which varies between different clouds, edges, and endpoints. Hybrid computing provides optimal data processing for a task, addressing anything between real-time, big data, or algorithm-crunching requirements. 


Figure 1: An illustration of a possible technology stack on top of more efficient communications

References:

  1. https://5gstore.com/blog/2024/12/05/6g-vs-5g-compare-and-explore/
  2. https://www.esa.int/Applications/Connectivity_and_Secure_Communications/World-first_direct_5G_connection_to_low_Earth_orbit_satellite_opens_new_era_for_mobile_coverage
  3. https://www.islandecho.co.uk/advanced-5g-connectivity-system-tested-rigorously-on-britten-norman-islander-aircraft/
  4. https://governmenttechnologyinsider.com/soaring-to-new-heights-with-airborne-to-ground-4g-5g-communications-and-enhanced-wireless-connectivity-part-1/
  5. https://theairpowerjournal.com/battle-command-architecture-all-domain-operations/
  6. https://www.baesystems.com/en/blog/electronic-warfare---the-invisible-battlespace
  7. https://www.mwrf.com/markets/defense/article/55136984/blu-wireless-the-digital-battlefield-transforming-military-operations-through-data-and-connectivity
  8. https://www.dni.gov/index.php/gt2040-home/gt2040-deeper-looks/future-of-the-battlefield
  9. https://www.nokia.com/networks/radio-access-networks/open-ran/open-ran-explained/
  10. https://www.ericsson.com/en/network-slicing
  11. https://en.wikipedia.org/wiki/OSI_model
  12. https://cloud.google.com/learn/what-is-hybrid-cloud
  13. https://www.gartner.com/en/documents/5850147

2024-12-28

Cyber Defence is More than Cybersecurity - At least from a Military Viewpoint

 Intro

In the model for state-level actions within the cyber environment in scenarios from confrontation to conflict, the military recognises techniques, tactics, operations and strategies, which all execute the political interests as I described in the 2022 paper published in Military University of Portugal in Figure 1. As with other legacy domains, the tactical, operational, and strategic levels are also feasible in the cyber domain, which is gradually taking over the information sphere in the military impact structure. Adversaries (RED) currently use the cyber domain to impact the physical sphere by combining kinetic and cyber strikes to target the defenders' (BLUE) physical systems. Simultaneously, RED uses kinetic and cyber strikes to create fear and confusion in BLUE's cognitive and social spheres. So, with the introduction of the cyber environment, the military faces a more complex theatre than the traditional physical sphere where space, air, land and maritime operations take place. 

Unfortunately, information security promotes only some controls and procedures (e.g., ISO 27 000 or NIST 800 series), and cybersecurity provides some processes or management models (e.g., NIST Cybersecurity Framework, ITIL, COBIT, ISO 38500). These leave the military short at higher levels of confrontation. Therefore, the paper aims to define cybersecurity at military tactical, operational and strategic levels and provides some examples in cyber defence.

Figure 1: A Model for State Cyber Power

Tactical-level Cyber Defence

Model: Military tactics encompass "the art of organising and employing fighting forces on or near the battlefield."   When this is applied in defence of the cyber environment, it may include establishing a doctrine that would nullify the adversary's most probable attack tactics (IT- architecture), preparation of the area of operation (artificial cyberspace), digging the defensive positions (defence-in-depth) and defining the areas of fire (sandboxes, honey pots), setting the tripwires and reconnaissance (vulnerability hunting, monitoring and threat intelligence), preparing the alternative positions (continuation and recovery) and exercise the fire and position changes drill in day and night (incident, problem, change management and red teams).

Principles for cyber defence tactics may include the following:

  • Construct BLUE domain defence against RED attack vectors (e.g., MITRE Att@ck) based on the posture of information security
  • Prepare the BLUE domain using the dimensions of depth in Figure 2
  • Establish kill zones with honey pots and abilities to create sandboxes within the domain
  • Stabilise BLUE baseline of protocols and behavioural patterns to improve the probability of detecting anomalies
  • Establish 24/7 monitoring, use AI to enhance pattern recognition and automate some of the basic response actions
  • Establish security at least at emission, transmission, communications and session levels in the OSI structure
  • Test the domain integrity continuously with penetration testing, black box testing, and vulnerability hunting
  • Configure the recovery of processing, storage and data to meet the operational availability requirements
  • Exercise BLUE detection, response and recovery with red teaming in live domains.

Examples:

BLUE cyber defence observes the following incidents on their monitors: 

  • SIEM in SOC is not receiving log data from several servers, firewalls, IDS, switches and routers.
  • The network management system in NOC indicates that it has lost connection to several servers, switches and routers.
  • The physical security monitor has lost all video and sensor feeds from Data Center A.

BLUE defenders may take the following actions:

  • Confirm the possible loss of an entire Data Centre from other sources 
  • Assess the gravity of the situation and draft Courses of Action (CoA) for remedy and communicate them to Operation Control 
  • Monitor the process of automated recovery of data and services and launch possible manual remedies 
  • Get recovery priorities and decide on CoA from Operation Control 
  • Launch required additional remedies to recover and restore data and services based on agreed CoA and priorities.  
  • Inform Operation Control and end users of the recovery progress.

BLUE threat intelligence receives information that a software development vendor has been breached and their latest application update may be compromised. The BLUE cyber defence may resolve the situation with the following options:

  • Network Operation Centre (NOC) isolates systems running the possibly compromised application 
  • Cybersecurity Operation Centre (SOC) sandboxes the infected area and investigates the situation 
  • IT security patches the software if the vendor has fixes available 
  • SOC deploys additional security controls and focus monitoring to prevent exploitation 
  • SOC detects a variation in standard behavioural patterns in one site running the possible compromised application. NOC kills the ill-behaving computing process that normalises the situation. 
  • SOC observes the malevolent behaviour in the honey bot and checks how automated sandboxing prevents the malware's spread.

Figure 2: An example of a tactical-level view of Cyber Defence 

Operational-level Cyber Defence

Operational represents the level of command that connects the details of tactics with the strategy goals. Operational art may be based on Sun Tsu (know yourself and your enemy) and Clausewitz (Center of Gravity) models. BLUE recognises their power sources and considers them possible Centres of Gravity (CoG) for the RED. Each CoG needs to be assessed from the RED viewpoint, considering different Lines of Operation (LoO) for effecting the CoG and variation of Courses of Action (CoA) needed to achieve the impact in the most beneficial CoG. From all the feasible CoA variations, BLUE estimates the most probable to be considered from the RED viewpoint based on their doctrine, previous behaviour and available resources in a given situation. 

Principles for operational-level cyber defence may include:

  • Recognising tempting CoGs in the BLUE system of systems: essential operations, critical data assets, critical sites as single points of failure, critical services that are not replaceable, critical gateways that will prevent information flows or suppresses systems that cyberspace is dependent (e.g., telecommunications, power distribution, cooling, fuel distribution, garbage collection)
  • Innovating potential lines of operation to access the beneficial CoGs through humans, kinetic ways, cyber-attack vectors, supply chains, dependencies, and peripherals.
  • Assessing each Center of Gravity against potential Line of Operation and trying to optimise available RED resources, cost of attack and benefit of the impact.
  • Varying vulnerabilities, costs of attack, and possible benefits in different scenarios will provide probable courses of action available to the RED.
  • Wargame scenarios to find the most probable CoAs RED would probably be executing a given situation.
  • BLUE deploys different tactics to defend the potential CoGs and finds ways and means to prevent or nullify the RED CoAs until only the most probable remain. BLUE considers active and passive means and ways to address most RED CoAs. 
  • Then BLUE arranges the critical assets' concealment, mock-ups, and hardening. Along the most probable attack vectors, BLUE sets digital sandboxes and honey pots together with physical engagement zones and counter agents. 
  • BLUE establishes reconnaissance, anomaly pattern recognition, movement detectors, and thresholds to detect RED manoeuvre in physical, cyber, and information spheres.

Examples:

BLUE cyber intelligence indicates that RED has created a new hybrid attack vector to suppress 911 telephony service within a region or nation. The situation where people do not get help from 911 may create fear, terror, and panic, mainly when a large number of people gather for an occasion. BLUE operational planning may come up with the following preparations:

  • prepare information distribution through broadcasts, flyers and messengers to ensure correct information and diminish rumours 
  • prepare to switch from 911 SS7 signalling to other signalling options 
  • prepare parallel ways to communicate and receive help like mobile apps, social media or portals 
  • post a soldier with a radio at each crossroad and deploy more police patrols and ambulances on the streets.

BLUE information exchange and cooperation between government agencies are harassed by continuous spear-phishing through the Internet email system. After some dignitaries become victims of phishing and get their data wiped, users are afraid to open any attachments, even from known senders and are quickly losing their trust in the email system. BLUE Cyber Defence Operation planning may come up with the following means to mitigate the quickly escalating situation:

  • Lessen the probability of opening malevolent attachments by encrypting all official emails and attached files. Only encrypted emails are safe.
  • Replace email with a cloud-based digital workspace and establish users' access to this service through encrypted sessions.
  • Bypass the Internet-based information exchange by extending and sharing existing intranet services between government agencies.

RED information operation trolls are spreading disinformation through common social media platforms, and malevolent bots are emphasising the flow of disinformation. BLUE Cyber Defence Operation planning may come up with the following means in support of BLUE Information Operations:

  • Request social media platforms to terminate trolling accounts
  • Request telecommunication operators to shut down connections to bots
  • Plan and launch a distributed denial of service (DDOS) attack to suppress the troll factories connection to the Internet
  • Plan and launch a cyber-attack to turn off the troll factories' power distribution
  • Plan and launch joint fires to eliminate trolls and bot nodes.

Figure 3: An example of an operational-level view of Cyber Defence 

Strategic-level Cyber Defence

Military strategy is "the art of distributing and applying military means to fulfil the ends of policy"  Policy in this context usually refers to national-level security strategy, which defines the main threat scenarios against the state, its sovereignty, and interests. The model for strategic thinking in a cyber environment is based on a technological approach among the five dimensions of military strategy defined by Atkeson . The technological approach to strategy assesses the technical innovation and ability to render obsolete adversary effectors. In a conflict of system of systems, the strategic advantage can be achieved in three ways:

  1. The adversary achieves a strategic surprise by launching a strike at an unexpected time or place from the Defender's viewpoint. Unforeseen situations may occur when conflicting parties assess risks differently, the other side sees an opportunity for a knockout with the first strike, or the Defender's decision-making process fails. 
  2. Systemic effects are "those indirect effects aimed at affecting or disrupting the operation of a specific system or set of systems".  In a cyber environment, the indirect effects may impact power distribution, shutting down electricity, which takes down the telecommunications networks and suppresses all digital communication and processing.
  3. Strategic advantage may be achieved through technological innovation and deployment of capabilities multiplied by emerging technologies, providing strategic dominance over the other party.  The USA and China compete for strategic dominance, seeking advantages from artificial intelligence, big data, quantum computing, and integrated circuit manufacturing. 

Principles of strategic level cyber defence may include:

  • An attacker has an advantage in their cyber environment and freedom of manoeuvre on the Internet. The Defender has an advantage in cyber environments under their control. Hence, Defender should focus on building technological advantage and maintaining dominance in their cyber environments.
  • Defender's cyber architecture includes redundant and robust means for communications, computing, and storage, so even with 50% losses of infrastructure, the essential services and processes run sufficiently, and data remains accessible.
  • Defender raises a threshold against cyber-attacks, declaring assured retaliation with weapons of mass destruction.
  • Defender prepares to cut their domestic Internet domain from the international Internet to diminish vulnerable surfaces and minimise options for direct attack vectors.
  • Defender builds their national Internet domain based on entirely different programming languages, communications protocols, and integrated circuits. It effectively filters all traffic in and out of their national domain.
  • The Attacker builds and prepares strong offensive cyber capability against the weakly prepared Defender, which deters other power projections.
  • Attacker sources their cyber warriors from industry or cyber-criminal gangs to accelerate offensive cyber capabilities and gain a possibility of strategic surprise.
  • Defender advances the information security architecture (Domain-defined –> Service-defined –> Zero-trust –> Content-defined)  of her cyber environment, keeping the security controls and monitoring resistant against the potential adversary attack vectors.
  • The Defender uses global dominance in economy, trade, science & technology, and cyber-physical manufacturing to slow Attacker's ability to build a more effective cyber arsenal.

Examples:

BLUE operates two domains for essential processes and functions that multiply the Forces Generation and Operation performance. Since both are under BLUE's control, he chooses to build computing performance, one based mainly on Microsoft technology and the other on Linux and Open-Source technology.

There are indications that RED aims to use artificial intelligence to automate and multiply its exploitation arms, achieving attack vectors that are ten times faster within the next ten years. BLUE may come up with the following options:

  • Accelerate BLUE's development and innovation for a more resilient cyber environment and countermeasure tools
  • Eliminate RED's ability to execute the disruptive leap in offensive capabilities
  • Build BLUE's target acquisition and attacking tools and strike the strikers
  • Change the architecture of BLUE's cyber environment so it will nullify the RED's higher performance
  • Build a more robust and redundant cyber environment that could absorb ten times more Attacker's attempts.

BLUE plans to digitalise its forces to gain strategic advantage. With digitalised processes in Generate and Operate functions, the cyber environment extends the vulnerability surface. The estimations of digital transformation outcomes include 20x more lethal and 10x more cost-effective force. The extended vulnerability goes beyond BLUE's risk appetite. BLUE may come up with the following options to mitigate the risk:

  • Accelerate the evolution of information security architecture and leap to Zero-Trust or Content-Based security models, which will diminish the vulnerability surface even if the digital realm grows much broader.
  • Instead of building a joint information domain, BLUE creates several parallel domains that are not dependent on each other and can multiply force effectivity.
  • Outsource their common information domain to global network and application service providers so big that RED cannot take them down. Then BLUE focuses resources on the anti-fragility of tactical and operational information spheres.

Figure 4: Strategic-level view of Cyber Defence


2024-10-04

An Approach to the Development of Military Capabilities


 "Thoughts without content are empty, intuitions [perceptions] without concepts are blind" 

Immanuel Kant

A Story

A fictional discussion in RED and BLUE Ministries of Defence:

  • RED Minister of Defence: "Let’s build up the strength of our standing force from 1 000 000 soldiers to 1 200 000, improve the operational transportation speed of our railways from a brigade/100km/2hrs. to a brigade/100 km/1hr., and establish new factories that can manufacture ten main battle tanks per day.”
  • BLUE Operational Commander after the Intel brief: “RED is aiming to improve their land component operational capabilities to achieve a mass advantage in any part of the area of operation. I need four mechanised brigades to counter the emerging capability within the next three years.”
  • BLUE Land Force Commander: “We do not have tanks, ammunition, mechanised troops, trained tank crews, antitank weapons, air defence, supporting fires, signals, engineers, logistics or facilities to generate four mechanised brigades. Armament acquisition takes at least four years, building training facilities takes five years and generating troops takes minimum two years. Each brigade will need at least 500 million investment and produces 50 million annual operational costs.”
  • BLUE Armed Forces Commander: “We do not have the budget nor time to meet the operational demand. Are there other options to address the emerging threat but building symmetric forces?”
  • BLUE Minister of Defence: “Now is not a good time to propose an increased defence budget because elections are within 1.5 years, and popular opinion demands health care for increasing elderly population. What is the probability that RED will use this increased military power against us?”
The above pictures a clash of several contents in varied contexts!

Approaches to Military Capability Development

Developing military capabilities is always a balanced decision between different contents and contexts projected against variety of probable threat scenarios. European Armed Forces are restoring their capabilities in competition with Russia's accelerated military industry and force generation. Some countries have selected to build symmetric armament, others apply modern technology to squeeze more lethal power from their existing capabilities, and some  do what they can in current circumstances.

In every case, the decision-making in capability building is not an easy task since every decision or non-decision impacts the Armed Forces over an extended time and may lead to peril when threats against national security unfold differently than assumed in environment illustrated in Figure 1. Furthermore, maintaining a portfolio of Military Capabilities is affected, for example:

  • Biased and noisy decision-making in an organisation (Kahneman; Johnson; Heat)
  • Path Dependence (Liebowitz & Margolis)
  • Political guidance (Gray)
  • Society´s resources and culture (Bousquet)

The following process brings some systematic analysis and assessment for the military capability planning to provide longevity, balanced sense-making from different points of interest and continuous evaluation of the situation.

Figure 1: Blue vs. Red military might

Building a Concept for Military Capability Development Decision Support

The analysis and assessment process for capability development uses the SDLC V-model  originally created for developing and testing software artefacts, illustrated in Figure 2. The V-model down-slope analysis follows Kahneman's decision-making strategies  utilizing, for example, the following methods:

  • Clustering follows loosely the US DoD DOTMLPFII-programme evaluation model  but with added Budget checkpoint
  • The concept of Operation uses a standard military CONOPS creation methodology. 

The V-model up slope assessment uses operational research methodology, e.g.:

  • Tactical Assessment utilises Lanchester models, 
  • Operational Assessment deploys QJM models, 
  • Strategic Assessment uses systems thinking models of consumption of strategic assets, and 
  • Political Assessment experiments Threat/Prospering Balancing models. 

Figure 2: Capability analysis and assessment with V-model structure

Detailing the Capability Development Analysis and Assessment Process

The process, as illustrated in Figure 3, main functions work as follows:

  • Military capability analysis receives its input from the changes in potential adversaries (RED) via intelligence information, own forces (BLUE) via business intelligence, or environment (Political, Economics, Sociological, Technological, Legal, Environment [PESTLE])
  • The change indicator recognises the change (military intelligence) and possibly pre-estimates its impact.
  • A detected and identified possible impact is forwarded to problem and/or opportunity analysis. This analysis uses existing national defence and military scenarios to detect whether the change is an opportunity or a problem. During the analysis, the key performance indicators for the solution are defined.

Whether a problem or an opportunity is detected, the top-down analysis is commenced. Suppose the problem has surprised BLUE or evolves faster than BLUE expects. In that case, a fast track forwards a quick fix directly to connecting, where urgent need is fitted into the ongoing force generation process and transformation programme is launched.

  • Problem seeks solutions first parallel through DOTMILBIE (B=budget, E=Equipment) phases, and if it is not found, then proceed towards E until there is a solution that meets the given KPIs.
  • Opportunity seeks possibilities to gain advantages over the RED through a similar sequence of analysis.

The top-down analysis provides a concept of operations (CONOPS) for bottom-up assessment to define the detailed design with a sequence of different level war games. The assessment includes the sequence of:

  1. The technical assessment compares the solution/possibility concept against the current and emerging technical capabilities of an adversary
  2. The tactical assessment compares unit-level combat outcomes and varies with strength, lethality, and protection
  3. The operational assessment compares force-level battle outcomes and varies with the area of operation, mode of operation, weather, and quality of troops.

If similar conditions exist, the three wargaming results are verified in live exercises or operations. The wargaming models learn from lessons identified in the live world.

  1. Strategic assessment compares defence-level assets over time and optimises their sustenance over various operations, environments, resources and crises. The assessment is verified using business intelligence collected from BLUE Force over time.
  2. The political assessment reflects the current and future geopolitical, decision making and other PESTLE-related features at the national political level. The assessment is verified using political intelligence collected from international relationships and political decision-making.

Once the top-down concept is assessed through levels of the bottom-up approach, the resulting solution should be considered, optimised and balanced from DOTMLPFII viewpoints and tested successfully at five levels of current and future confrontation. If not, the CONOPS is returned to the analysis process for reconsideration.

The optimised solution continues to the connecting function, where the solution is compared with the existing capability portfolio (composed of three windows: Current, in Generation, and in Planning). Once the suitable timeslot and financing are found, the optimised solution can be introduced to decision-making: Generate new capability or manage the risk other way. If the decision is towards development, a generation programme becomes a part of a 5-10-20-year plan.

During the defence capability portfolio management, the ongoing programmes are continuously compared to national defence and military scenarios and adjusted per emerging needs.

.

Figure 2: A simplified process for military capability development decision support

The above systematic capability analysis and assessment process provides:

  • Continuous and faster analysis and assessment cycle (years to months) than one-time efforts in slower frequency,
  • Faster learning process with improved connectivity to data sources than with only manual research and assessment,
  • Systematic and less biased/noisy process that survives officer rotation than human-centric and dependent process, and
  • Accumulating a knowledge base that enables further automation enhanced with business intelligence, modelling and simulation, wargaming and digital twins.

References

https://euro-sd.com/2024/09/articles/40091/polands-future-armed-forces-take-shape/
https://lordslibrary.parliament.uk/uk-defence-policy-and-the-role-of-the-armed-forces/
https://www.kaitseministeerium.ee/riigikaitse2026/arengukava/eng/
https://en.wikipedia.org/wiki/V-model
https://ia.eferrit.com/ea/e22c190431de180e.pdf&hl=en&sa=X&ei=OhwAZ47NBYWoy9YPtZ-o2Q4&scisig=AFWwaeZLfyOb_lmWYlAEgljNYIGd&oi=scholarr
https://eda.europa.eu/docs/default-source/eda-publications/enhancing-eu-military-capabilities-beyond-2040.pdf
https://www.dau.edu/acquipedia-article/concept-operations-conops
https://www.jstor.org/journal/milioperresej
https://en.wikipedia.org/wiki/Lanchester%27s_laws
https://orion.journals.ac.za/pub/article/view/455
Jackson, Michael, C. (2018) Critical systems thinking and the management of complexity, Wiley, 
https://www.dni.gov/files/ODNI/documents/assessments/ATA-2024-Unclassified-Report.pdf