Improving the Agility of the Current Defence Industry and Forces Value Stream in Acquiring and Generating Capabilities

Is the current Defence Industry and Defence Forces Relationship agile enough to address the volatile arms–counterarms evolution emerging in the Russian-Ukrainian war? 

Is the current Defence supply chain capable of delivering continuous integration of a software-defined military system of systems? Will the Defence Industry meet the European Defence Forces' expectations for 4th industrial cyber-physical products and services? Is Europe coherent enough to engage the Russian 2/3rd industrial force in an attrition war with inevitable human casualties? Questions that military strategists are pondering nowadays.

Figure 1: A high-level illustration of the value stream for legacy defence capabilities life cycle

With its war budget and legislation, Russia is building up its second industrial generation capabilities to produce armoured platforms, artillery, missiles, and ammunition, in addition to sourcing them from China and North Korea. Meanwhile, they are learning to use dual-use cyber-physical products sourced from China and Iran, such as Unmanned Aerial Systems, to deliver precision attacks and maintain 24/7 surveillance over the battlefield.  

Meanwhile, Ukraine relies heavily on conventional armaments, which are primarily supplied by NATO countries, albeit sporadically and subject to political constraints. While NATO countries are struggling to rebuild their Second Industrial generation manufacturing capabilities, Ukraine is building its 4th industrial capability  to provide dual-use cyber-physical platforms for both sensing and effect.  Partially, because the Western legacy weapon systems do not survive on the Ukrainian battlefield. 

Where does the European Defence Industry migrate from its current 3rd industrial capability to manufacture expensive platforms and precision missiles? How are the European Defence Forces utilising their strengths differently for transformation under the Russian hybrid operations? Will the European industrial and military value stream transform through:

1. Improving gradually the current processes and the operation model,
2. Accelerating towards 4th industrial software-defined armament utilisation, or
3. Fast-lining to acquire mass-produced, dual-use, cyber-physical platforms and adjust/configure/integrate them for military use.

First, the paper analyses the common bottlenecks along the current life cycle of armament from innovation to force utilisation. Secondly, the paper proposes three different lines of operation to improve agility, accelerate the life cycle updates and configuration, or connect the defence value chain more efficiently to meet the evident Russian threat.

Legacy Armament Life Cycle Model

The contemporary European ecosystem between the Defence Industry and Defence Forces is optimised for 2/3 generation industrial armament manufacturing and utilisation, optimising the long lifespan of platforms (main battle tanks, fighters, frigates) and complying with legislation for commercial procurement with a flavour for national security interests. The management of platform-centric life cycles suffers from three bottlenecks, though the value stream from innovation to battlefield and creating a strategic advantage in National Defence:

1. Valley of Death lies between ideation and experimentation, and manufacturers' intentions to create a viable product. Ideas, demonstrations, and proof of concepts often struggle to transition to pre-production and secure investments, ultimately becoming workable products with potential markets and profits. 
2. Valley of Death resides between vendors marketing/sales and the Defence Forces procurement. Commercial or armament-specific procurement regulation defines the behaviour between vendors and procurers in the market.  Requirements-based acquisition may inflate expectations beyond what any product in the market can deliver.  While minimising the ambiguity, both the military and industry tend to produce generations of similar fighting platforms. 
3. Valley of Death resides between the Defence Forces' force generation and force utilisation. Whilst integration and training may be successful, the platform appears not to be feasible in the battlefield or type of operation, or an element does not meet the requirements of the entire system of systems. For example, maintaining the Leopard 2 main battle tanks in the Ukrainian theatre .

Figure 2: Model for legacy value stream for military capabilities generation

The linear value stream requires both strategic support and a feedback loop to maintain the track towards integration and sustainment of armament. 

• Strategic direction is required through the life cycle of innovation, particularly in mitigating the bottlenecks in the chain of Ideating, Acquisition, and Utilisation. Whether this support and guidance is provided through governance, market regulation, or a hybrid manner is a question. Often, the ministerial strategic guidance is perceived as contradicting the legislation of the open market.

• A feedback loop is required to translate the lessons captured in operation, training and manufacturing to mid-life updates of platforms. Successful communication via the loop is based on trust, transparency, confidentiality, a shared knowledge base, and measurement for impact. As usual, communication fails to have a lasting effect on adjusting products and processes to meet military demand.

The legacy life-cycle value stream may work with platforms that have a lifespan of over 30 years and are loosely integrated, with operations mostly manual. The legacy model is not sufficient when the Russian defence industry has already gained a few years' advantage over the European defence industry.  The following sections study three ways to improve the agility of the legacy acquisition and life cycle management process.

 

Ways to Improve the Agility of Contemporary Acquisition Processes and Operation Model

When choosing to evolve the current 3rd industrial acquisition value stream gradually, both Defence Forces and Industry may enhance the performance and agility of the value stream in the following ways:

Strategic guidance

• National Defence Science and Technology strategies that guide resources, potential technology focuses and research awards
• Government-driven strategic direction through innovation incubators, governance of military industries, and 5-year military investment plans
• Market-driven direction with long-term military acquisition lists and capability requirements, calling manufacturers and products to Defence Exhibitions for information sharing
• Examples: US National Defense Science & Technology Strategy 2023 

Creating and maturing ideas:

• Seeding the ideation and R&D with incubators or innovation hubs, 
• Bringing potential competencies together in hackathons or competitions, 
• Incubating and maturing potential ideas towards Proof of Concepts (PoC)
• Expressing a long-term commitment to the most viable PoCs.
• Examples: US DARPA , NATO Science and Technology Organisation, NATO innovation accelerator (DIANA)  and Multinational Experience (MNE) , UAE Innovation Incubators, FIN eAlliance , FIN DEFINE 

Acquisition:

• Capability portfolio management to coordinate the development of new capabilities and decommissioning the legacy while meeting the evolving capabilities of potential adversaries with a 30-year horizon.
• Guiding the Defence Industry to invest in new technologies and manufacturing methods in preparation for new products with strategic partnerships
• Target Enterprise Architecture to guide the integration and system of systems performance
• Create Defence Industry clusters or partnerships to eliminate parallel product lines, increase specialisation, and the ability to integrate system of military systems. 
• Examples: UAE IDEX , KSA World Defense Show , KSA GAMI/SAMI ,  Nordic Patria-Nammo-Kongsberg partnership 

Utilisation:

• Multi-geared Force planning to develop, integrate, train and deploy troops at a pace and quality that addresses the operational requirements and crisis escalation
• Blue and Red Force exercises to find vulnerabilities for mitigation.
• Force sustainment to maintain, repair and restore troops and capabilities in operation
• Examples: NATO Combined Endeavour 

Feedback loop

• Annual cooperation and lessons identified sessions between the military and industry
• Having key account managers visiting exercises
• Manufacturers' user groups
• Examples: US Project Convergence, NATO Multi-national Experience, Systematic user group for Sitaware Battle management system development, US Space Command integration of operations and R&D 

The above improvement enhances the legacy process but does not meet the contemporary requirements of the theatre. The next section studies a software-defined value stream for military defence capabilities.

 

Generating Software-Defined or Driven Military Capabilities

The software-defined capabilities have been evolving for the past 15-20 years in civilian systems and are gradually being adopted in military-grade platforms and systems.  Software-defined radios (SDR), antennas (SDA) ,  networks (SDN) and virtual computers/infrastructure (SDI)  are widely used in military C5ISTAR systems. Later fourth-generation fighters  are fly-by-wire controlled and equipped with fire-and-forget missiles . Air Defence systems have been computer-controlled and are currently receiving over-the-air software updates while in mission.  The US DoD has a concept for a military Internet of Things composed of autonomous systems and a combination of weapon systems networked together.  

Software-defined, virtualised, or cognitive  features are primarily coded in programs, and changing the program also changes the effect or features of the armament. This opens two opportunities for agile or adaptable military systems: 

1. Algorithm development and continuous integration (CI) of new software and configurations can respond more quickly to battlefield changes than contemporary mechanically defined platforms. After a software update, a MIMO phased-array surveillance  radar may operate on a different frequency band and modify its beamforming and RF features to avoid being identified as a military radar.
2. A variety of sensors and effectors can be connected to a software-defined network, which enables faster target acquisition and combined fires against the target. A cognitive network with edge processing capacity can accelerate the BLUE OODA-loop, making it quicker than RED, which will ultimately gain victory, at least in a long game. 

The acquisition and generation of software-defined military capabilities need a different value-creating chain than the legacy armament. Figure 3 illustrates the separation of software (SW) and hardware (HW) supply chains with specialised features for:

• Sourcing from open code or algorithm pools and using public development environments to engage smaller and more specialised developers.
• Using agile methods to create software-defined features in products. Typically, the development windows (sprints) vary from a few weeks to some months. Hence, the span from idea to implementation is remarkably shorter than in a legacy value stream.
• Continuous integration (CI) ensures essential coherence and quality before the feature is introduced in force generation.
• Shorter feedback loops from integration, generation and utilisation to collect lessons and improve/correct features in the following iterations.
• More standard, mass-produced hardware that is operated by software that makes the difference in sensitivity, range, manoeuvrability, or effect at the tactical level.
• The governance of the value stream should be based on strategic partnerships for software development and integration, which uses as much as possible open-source code. Naturally, the military hardware still needs conventional procurement from the market.

Figure 3: A view of the software-defined capabilities value stream

The software-defined military capability requires long-term software development partnerships or a remarkable investment in a military in-house software development cadre, while actively using the value produced in an open-source society.  Furthermore, the hardware (platforms, weapons, sensors) needs to be digitised, more standard, and support the virtualisation of features. Software portability from one hardware platform to another, or integration with open application programming interfaces (APIs), becomes a significant threshold for the cost efficiency of the value stream. Naturally, the current manufacturers of bespoke platforms with closed licenses are opposing the model. 

There are several ongoing initiatives in the Armed Forces to improve their capability and transfer the value stream, for example:

• US DoD runs Project Convergence  to experiment with artificial intelligence and autonomous systems, enhance network cognition, and build defence capabilities for their cyber and electromagnetic space.
• The Land Command of Finland has been developing their Model 18 C5ISTAR system since 2010 with software-defined features and bi-annual development cycles. 
• US DoD has ordered a “comprehensive transformation”  of the US Army, utilising emerging technologies, integrating separate organisations to develop new capabilities, and transitioning to agile funding to build or acquire emerging opportunities. 

Consumer market, dual-use, military-specific, cyber-physical product/elements acquisition and integration

A more flexible acquisition model that would recover faster from battlefield surprise would be to utilise multiple sources (Government of the Shelf, Military of the Shelf, Commercial of the Shelf, In-house developed, and Strategic partnerships) to experiment, develop/manufacture, integrate, and generate. The model introduces a dual-use product line that sources from global consumer markets, integrates feasible parts into the military system of systems, and trains troops before rolling out capabilities to the theatre, as illustrated in Figure 4:

• Armed Forces pushes their experimentation closer to ideation by hosting hackathons, competitions or challenges. The winning concepts, prototypes or models will be awarded a development contract and hosted either in the software, defence, or civilian industrial chain.
• Continuous integration extends to include dual-use products that have shorter lifespans but can be acquired in vast quantities from the global supply chains. 

Figure 4: A view of the multi-sourced capabilities value stream

The multi-sourced model can be adjusted to meet the special requirements of each theatre if the force generation is also specialised. The adaptive military capability acquisition and generation model should address the current requirements on the Ukrainian battlefield  while also embracing the 4th Industrial Revolution, where manufacturing is brought to the theatre, as permitted by the threat environment. 

Instead of aiming for full operational capabilities with lengthened storage life, this model produces minimum viable products  that may mature through the integration and generation phases, ultimately achieving sufficient maturity for the battlefield. Naturally, the digital twin of the military system of systems  helps test how new elements integrate into the defence entirety, identify potential vulnerabilities, and determine the consequences of failure. 

Digital Transformation of Military Affairs

Trying to understand the playground of digital transformation in military affairs

Over the past 25 years, consulting companies have sold military Digital Transformation as a fast track to gain dominance on the battlefield, achieve cost efficiency to meet budget cuts, or a way to annihilate the vast masses of 2nd industrial forces in current near-peer conflicts.

Nevertheless, there is more than one definition of Digital Transformation, so the military needs to recognise what it wants to achieve.

The military is evolving through five waves of emerging digital technologies. (Kale, 2020) 

1. Digitisation transferred information and content from analogue to digital format and improved military administration and office work. In the Finnish Defence Forces, this evolution started from information assets during the 1980s , and it is still ongoing, related to products and soldiers.  Some Armed Forces are still using paper-based decision-making due to tradition or the power structure.

2. Digitalization introduced enterprise-wide systems, like Enterprise Resource Planning (ERP)  or Maintenance, Repair, and Overhaul (MRO), which enabled human, financial, material, platform life cycle, and facilities management to gain cost-efficiency. Moreover, C3I support systems and battle-space management systems were deployed for improved situational awareness. The Finnish Defence Forces underwent significant evolution during this phase, primarily between 1999 and 2007. Some Armed Forces are still transitioning from functionally specified resource management systems to enterprise platforms. Meanwhile, several functionally specific management systems remain available on the market.

3. The first-generation digital transformation has enabled revolutions in military affairs, such as Network-Centric Warfare in the US Department of Defense and network-enabled Capability in the UK Ministry of Defence.  The Finnish Defence Forces underwent changes in their operational and management approaches in 2008 and 2015.  Some other Armed Forces are struggling to transfer their organisational culture to adopt these enabling processes because military organisations are built to resist change.

4. The second-generation digital transformation can be defined as software-defined everything. In this phase, mechanical systems are migrating to cyber-physical entities, which integrate with other entities, forming structures such as a combat cloud. The US DoD is experimenting with a tactical system of systems in the Project Convergence . The European Combat Air System  (FCAS) project combines manned and unmanned platforms to form a system of systems. Furthermore, the software-driven approach also transfers the engineering and manufacturing processes of the new platforms, as seen in the Rheinmetall Modular Open Systems Approach. 

5. The third-generation digital transformation may be defined as robotic or agent automation, digital twins and autonomous effectors/sensors. The US Golden Dome  is one example of the type of capability that the military may gain from integrating sensors, AI-enabled decision-making, and shooters across all domains against masses of air- and space-borne targets. Both Ukraine and Russia are utilising remotely operated commercial and military drones for enhanced tactical mobility and effectiveness. 

On the other side of the coin, digital transformations often fail to deliver expected outcomes because (Mattila, 2020):

• Canadian Armed Forces spent from 1980 to 2000 moving from Cold War capabilities to meet post-9/11 threats. Transformation took longer, mainly because personnel lacked training to certify them in new ways of defence and behaviour.
• Swedish Försvaret created a concept for their Nätverkbaserad Försvaret in the late 90s and early 2000s, as best practice for other militaries, but failed because the Swedish Government decided to cut the defence budget and downsize the entire national defence to a peacekeeping force.
• NATO aimed for Network Enabled Capabilities through the 2000s, but found itself without a shared network until the establishment of NATO Federated Mission Network 2015.
• The US DoD launched in 2000 its Network Centric program, which improved division and higher echelon situational awareness but failed to deliver it to the tactical level. The gap appeared costly in later Iraq and Afghanistan operations.
• Finnish Puolustusvoimat made a significant reorganisation in 2008 and 2015 for cost-cutting, but remained in service stovepipes while missing the essential ability for joint operations. The digitalisation of enabling and C4ISTAR processes met opposition at the cultural level.

When a military transformation fails to provide the intended security capabilities, the transformation command wastes unique resources. The failure may also open an opportunity for an adversary to gain a strategic advantage and a temptation to exploit it. The severity of the potential inability necessitates the use of more advanced tools to comprehend and model the transformation. 

A holistic understanding becomes increasingly vital as some emerging technologies, such as unmanned autonomous systems, machine learning, nanotechnology, and human enhancement, may provide the adversary with a surprising strategic advantage. In this situation, a military enterprise needs to have the flexibility to adjust and recover from a surprise through rapid transformation.

Data “Strategy” in a Military Enterprise

What are the ingredients of a Military Data Strategy? Is there a Data Strategy? How does the approach to the digital economy reflect in military data strategy? 

In its current strategic plans, the military aspires to be a data-driven organisation, data-centric, data-dominant over potential adversaries, or data-use as a force multiplier. Those words echo current trends, but how are they defined in the roads the military must journey to gain more value from its data?

This article creates a definition for data “strategy” for military affairs and studies five data strategies from Europe and the US to see how their approaches differ from data maturity, enterprise architecture, strategic approach, and contextual viewpoints.

Figure 1: Essential components in the military strategic approach to data

1. So-called ¨Data Strategies¨ with the Military

In the military, strategy is perceived as a theory of victory. It explains how to use force to achieve political objectives in war.  A typical military strategy comprises Ends, Ways and Means following the Lykke model, defining “Strategy equals Ends (objectives toward which one strives) plus Ways (courses of action) plus Means (instruments by which some end can be achieved).“  

Data is recognised within an Enterprise Architecture as one domain or approach separate from or within the information domain. The TOGAF data domain resides between business and applications. Moreover, data architecture aims to translate business needs into data and system requirements and manage data and its flow through the enterprise.  Digitisation has increased data value, and digital transformations, if successful, have gained strategic advantages in business performance.  With digitalisation, military affairs value data, especially in multi-sensor surveillance, intelligence analysis, predictive maintenance, resource optimisation, force generation, and decision-making. The amount of collected data, big data, has been perceived as a game-changer or force multiplier.  

Combining data and strategy to create a data strategy provides a focused view of military affairs' achieving strategic Ends using data as a Means or data-related tools as Ways to enable or multiply capabilities. Hence, data strategy is more of an implementation plan to achieve goals in the Defence Strategy. While the global digital economy recognises three different approaches:  Market-driven (US), rights-driven (EU), and state-driven (CHI). Because of access issues, sampling for data strategies is done only from the US, Australia, and Europe. 

Therefore, the data strategic principles in military affairs are defined as:

• Recognised threat and technology development environment that may provide the adversary an advantage or an emerging vulnerability in their data structure.
• Ends defined in military affairs (processes, business) terms
• Data-related Ways: Analytics, data science, data fusion
• Data as Means: Big data, metadata models, semantic models, integration and sharing
• Military threat environment requires more efficient data-related confidentiality(C), integrity(I) and availability(A) methods to ensure the enabling or multiplying outcomes
• Since data is a component in a military socio-technical system, the transfer of culture is usually the most challenging hurdle to overcome on the transformation roadmap
• Multi-sourcing dimension to ensure that military affairs are integrated with society, the defence industry, and other governmental agencies and coalition partners.
• Compliance with the digital economy principles that the surrounding society has adopted: market-driven or rights-driven.
• Finally, data lives in a technical environment, platforms and networks. Do they enable the new valuation of data?

 

2. How do current data strategies reflect the principles?

Next, the paper uses the strategic data principles to compare contemporary military approaches to gain more value from data within their enterprise and as part of a wider data environment.

Table 1: Comparing a variety of defence data strategies against the principles of military data strategy

Data strategic principles	US DoD[1] 2020	UK MoD[2] 2021	SWEDEF[3] 2021	BUNDESWEHR[4][5] 2021	FINDEF[6] 2021
Recognised threat environment and confrontation	DoD has lacked the enterprise data management to ensure that trusted, critical data is widely available to or accessible by mission commanders, warfighters, decision-makers, and mission partners in a real-time, useable, secure, and linked manner.	With increasing data, it is harder to isolate insights from information	NTR	Recognises the cyber and information space	Disinformation and other data threats, emerging technology
Ends defined in military affairs	Warfighters at all echelons require tested, secure, seamless access to data across networks, supporting infrastructure, and weapon systems out to the tactical edge.	Data is an enduring strategic asset that, when effectively exploited, drives battlespace advantages and business efficiency. Integrated Operating Concept.	Interoperable processes. More effective, simple, safer, and asymmetric capabilities.	Harmonisation and automation of military processes, resilience of defence, value for money	Information dominance, user-driven
Data-related Ways	Data is Visible, Accessible, Understandable, Linked, Trustworthy, Interoperable, Secure.	Exercise sovereignty, standardise data, exploit data, secure data, curate data, endure data	Data asset management, data exchange with other agencies, data modelling, Chief Data Officer and Data Protection Officer, Data science	Data clusters, short innovation cycles, mobile access, and user experience-driven	Improve data accessibility, findability, usability, and establish a new information culture. Knowledge management
Data as Means	Architecture, Standards, Governance, Talent & Culture	Central data leadership, People skill and culture, Governance & controls, data foundations, exploitation	Information architecture, data annotation, master data management, open data, data clustering, Common Information Model, Information Supply Chain, Antifragile data architecture	Establish the inspector for the data and information space	Manage strategic assets, data fusion, and enrichment
Cultural challenges	Service Members, Civilians, and Contractors at every echelon make data-informed decisions and create evidence-based policies.	NTR	Information as a strategic resource, from application-focused to data-driven, the need for more data, Access to high-quality data, and Data trust.	Innovation-driven approach	Sharing culture, right to use data, and data consumership.
CIA methods	Consumers know that data is protected from unauthorized use and manipulation.	Secure by design	Data quality	Improve cyber defence capabilities.	Identifying critical information, risk management, and ensuring availability
Multi-sourcing	Achieve semantic as well as syntactic interoperability	Defence data ecosystem	National data sources, International open sources.	Transorganisational clusters	Global data environment, data exchange management
Compliance with the digital economy	Data management and compliance with policies are a top priority	Data complies with legal, regulatory and ethical obligations.	SWE, NATO and EU compliance	NTR	Open government
Enabling Technology	Sensors and platforms across all domains must be designed, procured, and exercised with open data standards as a key requirement.	NTR	A cohesive command chain with secure, robust, accessible, and user-friendly IT systems.	Consolidation and integration of data platforms	NTR

In summary, the data strategies in a variety of Defence Forces:

• Do not necessarily approach data from the threat environment or confrontation (2/5), but from the increasing amount of data and fewer abilities for sense-making (2/5).
• Aim to achieve the ends defined in military affairs (5/5), at least at the principal level.
• Data-related Ways are defined per the existing data management boundaries and maturity. Some emphasise ways to access data and process efficiency (3/5). Others see data as an accelerator for capability development (2/5).
• Some see data-related Means from the management approach (3/5) and others from the value creation viewpoint (2/5).
• Cultural challenges are approached from the consumer viewpoint (3/5). Moreover, innovation for novel data applications is seen as a cultural accelerator in one strategy.
• All strategies have a view to data Confidentiality, Integrity or Availability
• All strategies identify data as a Multi-sourced asset.
• All strategies recognise that with a global approach to data assets, compliance with the digital economy is a relevant issue.
• All strategies identify the Enabling and emerging Technologies but do not necessarily refer to them in the data strategy paper.

---

[1] US DoD Office of Prepublication (2020): Executive Summary: DoD Data Strategy

Unleashing Data to Advance the National Defense Strategy

[2] UK MoD (2021): Data strategy for defence

[3] FOI-R--5112--SE (2021): Förstudie om informationshantering i Försvarsmakten – med

fokus på information som strategisk resurs

[4] WD 2 - 3000 - 063/21 (22. September 2021)

[5] Strategische Leitlinie Digitalisierung

[6] https://julkaisut.valtioneuvosto.fi/bitstream/handle/10024/163329/PLM_2021_3.pdf?sequence=1

Cyber and Electromagnetic Activities (CEMA) in All-Domain Battlespace

 ‘In fact, future conflicts will not be won simply by using the electromagnetic spectrum and cyberspace; they will be won within the electromagnetic spectrum and cyberspace.’ 2013 Adm Greenert, Chief of Naval Operations, USN

What are Cyber and Electromagnetic Activities (CEMA)?

Contemporary adversaries aim to integrate lines of operations across information, cyber, electromagnetic, and kinetic domains, as illustrated in Figure 1. They take advantage of the digitalisation of the information realm, which opens avenues to cognitive and social realms. It becomes more cost-efficient to attack through the cyber domain, launch terrorising strikes, and create confusion and fear in these realms. (Clarke & Knake, 2020) 

Besides the expanding cyber environment, the demand for mobility and dispersion in the battlefield multiplies the need for transceivers and wireless communication. Naturally, this increases targets for electronic attacks; for example, suppressing the GPS signal will increase the circular error probability. Moreover, battlespace transceivers open new venues to breach logically isolated cyber domains. (Álvarez, 2025) 

Kinetic line of operation may use the electromagnetic and cyber realms to multiply the systems effect, e.g., an adversary may destroy a central control hub with gliding air-to-ground payload and simultaneously overload defender sensors with fake targets while suppressing means of communications. The combined course of action (CoA) will suppress the surveillance system, prevent its repair, and make the adversary lose trust in any similar C5ISTAR  support system during that conflict. 

Figure 1: A View to Evolving Realms of Military Force Projection

Cyber and Electromagnetic Activities (CEMA) are coordinated offensive or defensive courses of action that either improve BLUE’s freedom of movement and survivability or degrade RED’s electromagnetic and cyber environment use. Since CEMA predominantly comprises hardware nodes, transceivers that utilise electromagnetic propagation, and software-defined features that define the cyber environment, it offers more advantages as the forces of digitalization and mobility intensify. Hence, the Western type of military force is more vulnerable to CEMA effects than a 2nd generation industrial force optimised for attrition, or loosely controlled insurgent teams optimised to terrorise the local population. On the other hand, when any force adapts dual-use consumer electronics, it opens possibly unrecognised vulnerabilities for CEMA attacks. The fast evolutionary pace of dual-use electronics during the Russia-Ukrainian war proves this. Russia is enhancing its electronic warfare (EW) and sensor development and updating its existing equipment to counter Ukraine's rapidly evolving capabilities (Bronk, 2025).

Militaries are globally gaining interest either during their digital transformations or creating asymmetric but systems-effectors against more digitised adversaries. Nations that are wielding information war against their adversaries are particularly interested in these emerging technologies and innovative courses of action. 

What is the CEMA Environment as a Battlespace? 

The Cyber and Electromagnetic environment continues to expand within military forces as they modernise and digitise their platforms, connecting them to a military system of systems-based (SoS) capabilities. (Dahmann, 2012) These systems of systems extend cyberspace and utilise the electromagnetic environment to support military affairs. The defenders' interest is to protect the BLUE system of systems and prevent the systemic effects (Beagle, 2001) of the Attackers (RED) that may suppress essential BLUE capabilities, as illustrated in Figure 2.

Military System of systems

The US Defense Acquisition Guidebook defines a System of Systems as “a set or arrangement of systems that results when independent and useful systems are integrated into a larger system that delivers unique capabilities.” Typical SoS include Joint Fires, integrating effectors and platforms in the air, ground, and sea; Joint C5ISTAR, integrating Command and Control with Cyber Defence, Surveillance sensors, and Intelligence systems; and Combined Air Defence, integrating space air, sea, and ground-based air defence platforms for joint engagement zones. 

A model for a system of systems may be illustrated, as in Figure 2, with a layered structure of Physical platforms or facilities and auxiliary systems that host hardware capacities for processing and transmission; Electromagnetic performance that transfers effective radiated power (ERP) to propagate in an electromagnetic environment (EME); Logical software and data-defined features and flows that enable processes for military affairs. The technical illustration may scale towards socio-technical SoS with users and administrators. (Mattila, 2023) Furthermore, it may extend to enterprise-wide system networks that support the main military functions of Operate, Generate and Support. (DANSE, 2025) These systems of systems open new domains and attack vectors for adversaries to penetrate, exploit, and suppress defenders' capabilities through the means and ways of cyber and electromagnetic warfare. 

Cyber warfare can be thought of as techniques to create effects or gain intelligence on hostile systems through the medium of digital code. (Bronk, 2025 ) Electronic warfare can be thought of as techniques to create effects or gain intelligence on hostile systems through the medium of electromagnetic energy pulses. (Bronk, 2025 )

Cyberspace within SoS

Militaries are embracing the 4th Industrial Revolution and its key enabler: software-defined cyber-physical products, enabling faster decision-making and manoeuvring. (McNamara, Modigliani, & Nurkin, 2025) The software-defined military systems promise advantages such as:

1. Modernising legacy platforms with cutting-edge technology-enabled features, like anti-missile and anti-drone defence.
2. Building future software and artificial intelligence-driven autonomous forces with an iterative approach, such as swarming effectors and loitering sensors.
3. Delivering time and cost efficiencies in administrative and operational processes, such as continuous software integration and AI agents capable of learning multiple tasks. (McNamara, Modigliani, & Nurkin, 2025)

As software-defined features take over from mechanical functions, the amount of software code explodes. Unfortunately, the industry average for coding errors remains 15-50 defects per 1000 lines of code, and at best, the quality may reach 0.1 defects per 1000 lines. (McDonnell, 2004) The exponential rise of software code in armament, the integration of system-of-systems, and big data together increase the area of vulnerability within the technical layer of SoS. 

• Example: More than 30,000 public and private organisations were exposed to the SolarWinds hack between 2019 and 2020. Apparently, a Russian agent was able to inject malicious code into SolarWinds Orion management software. When customers updated their management software, the malevolent code created backdoors for hackers to access data. (Oladimeiji & Kerner, 2023) 

On the other hand, the evolving digital transformation of the Armed Forces requires competent military personnel to manage and use software-defined features and processes. Otherwise, the increasing number of people interfacing with machines will provide lucrative avenues of attack. (Entrust Network, 2022)

• Example: The Russian Ministry of Internal Affairs is advising residents and soldiers in areas near or within Ukrainian Forces not to use online social media, dating apps, geotagging, geolocational links, or unsecured messaging applications. (Linder, 2024)

Software-defined and data-driven cyberspace is both more vulnerable but also provides strategic advantages for the military. Hence, Information technology security, Cybersecurity, and Cyber defence operations are more critical as the military's digital transformation advances. (Whyte & Mazanex, 2023)

• Example: Outdated technologies in enclaves expose the military to strategic vulnerability. An unpatched operation system in a fleet of main battle tanks may become a lucrative way to suppress the entire armoured capability. (Military Dispatches, 2024) 

Electromagnetic environment within SoS

Cyberspace relies on an electromagnetic environment (EME) as part of the physical layer performance and protection. The EME extends cyberspace through the air via propagation, ensuring information flow, surveillance, and precision targeting, among other things. Unfortunately, the EME also exposes cyberspace to bit errors, interference, interception, and jamming. (Adamy, 2015)

Propagation in EME depends mainly on frequency, effective radiated power (ERP), antenna radiation patterns, atmospheric attenuation, and diffusion caused by elements along the propagation paths. This means that a significant concern in EME is the distance between the transmitter and receiver/reflector. Hence, both ES and EA sensors and effectors need to be networked to select optimally located EW sites for intercepting or jamming. (Clark, Walton, Tourangeau, & Tourangeau, 2021) Any EW system, therefore, has cyberspace and needs to be protected against adversary electromagnetic and cyber effects.

• Example: Ukrainian forces are combining electronic attacks, attack drones, and advancing infantry to penetrate behind Russian lines and create confusion. First, the Russian surveillance drones are jammed; then, attacking drones hit both aerial and ground targets; and finally, infantry can advance and take over crucial points on the ground. (Álvarez, 2025)

As the vulnerability of any radiating site increases, the need is to distribute, for example, surveillance radars and create low-size, weight, and power (SWaP) radar networks (Knight, 2025). While improving systems resilience, the distributed architecture also provides more comprehensive coverage, especially in complex terrains. With the distributed and more disposable radar structure, the cognitive electronic warfare (CEW) attributes will enhance both offensive and defensive capabilities. (Vernhes, 2025)

• Example: Artificial intelligence-driven electronic protection (EP) can adapt in real-time to conventional radar configuration and avoid detection. (Knight, 2025)

Combined cyber and electromagnetic domain from a C5ISTAR system of systems viewpoint

Figure 2 presents a technical figure of the CEMA environment. It is a snapshot from the viewpoint of a Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance, Target Acquisition, and Reconnaissance system of systems, illustrating both vulnerabilities to attacks and defensive measures. Cyberspace can be used to attack transceivers and create a systemic disruption in communications services.

• Example: Russians used a strain of wiper malware, ‘AcidRain’, to remotely erase vulnerable modems and routers of the Viasat service, disrupting Ukrainian access to broadband space communications for up to a week. (CyberPeace Institute, 2022)

Electromagnetic attacks can be used to jam wireless transceivers and cause denial-of-service effects in cyberspace.

• Example: Russians are reportedly jamming GPS and other satellite-based navigation systems in the vicinity of the Baltic Sea as part of their hybrid operation to create fear of flying by degrading flight safety. (Waterman, 2024)

Cyberspace data flows can be captured by intercepting the GSM signal with a software-defined transceiver and analysing the data flow of ongoing sessions. (Louwers, 2024) By rerouting GSM traffic through compromised switches and exchanges, adversaries can capture mobile data flows.

• Example: The Russian FSB operates communications interception devices (SORM) in telecommunications exchanges to collect and analyse traffic. (Soldatov, 2014)

A hacker can take over a router in cyberspace by accessing it through a wireless interface, exploiting outdated firmware, and using the hijacked router as part of a Denial-of-Service (DoS) botnet, distorting routing protocols or capturing IP packets. (Rau, 2023)

• Example: Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street. (Greenberg, 2024)

Figure 2: A View of the CEMA Environment in Typical Forces Confrontation

CEMA in an Operational Context

Since the CEMA domain overlaps cognitive and physical realms and covers most of the information realm, as illustrated in Figure 1, it is an avenue to support both kinetic and information operations. Both Electronic and cyber-attacks can contribute to kinetic fires for joint systemic effect, as presented in Figure 3. The Russian Fancy Bear hacker group successfully infiltrated a Ukrainian artillery application used to control fires. Through the breach of 2014-2016, Russian artillery was able to locate both fire controllers and weapon sites on the Ukrainian side and destroy them more efficiently. (Crowdstrike, 2016) 

Moreover, information operations benefit from Cyber or Electronic attacks that suppress official media sites or utilise hijacked cyberspace elements to disseminate influence messages. (Microsoft, 2023)  Within the information realm, CEMA operations can also be employed independently as a covert arm, operating below the conventional threshold of war or providing an asymmetric advantage (Russian Defense Policy, 2017) against modern forces. Russia has also used CEMA as part of a broader hybrid campaign to create terror, break the trust between population and government, and manipulate polarisation within a population. (NATO, 2024)

Since CEMA primarily focuses on the synchronisation and coordination of cyber and electromagnetic activities, the components and their combination in support of operations are more critical in various contexts. (UK MoD, 2018) The Electronic Warfare components are Electronic Attack, Electronic Support, and Electronic Protection, as shown in Figure 3. 

• Electronic Attack (EA) broadly refers to the use of electromagnetic energy to degrade the performance of hostile systems for offensive purposes. It may contribute to kinetic, information, and CEMA operations independently.
• Electronic Support (ES or ESM) encompasses the exploitation of passively collected electromagnetic emissions to identify, track and possibly even target hostile systems. It supports EA, EP and Network operations directly and provides essential awareness for force protection.
• Electronic Protection (EP or ECM) involves the use of electromagnetic energy by a platform to defend itself against enemy attacks, typically by degrading the signals received by enemy fire control radars, datalink connections, or missile seekers. (Bronk, 2025 ) EP support is used directly in kinetic operations security and survivability but also contributes to Network operations and EA.

Cyberspace actions are network operations, cybersecurity, cyber defence, and cyber-attack. 

• Network operations (NO, NOC) encompass actions taken to design, build, configure, secure, operate, maintain, and sustain the C5ISTAR system of systems in a manner that ensures and preserves data availability, integrity, confidentiality, as well as user and entity authentication and non-repudiation. (Senft, 2016) Network operations contribute directly to Cyber defence operations, but they also enable all military activities that use digital information. NO requires cybersecurity operations and other security measures to provide C5ISTAR support services.
• Cyber defence operations (CDO) utilise both passive and active cyberspace capabilities to protect data, networks, net-centric capabilities, and other designated C5ISTAR system of systems. (FM 3-21, 2021) CDO supports Information, CEMA and kinetic operations, ensuring the survivability of C5ISTAR services.
• Cyberattack operations (CAO) are conducted in cyberspace aiming to create noticeable destructive effects (i.e., degradation, disruption, or destruction) in cyberspace or manipulation that leads to denial-of-service impacts in physical domains. (JP 3-12, 2018) CAO supports Information, CEMA, and kinetic operations, opening options for achieving systemic effects in an adversary's system of systems.

Figure 3: A view of CEMA and its components relationship and architectural ontology

Understanding the interrelationships and dependencies of the CEMA in Figure 3 is crucial for effective operational planning and execution, given its complex nature. One instance of negligence renders the entire C5ISTAR system vulnerable to attacks. Naturally, this also applies to adversaries; hence, the coordinated CEMA's offensive activities, whether by themselves or in support of other operations, may yield surprising victories.

How does the CEMA Contribute to and Integrate with Operational and Tactical-level Operations?

The CEMA concept in Figure 4 provides a view of CEMA support to joint operational and component tactical levels of projecting military power. (Plott & Keller, 2020) Joint operations, in this case, assume an all-domain setup, where CEMA is one of the lines of operation (LoOs), in addition to the legacy lines of space, air, ground, and sea. Hence, the joint CEMA may deploy Cyber and Electronic attack effects independently from the other domains and create an alternative line of operation. The CEMA LoO requires specific operational planning, with an understanding of the environment and system of systems engineering (SOSE) of both blue and red systems, in order to contribute to joint operations planning. The execution of CEMA operations requires the orchestration of multiple activities in coordination with the execution of joint operations. Naturally, the CEMA offensive operations planning is facilitated by the Joint Operations Command (JointOpsCmd) and executed according to Operation Orders. 

The Joint CEMA Centre (JCEMA), with particular SOSE competencies, is responsible for supporting the Joint Operations Command with joint CEMA planning and the execution of joint CEMA offensive operations. This requires close cooperation with the Staff that plans and executes the Joint Operations. Hence, the JCEMA usually resides within the Joint Staff and contributes to intelligence, planning, information operations execution, kinetic targeting and logistics processes. JCEMA also collects joint-level situational information and contributes to the Joint Operation Picture.

Joint CEMA effectors, such as Joint Cyber Attack (JCA) and Joint Electronic Attack (JEA) units, are under the command of the Joint Operations Command.  The JCEMA controls them, while the Forces run platforms. CEMA-related sensors and effectors are integrated into the C5ISTAR support system, enabling seamless data flows and the dissemination of CEMA knowledge.

Defensive Joint CEMA activities may be planned and coordinated in J3 and J6 of the Joint Operations Command.

Figure 4: A Simplified Concept of CEMA Operations

At the tactical level, the CEMA centre (CEMAC) that supports each Component is usually close to the Component Command Staff for tactical planning and mission execution. A Component Command may have CEMA sensors and effectors assigned to it by the Joint Operations Command, or they are integral parts of units under operational control or in support. CEMA's offensive activities primarily support tactical-level fires, while defensive activities contribute mainly to force protection, operations security, and network operations.

The CEMA Centre focuses on supporting CEMA planning and coordinating offensive activities within the Component Staff. It also collects electronic threat information and maintains threat catalogues for electronic protection. Furthermore, the CEMA Centre collects CEMA-related situational information from all sensors and transceivers, contributing to the Component Recognised Picture.

The Network Operations Centre (NOC) and Cybersecurity Operations Centre (SOC) are typically part of the C5ISTAR service provider organisation, supporting both Joint operations and Component missions.  The NOC executes, for example, spectrum management operations, communications security, IT security and other ICT-related support, as illustrated in Figure 3, for operations and missions. The SOC conducts cyber surveillance and reconnaissance, monitors assigned cyberspace, detects breaches, and, in conjunction with the NOC, responds to and recovers from adversary cyber-attacks. 

Tactical-level CEMA units include, e.g., Cyber-attack teams (CA), Direction-Finding and Jamming platforms (EA), and EME sensors and transceivers (ES). They are assigned to Joint Operations Command and further delegated under the Component control. In addition to their platforms, all tactical-level CEMA units are connected to either the Joint or Component C5ISTAR support system to integrate with CEMA support, protection, or attack information flows.

Tactical-level CEMA defence aims to provide protected cyberspace and enable freedom of use of the Electromagnetic Environment.

Operational level concept of use

The Joint Operations Command (JointOpsCmd) plans an influence operation to effect the adversary public opinion of their government. INFOOPS requires contribution from kinetic and CEMA lines of operation. JCEMA is tasked with creating a Course of Action to take down adversary governmental sites and broadcasting, while INFOOPS would disseminate their message through troll factories and bought influencers. After analysing the adversary broadcasting systems and websites, the JCEMA assesses that jamming the TV signal transfer site in the capital and, at the same time, using a botnet for a distributed denial of service (DDoS) attack on the IP gateway that separates government intranet from the Internet would isolate the population from their government for about 24 hours.

Following the Commander of JointOpsCmd's decision, an influence operation is executed under joint coordination. JCEMA orchestrates the CEMA jamming from airborne platforms and DDoS attacks over the Internet, measures the impact, and keeps JointOpsCmd informed of the operation.

Tactical level concept of use

A: The Air Component Command (ACC) plans to target a strategic manufacturing site in adversary territory. The site is defended by a strong ground-based air defence (GBAD) that would prevent any successful air strike. The Air CEMAC is tasked with determining how it can support the future mission. After analysing the adversary's primary GBAD and secondary support systems, Air CEMAC identifies possible vulnerabilities in the power supply system for the manufacturing site. The electric grid has only one transfer station that feeds the site.

Air CEMAC drafts a mission order as part of the Air Tasking Order, and after the approval from the Commander of ACC, the mission execution is launched. The Air CEMAC coordinates parallel wiper attacks to suppress the grid control system and electromagnetic pulse attacks to burn auxiliary HVAC controllers. 

B: Cybersecurity Operation Centre (SOC) surveys and reconnoitres the Internet and adjacent Intranets within the Area of Interest for adversary activities. When detecting an imminent threat and analysing its potential impact in Blue Cyberspace, the SOC creates courses of defensive action in collaboration with the NOC. 

The NOC communicates CoAs either to the Component Commander or the Joint Commander, depending on the area of potential effect. After the decision, the SOC and NOC implement preventive actions, monitor the situation and prepare for recovery.

Conclusion

Cyber and Electromagnetic Activities do not integrate well in support of all campaigns and areas of operation. The more digitised and mobile the adversary, the more vulnerabilities and potential for systemic effects there are for CEMA's offensive activities, either independently or as a course of action in support of information or kinetic operations. The more network-enabled the Blue Force is, the more options the adversary has for asymmetric effects. Hence, the integrated CEMA defensive actions are necessary for Forces that aim to improve through digital transformations. Whereas, in other operational confrontations, the integration of cyber and electronic warfare means and ways do not necessarily achieve the intended ends.