Principles of system and its management
Every enterprise creates a viable system that functions within a viable system. Every system can be described by defining the operation i.e. system. The operation has an overlaying metasystem for control i.e. management. This cybernetic structure is functioning in an appropriate environment affected by many interactions. According to Stafford Beer (1981), these three functions are necessary to any organization. A military organization may be described by using Beers model as illustrated in Figure 1.
Figure 1: A generic model of a military enterprise with its management structure
Each of the Services (Land, Navy, and Air) operate in their particular area of operation. They are commanded with their operative level management. The Armed Forces is having management (Commander in Chief) who has command (Direction) over all Services . The Commander and his general headquarters also coordinate the effort between Services with one hand and with another hand he audits the interaction between services and their area of operation to judge the outcome of their effort. Besides the current operations described above, the Armed Forces need planning function to analyze possible futures and prepare forces for both opportunities and challenges. Since planning and current operations may have contradicting focuses, there needs to be a strategic vision, identity, to drive the balance between everyday operations and preparing for the future.
The following story may describe a military organisation in its operation:
The commander of Land Forces is executing his mission for preventing adversary to approach key terrain in the desire to gain leverage for their offensive. The commander is facing a dominant adversary with lots of indirect firepower and asks fire support to suppress the artillery battalions his troops are suffering.
The joint chief of operations receives a request from Land Forces, assesses the situation and issues support task to Air Force as they are the quickest to provide it. He also tasks his operational division (J3) to coordinate support between Air and Land Forces. The commander of Air Force receives the request for support and task to provide it. He establishes a connection between his staff and the headquarters of the Land Forces with the assistance from the liaison officers of each staff.
Meanwhile, the Joint Chief of Intelligence meets the Joint Chief of Planning in General Headquarters with alarming news. There is evidence that the adversary is transporting more reserve troops to the theatre of operation via railroad. They meet the Joint Chief of Operations and try to find a balance to Joint Fires situation. The Commander in Chief makes the decision to constrain Air Forces support to what has already being prepared, assigns heavy artillery battalions to support Land Forces and gives a mission to the Air Force to destroy transport avenues and suppress the reserve units.
The military organization is viable when it survives the external threats, maintains its integrity against internal threats, evolves as environment changes, can create synergy with its parts and is able to maintain dynamic equilibrium with its parts. The usage of information supported by Information and Communications Technology is essential in enabling the viability of a military enterprise.
Delivering military value with ICT
The traditional military capabilities are Force Utilization, Force Production, and Force Support . Military command and control is a bundle of processes that monitors, assesses and directs the before mentioned capabilities. The loop of Observing, Orienting, Deciding, and Acting is the foundation for all command and control (C2) in military affairs. ICT –structure bounds the C2-functions together over boundaries of organizations and distance of geography. The information that ICT-related functions provide enhances military command and control processes - i.e. adds value - in Force Utilization for example as follows:
- the effect of kinetic arms by accurate, on-time targeting data, improved ballistics, cursor-on-target, fire-and-forget
- Situational awareness by providing both blue force and red force pictures
- Commander understands the possible future
- Trust between units and entities in the battlefield.
The value of information and supporting ICT-functions for the force utilization capability can be defined as the following use case:
Reconnaissance observes that motorized enemy formation is advancing. The event is forwarded with ICT based systems both to the commander and his troops. The commander includes the event to his orientation. He decides to launch one of the prepared countermeasures. Units receive these orders by ICT-based systems right after getting the observation of inbound motorized adversary.
The air surveillance detects incoming enemy fighter/attackers. The event is forwarded to all units as part of Recognized Air Operational Picture, RAOP. Based on the information, land units take cover and anti-aircraft units prepare to fire.
The value of information in OODA –loop can be illustrated as a stream in Figure 2: Observer – ICT – Orienteer – ICT – Decider – ICT – Actor. The information is the glue to a battle system. Information is provided by ICT functions that bind military force as System of systems.
The Red Force (i.e. enemy) is trying to gain dominance at information level by surprise, deception of sensors or sense-making, or trying to deteriorate the trust between commanders, their troops, and ICT-systems of the Blue Force. They use all means and ways of the Information Operations to gain this effect:
The Red Force deploys trolls to create fabricated discussions in social media, sends malicious manipulated content with Twitter, and has famous people to promote their agenda. The Red Force conceals the identity of the force they send to the operation and thus denies the action of international agreements and coalitions. The Red Force has breached the ICT-systems of Blue Force and now launches the countermeasures for their processing capability. They deny the availability of ICT-services, deny the truth of data, and launches malicious software to increase complexity in the cyber environment.
The enemy collects electromagnetic radiation to analyse the operation idea and weaknesses of the Blue Force. They launch jamming operations to conceal their true movement and prevent the Blue Force to use their communications freely. The Red Force tries to locate the command structure of the Blue Force and suppresses their command posts by missile attacks, special operation forces attacks or terror attacks.
Figure 2: An example of value stream enabled by ICT functions
The value ICT-functions are providing is defined as information that binds different parts of force utilization together, produces understanding to commanders, produces awareness to troops and builds trust among all stakeholders and their tools . If the adversary can suppress ICT-functions at least for a time, the Military System of systems disintegrates to sub-systems inefficient independently.
The valuable information is more appreciated if it is provided with:
- On-time and in-place of need
- Flexibility to adapt changes in situation
- Support that response within expectations
- Ease of use, resiliency and security
- Integrity, accuracy and continuous flow.
The value is perceived differently at each level. The commander appreciates more if information improves his understanding of possible future, information enables him to achieve an advantage over the adversary, or information leads to success. Troops appreciate more if information comes when needed and is true so they can survive the battle and be successful.
Enabling military capabilities with ICT
Information Superiority over one’s adversary can be defined according to Sun Tzu: “if you know your enemy and know yourself, you need not fear the result of a hundred battles” . The knowing can be divided into two attributes: Understanding and Awareness. The information flow, supported by ICT-functions, improves Commander’s Understanding and Situational Awareness of troops as depicted in Figure 3.
Figure 3: An example of Information and its meaning to Force Utilization
Reconnaissance has observed that motorized enemy formation is advancing. Observation is forwarded both to the commander and his troops. The commander reflects this event to his operational analysis, which is based on a combination of historical, resource and doctrinal knowledge about the enemy. He identifies expected a pattern in the enemy maneuvering and decides to launch one of the prepared countermeasures. Units receive the orders right after they become aware of inbound motorized adversary in their view on Recognized Ground Operational Picture, RGOP. They commence a prepared action based on Blue Force Track of their units and engage the approaching enemy based on Target Acquisition information from the position that gives a terrestrial advantage to them. The commander monitors the proceedings of his troops from Recognized Operational Picture.
The air surveillance detects incoming enemy fighter/attackers. The event is forwarded to all units as part of Recognized Air Operational Picture, RAOP. Based on the information, unit commences their prepared countermeasures. The commander of the operation gets confirmation of pattern he recognized earlier. The enemy has launched deep flanking manoeuvre with strong air to ground support. He notes this as operation plan of his adversary and assesses again all other ways that adversary can surprise him with means in reserve.
As information becomes a value, it needs to be managed and governed. There needs to be accountability defined within the military force. The owner is responsible for the particular type of information through its life-cycle. Records Keeper stores information according to requests from the owner and keeps records available. The user of information is getting the value out of it. The provider of information pushes or publishes information as events or stream to all possible users. The protector is accountable of defending the confidentiality, integrity and availability of information.
Managing Risks of Information and ICT-functions concerning Operational Security
As information becomes more valuable to military force utilization, the aspiration of the adversary to suppress it grows. If the adversary can deny the information flow either from commander or troops, they become disabled. Suppression happens when the adversary can disable ICT-functions so that the Blue Force is disintegrated to elements, platforms or units of single function.
When considering the information value chain described earlier, the trust between men and their machines become the most desired target for an adversary. Further the chain of information extends and comes more interdependent, the easier it is for an adversary to break it and deny the availability of information. With few sequential breaks, service is suppressed to a degree that people start losing their fate on machines. More intense the situation, quicker people switch to alternative methods or busy themselves with meaningless work. Once lost trust is hard to regain and sometimes takes, even more, time than building trust up in the beginning.
Besides trust, the other important factors in risk analysis are Reliability, Integrity, and Confidentiality, all parts of Security. Long chains of information service are vulnerable since all links are needed for fully functional service. One link down in the long chain of information service is a seed for mistrust. If the incident is not remedied led by service driven process, then availability is lost for a longer time, and trust deteriorates beyond repair.
A standard military procedure is requiring three independent detections of the same target before data is qualified as trustworthy. With three sources of information, one will achieve 50% probability of getting true detection. It does not need a lot from adversary to turn the table to his advantage with a little deception of sensors or man-in-the-middle manipulation.
The last essential foundation for trust is sureness that the enemy does not know as much as you do. If the confidentiality of the information flow is lost and the enemy may gain information superiority this way, the trust to technical systems is lost.
Risk management of ICT-related issues in a military environment is crystallized into TRUST. The trust is a function of Availability and Security as depicted in figure 4.
Figure 4: The essentials in managing risk of ICT systems
The availability of ICT system of systems is also endangered by continuous change. There are a plethora of sources for changes in ICT systems. Vendors are updating their software products in continuous streams. The detection of malicious software requires updates several times during the day. It becomes harder to keep up detecting specific fingerprints of new viruses, worms, and other malevolent applications as their production rate is almost 100 000 new variations per day. Changes are also due new requirements that users are expressing as their operation advances. The adversary is also trying to disintegrate the ICT system of systems into dysfunctional parts and changes are made to remedy lost assets.
Most of the military ICT service providers do not allow untested changes in their operational environment. Thus, they have established Testing and Evaluation environments to do pretesting, staging and integration before releasing new configurations to be implemented through change management. The change management is one of the foundations for ITIL service delivery processes.
The importance of trust may be illustrated with the following story:
Besides being surprised by the thrust of German armoured left wing through the Ardennes, the Allied defeat in France in 1940 was because of inadequate communications. The telephone system was unreliable; telegram messages were chronically late. The high command was not able to communicate with its subordinates and become divorced from reality. The British communications relied on wired lines, which were not applicable in mobile warfare. The few radio connections were overburdened with encrypted messages. Thus, intolerable delays were created.
Managing the performance of ICT related functions
The performance of military ICT related systems, processes, and people may be expressed emphasizing the user view of value with function pictured in figure 5:
- Quality of services
- Availability of services
- Security of information and ICT assets
- Timely provided services
- Cost-efficiency from operational expenses viewpoint
- Return of Investment from capital expenses viewpoint
- Added ICT capability to provide new opportunities to military affairs.
The weight on current operations emphasizes the lagging metrics for performance. Only the last metric is more leading in building added capability for future.
Military environment emphasises the current performance over possible future. As defined earlier, Availability and Security are the main performance indicators in a military environment. The commanders of forces require ICT services provided in new positions, with different quality and pace. They expect these requirements to be fulfilled on time aligned with the proceedings of their operations. When users face problems in using ICT services, they expect to get resolution promptly. Information services provided to units vary in volume, sensitivity to delay and integrity. All these features are included in Quality of Service.
The value chain that provides ICT services is measured against the cost-efficiency of operations, OPEX and ability to provide Return on Investment, ROI through the life-cycle of system components. Finally, the last key performance indicator is measuring the leading feature of being able to build future ICT services and implement them as part of System of systems.
Figure 5: Performance of ICT system of systems
The following story illustrates the challenges in managing performance of CIT services:
A Signals Force was used to take care of their ICT -systems and believed that the systems were valued by their supported. Great was the confusion, when the Joint Chief of Information, JCIO demanded performance to be measured based on the availability of connection. The telephone was not the service but just a mean to deliver a connection to end user. The quality of voice communication and accessibility of subscribers become more important for the JCIO than the mere device.
Furthermore, the JCIO preferred the swiftness of change of a subscriber access line and accuracy of the telephone catalogue over the model of a telephone. The commanders of Signal units were appraised based on how much human resources they were spending per connections and subscribers. They were shocked since this was entirely new management culture they were expected to adapt.
Managing ICT related resources
The means, that ICT Services are made of, include human capital, material, immaterial, financial, organizational and facility resources as depicted in figure 6. These resources are transferred to ICT Service Production with other enablers: Principles, Processes, and Culture . The resources are distributed through the life-cycle:
- means that are sustaining the older, legacy parts of ICT System of systems
- means that are operating the principal parts of the current system of systems
- means that are involved in developing new features or components for a future system of systems
- means that are kept in reserve.
Figure 6: Resources enabling the production of ICT services
The adversary that is bound towards attrition type of operations tends to use force in destroying resources as much as possible to exhaust their opponent. Thus, military ICT needs to have resources in reserve, survivability under the fire, resilience in their utilization and reliability in the structure of ICT system of systems. The requirement for survivability may be illustrated as follows:
The structure of military ICT needs to follow architecture beyond the high availability of civilian IT or n+1 reliability. The rational adversary is trying to disintegrate the physical and logical topology of military ICT structures. He optimises the usage of warheads in the main nodes in the topology. The simple topology of the hub to spoke requires only one strike to take down the centre and leave the spokes isolated. More connected topologies require more strikes but only fully connected provides the best survivability if the structure is self-healing as illustrated in Figure 7.
Figure 7: Examples of topologies and their survivability in military area of operation
There should be a constant change ongoing to keep the cost-performance of ICT system of systems in balance. If though, for some reason, there is a need to do more discrete change, the management of resource transformation from legacy structure towards a structure that provides new capabilities might become a challenge. There is a minimum level of ICT capability that needs to be ensured through the entire transformation. Almost all existing information needs to be migrated from old systems to new systems. Thus, it takes time and resources to transform modern ICT structure. This is illustrated in the following story and Figure 8:
Signals provide continuous service and readiness to bind together all components of military force. Thus, there is a minimum level of capability that Signals is required to provide continuously. When Signals is facing a major technology transformation, it needs to extract its most professional teams from providing legacy service, lower the service production to its minimum level and assign these most competent teams to build new technology and processes. Sometimes this requires also other changes in sourcing the legacy services. The sustaining units may have to take new responsibilities of old users. Vendors may be needed to take responsibility in operating some legacy but familiar ICT service while Signals units focus on building new capabilities.
Building new capability sometimes follows S-curve. In the beginning, it takes time to have new systems settled and processes in place, but once the pilot is accomplished, then migration might be accelerated. From another viewpoint, the end user may be slow in adapting new services but after first quick wins and reliable production, they become the quickest learners for the new features.
Figure 8: Managing the transformation of CIT capability
Assuring the strategic alignment of ICT efforts
The ICT service production is firmly a user and client driven chain of value. The major drive is to fulfil everyday needs of users, commanders, and maintenance. Everyday challenges of units pull the ICT service production to consume more resources in resolving end user problems at the tactical level. The operational level Commanders project their new requirements with a strong will. The ICT service development is driven strongly by these demands towards achieving immediate operational objectives.
Every ICT service provider has their flow of maintenance changes that alter the configuration daily. There is also development stream particular to each service provider that provides new components fitting into their future special needs. Thus, it is difficult to maintain strategic focus and use resources in building new ICT capabilities for future through the entire value chain.
Figure 9: Challenges in gaining strategic alignment
The strategic goals and programs should be presented together with tactical and operational requirements on the boards of decision making. Every decision of change should take ICT services towards strategic goals, or else entropy will create disorder within the System of systems. There should be Chief Information Officer, CIO responsible for both usages of information and production of ICT services at all levels from strategic down to tactical. The CIO is the adviser to the commander in information and ICT related matters. The CIO does monitoring, assessing and directing using the ways of guidance of the ICT capability owner, the hierarchy of military command and control, and coordination and auditing of a general model for management.
Since ICT structures have complex interdependencies, the CIO needs to hold in one hand a Portfolio to manage HOW things are proceeding. The ICT portfolio includes both legacy capabilities and new capabilities for balancing their transformation and sustaining the minimum level of readiness. The portfolio also helps in managing key resources as most competent teams of CIT professionals and other sources of professional service production.
In his other hand CIO holds an Enterprise Architecture to define WHAT needs to be built in proceeding towards different and sometimes contradicting goals. The Enterprise Architecture explains how functions of military affairs are supported with Information, which is supported by Information and Communications Technology. It helps CIO to communicate his strategy to his superiors when asked about reasons to invest in Information and ICT. It also helps him to communicate the requirements and meaningfulness to his subordinates who are otherwise interested mainly technical issues.
The Governance model for ICT related issues
The governance of ICT related matters include all aspects of COBIT 5 management mainly strategic alignment, value delivery, risk management, resource management and performance measurement. Before defining the management, this paper described the value stream and all value chains related to ICT service production. The basic process of governance is a cycle of monitoring, assessing and directing according to level and model of the Armed Forces general command and control structure.
The cycle of governance uses ICT capability portfolio to refer HOW the thing was planned to do versus how they are implemented. Governance also uses Enterprise Architecture from strategic level down to tactical level defining WHAT is done currently versus what needs to be done to achieve goals.
Figure 10: A simplified model for the Governance of ICT-related issues in Military Environment
The ICT governance framework depictured in Figure 10 above is a basic method to govern or manage from strategic level through operational level down to tactical level. Only focus and ways are different at each level.
The main challenge for governance is the nature of value chain structures needed to put together and provide information based value to military users. The length of value chain may stretch all way from Redmond, Washington (Microsoft) to Shenzhen, Guangdong (Huawei). Unlike other pieces of military armament, no one manufacturer takes the life-cycle responsibility for all components of ICT. The only responsible remains the Armed Forces themselves. The mainstream of ICT development is not following military requirements but needs of consumers and civilian enterprises.