Inspired by @RCRBuck and my recent discussion with @DavePerryCGAI and @CAGlobalAffairs, I want to take a moment to talk about:

Burden sharing and the cyber components to NORAD modernization (re: Joint All Domain Command and Control [JADC2]) #canmiltwitter
So what is JADC2? You'll often hear it described like it is a single capability or strategy, but in reality, even the United States is trying to figure out the specifics of it.

The best way of understanding JADC2 is that it is about connecting everyone and everything.
Connecting all sensors is A LOT of data. Not only do you need to bring all that data together, you need a way to process all of it and get information to commanders in a timely fashion.

Easier said than done when you have a massive mix of tech that was made to not work together.
A few problems thus arise:

1. What do we do with all the data collected?
1.1. How do we ensure that data is available and secure for commanders?
2. How do we process that data so it is useful for the military?
1. What do we do with all the data from sensors, radars, intelligence, etc?

The Cloud!

A secure, military cloud network for commanders to share data for joint operations.
So I am sure you're asking yourself

"Isn't connecting everything together in a system of systems just net-centric warfare and JADC2 is putting another name on it?"

JADC2 is the logical step in net-centric warfare by introducing
So we have this big cloud to continue with net-centric warfare, enabling the next generation in its use. However, the big missing piece from all of this is how they plan to process the data.

That's where Artificial Intelligence/Machine Learning (AI/ML) comes into play.
What the US military wants to process all of this data is AI/ML to handle the processing, leaving operators and commanders freedom to use the data instead of making it ready for use.

To say AI/ML will handle this sounds insane, but in reality it is a big coin sorting machine.
Think of a radar station and a personal computer as two different nodes on a network. Each will produce data and information that represents a coin.

Each coin has different value tied to it like a coin's worth. However, consider how long it takes to sort a massive pile of coins
The concept is to develop a means of processing all of these coins quickly so that it can be used by anyone who would require this data in any type of environment.

The aim: Joint operations that occur like it's one's natural actions.
The concept is really cool, right!? The US military have recently started to do pilot projects to try to implement this on the service and unit levels and are trying to figure out scaling everything to the continental defense level.

But what about Canada?
As much as Canadian military have struggled to stand up anything related to cyber, it will soon face a crisis from the lack of strategic and operational planning about scaling capabilities for JADC2 integration with NORAD.

The importance of this is because of NORAD Modernization
Although a lot of the attention on NORAD modernization is about the new radar network, hypersonics, F-35, and more, but infrastructure broadly remains one of the core aspects of this upgrade.

Upgrading all-domain command and control is the central aim, guided by JADC2.
Thus we are faced with an imperative to improve and upgrade the CAF's cyber infrastructure to meet these needs. However, with more cyber infrastructure comes the need to defend more assets on DND/CAF networks.

Not too bad of problem to face, right?
Presently, based on work of the prior DG of Info Ops in Canadian military, they have the money but desperately need the people. Albeit this is an ongoing issue for the CAF overall, but the need for cyber people predate the current crisis.
Thus we're faced with the current problem:

DND/CAF is way behind in planning for JADC2 and cyber in NORAD modernization. DND is also lacking:

Policy addressing cyber
Cyber operators
Capabilities (Infrastructure, Offense, Defense)
It is difficult to put my finger on a single problem or solution to address to fix this, but it highlights a broad systemic issue in the Canadian government.

Plainly, the Government of Canada is failing to keep Canada and Canadians safe in cyberspace.
The government has made efforts over the past year to make it seem like some change was in the works, but they have thus far appear to be placating those of thus concerned about cyber defense.
This brings us back to NORAD and burden sharing. Already Canada is being increasingly seen as negating its commitments to NORAD. While Canada has made some moves to make the US happy, little has been done on cyber.
The US and NATO has increasingly pushed and requested Canada to take on a bigger role to ensure cyber defense and counter adversaries, with little follow through.

What will be the result when it comes to talk about JADC2 integration?
The US has had some MAJOR attacks uncovered the last couple of years. The last thing they want are new, vulnerable networks that can be used to laterally move into US DOD systems.
The US is very much aware of this too. This then begs the questions:

What is the Canadian government doing to ensure it shares the security burden in advancing JADC2 in NORAD?

Does the United States trust Canada's ability to handle cyber defense?
These are the question currently not being discussed, but the United States is intimately aware. Most countries understand the strategic importance of cyber. Few understand the strategic importance of and taking it serious.
Canada is beyond being at a crossroads.

Canada is headed towards an accident.

If it does not begin to break down the arbitrary barriers to acquiring cyber capabilities and modernizing its cyber force structure then it is going to be viewed as a bad ally by the United States.
Based on word of the former DG*

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Alex Rudolph | @alexfrudolph@infosec.exchange

Alex Rudolph | @alexfrudolph@infosec.exchange Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @alexfrudolph

Dec 21, 2022
A big ol' whopping $2.7 million for ISS end-user devices for the integrated soldier system.

Coincidentally, I am writing a paper about the integrated soldier system and cyber. So let's take a look together!

#cdnnatsec #canmiltwitter #cdnpoli
So what is the Integrated Soldier System (ISS)?

In modern warfare, when the military tries to connect everything to everything, the ISS is the military's (notably the Canadian Army) to turn soldiers into walking sensors.

But what does this mean?

canada.ca/en/department-…
Remember the game of telephone? Where a message moves along and changes little by little until, at the very end, the message is completely different.

Now imagine a similar game of telephone when soldiers attempt to communicate intelligence to an aircraft or artillery.
Read 6 tweets
Nov 21, 2022
Recently the MIT Tech Review released their global cyber defense ratings, which ranked Canada as the 5th top country contributing to cyber defense.

I am here to tell you and explain how this is completely false.

#cdnpoli #cdnnatsec #cyberdefense #CDNdigital Image
Canada deserves a good score because of its private sector, but the federal government's policies and direction of cyber defense is ad hoc, shallow, and broadly lacks coherent direction or recognition of cyberspace as a threat environment.
There is a lot to discuss, but I'll focus on cloud networking.

On paper there is a lot of good that Canada has planned, it is working towards a classified defense cloud network in the Canadian Armed Forces (CAF), but last I heard the estimate for delivery/completion is 2030.
Read 18 tweets
Jul 20, 2022
In my new article I talk about a pernicious security culture that deprioritizes cyber defense in Canada. What do I mean by this?

I mean when the status quo is favored over the security of Canadians. Let's take a look at the case of MLA @ThomasDangAB to see what this means A 🧵
As the then Alberta NDP Infrastructure Critic, Dang investigates a tip from a constituent about potential vulnerabilities in Alberta's COVID-19 vaccination records. The Health Minister's office is informed of this vulnerability by phone and email.

cbc.ca/news/canada/ed…
This is called vulnerability disclosure and is central to cybersecurity.

Instead of being commended for his work, the RCMP initially sought criminal charges. What has resulted is months of attention around Dang’s alleged hack and not the vulnerability.

docs.hackerone.com/programs/vdp-v…
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(