Presentation given International Society for Military Science conference 2021, Oct, 12-13, Kingston, Canada, 2021
Defence capabilities are hard to gain and expensive to maintain. Therefore, the decisions concern... more Defence capabilities are hard to gain and expensive to maintain. Therefore, the decisions concerning defence investments are hard to take. Furthermore, even the best investment may become obsolete when adversary finds an asymmetric way to nullify it’s feasibility in battlefield. The process of creating scenarios, assessing military situations, designing system of systems capabilities and wargaming them to see their feasibility in confrontation takes time, expertise, and effort. One wonders if modern computing power, accumulating data and deep neural networks may help in accelerating the evaluation process. Is there a way to automate the evaluation of defence capabilities impact and accelerate the decision making on defence investments?
Uploads
Papers by Juha Mattila
Motivation for the review came from the researcher's need to create a cyber strategy for a smaller nation and accelerate its cyber force generation. Hence, the multidisciplinary research process had many sequenced spirals of analyses, implementation, and improvement spanning over 2014 to 2022. The original survey included several countries, but this publication samples only three based on their different competency sourcing approaches.
Building the cyber capability combined with its traditional information operations and control of the domestic information domain, Russia has fostered cyber criminals and other proxies to ramp up their financially motivated cadre of cyber warriors. (Bowen, 2022) Their military force generation seems challenged to maintain about 5000 strong cyber forces, possibly because of a cultural incompliance (Red Army vs young, urban ICT professionals). (Clark, 2020) Despite the evident challenges, Russia has been able to impact adversaries' behaviour through the cyber realm, e.g., 2016 hacking of U.S. political organisations, 2017 NotPetya disruption, and 2020 SolarWinds exploitation. (Lilly & Cheravitch, 2020)
The U.S. has been building its capabilities with a narrow focus on the cyber domain gradually from information security, then cyber defence and finally, cyber offence. Starting from 2012, they generated over 6000 strong Cyber Mission Force in six years using a network of the defence industry, universities, and R&D organisations to provide the training. (USCYBERCOM, 2021) As a compliance-driven culture, the U.S. military struggles to keep its cyber warriors at expected competency levels, possibly because of the narrow population of recruits. (GAO, 2019)
Iran's cyber capability builds on the need to control the domestic information sphere. After the 2010 Stuxnet attack, Iran accelerated its effort to build cyber defence and offensive capability. (Wood, 2021) Within twenty years, they have used many ideologically motivated people to gain a force (2400 + 1200) with low-level skills to exploit cyber vulnerabilities abroad. (Bastani, 2015) Iran has successfully used the global cyber-criminal society and open source to acquire tools and competency for its activists. (KFCRIS, 2020)
All three countries have challenges recruiting, motivating, training and maintaining their cyber troops. Nevertheless, sourcing potential recruits is easier when there is a legacy field to combine the generation of new capabilities, i.e., control of domestic information space in Russia and Iran. These countries have used financial and ideological means to improve the motivation of their candidates. Subsequently, the competency has been gained either through hands-on training in small, entrepreneurial teams (Russia), industrial training programmes (USA), or acquiring tools and knowledge from open markets (Iran). However, all countries struggle to coordinate their cyber units in all-domain operations and improve their ability in a fast-evolving cyber environment.
Motivation for the review came from the researcher's need to create a cyber strategy for a smaller nation and accelerate its cyber force generation. Hence, the multidisciplinary research process had many sequenced spirals of analyses, implementation, and improvement spanning over 2014 to 2022. The original survey included several countries, but this publication samples only three based on their different competency sourcing approaches.
Building the cyber capability combined with its traditional information operations and control of the domestic information domain, Russia has fostered cyber criminals and other proxies to ramp up their financially motivated cadre of cyber warriors. (Bowen, 2022) Their military force generation seems challenged to maintain about 5000 strong cyber forces, possibly because of a cultural incompliance (Red Army vs young, urban ICT professionals). (Clark, 2020) Despite the evident challenges, Russia has been able to impact adversaries' behaviour through the cyber realm, e.g., 2016 hacking of U.S. political organisations, 2017 NotPetya disruption, and 2020 SolarWinds exploitation. (Lilly & Cheravitch, 2020)
The U.S. has been building its capabilities with a narrow focus on the cyber domain gradually from information security, then cyber defence and finally, cyber offence. Starting from 2012, they generated over 6000 strong Cyber Mission Force in six years using a network of the defence industry, universities, and R&D organisations to provide the training. (USCYBERCOM, 2021) As a compliance-driven culture, the U.S. military struggles to keep its cyber warriors at expected competency levels, possibly because of the narrow population of recruits. (GAO, 2019)
Iran's cyber capability builds on the need to control the domestic information sphere. After the 2010 Stuxnet attack, Iran accelerated its effort to build cyber defence and offensive capability. (Wood, 2021) Within twenty years, they have used many ideologically motivated people to gain a force (2400 + 1200) with low-level skills to exploit cyber vulnerabilities abroad. (Bastani, 2015) Iran has successfully used the global cyber-criminal society and open source to acquire tools and competency for its activists. (KFCRIS, 2020)
All three countries have challenges recruiting, motivating, training and maintaining their cyber troops. Nevertheless, sourcing potential recruits is easier when there is a legacy field to combine the generation of new capabilities, i.e., control of domestic information space in Russia and Iran. These countries have used financial and ideological means to improve the motivation of their candidates. Subsequently, the competency has been gained either through hands-on training in small, entrepreneurial teams (Russia), industrial training programmes (USA), or acquiring tools and knowledge from open markets (Iran). However, all countries struggle to coordinate their cyber units in all-domain operations and improve their ability in a fast-evolving cyber environment.
The paper studies how feasible the contemporary ICT -governance methods are for military organisations while executing digital transformation. The research implements the action research method since the researcher has participated in two journeys of military transformation. First, a review of these two cases shows the military utilisation of the governance methods and models. Second, the standard methods are reflected against the most challenging transformation problems to see if they could provide support. Third, the methods are challenged by the range of variety in complex system transformations to test their flexibility.
Based on the research on two digital transformations, military enterprises seem to fall short in applying central ICT governance standards and methods. Therefore, they are not getting the best available support. Secondly, the contemporary governance methods do not address all the pain points in military transformation. Hence, the utilisation degree and transformation benefits are not well correlated. Thirdly, modern governance tools are inflexible in addressing various situations, transformation goals, and organisational maturity. In summary, the research surfaces some new gaps within the contemporary ICT governance toolbox when applied to the complex socio-technical transformation in the defence sector.
development both by state and non-state entities in the cyber environment. Several models for inter-state power projection
are created in studies of international relationships, military strategy, and, recently, hybrid warfare. Do these models recognise the foundational transformation in international power projection? Do they explain the current national cyber strategies? Can they help foresee the possible developments of power projection in international confrontations?
The paper seeks a bigger picture from other power strategies in fulfilling the state’s political ambitions. Furthermore, the paper explores the evolution of the cyber environment and its possible emerging features for international power projection. A constructive research method builds a multiple domain power projection model by combining systems thinking with various models from international relationships, military strategies, business strategies to classical decision making. Finally, the feasibility of the model is tested in a case study of Russian cyber strategies and actions between 2007-2020 from a positivistic approach.
As a result, the model seems to help explain the past cyber power-wielding and provide insights into current national cyber policies. Further testing is required to evaluate the model’s feasibility in creating a foresight. Nevertheless, the proposed state-level cyber power projection model extends the existing models with a system dynamics viewpoint. Additionally, it adds the dimension of evolution to consider the future changes of international power projections in the information realm.
Hence, the model improves the ability of national defence planners to study cyber strategies and estimate the lines of operation and impact of cyber operations.
The transdisciplinary approach supports the modelling of the entire enterprise in all of its complexities and over a longer time. In contrast, the current monodisciplinary focuses only on parts of an enterprise at a particular window of time. By definition, transdisciplinary research fuses findings across the disciplines, between the disciplines and beyond the disciplines. Furthermore, the framework supports spiralling
between scientific methods and non-scientific practices. The case study utilised a spiralling research process that provided a tighter feedback loop from application in practice to model development in theory. The transdisciplinary spiralling approach provided an iterative approach to verify the outcome, reduce the complexity, and address the practitioner’s reality.
Hopefully, the research approach used in the case study and the tool created will improve enterprise architecture practice to ensure a successful digital transformation of military organisations.
The research focuses on improving the modelling of the evolution of a military enterprise in its core knowledge creation processes of organisational learning, sense-making, and decision-making. The transdisciplinary research aims to understand the whole enterprise, in all of its complexities, instead of focusing only on parts of it. Indeed, transdisciplinary research involves across the disciplines, between the disciplines and beyond the disciplines. Therefore, this research evolves spiralling between scientific methods and non-scientific practices. The study follows a process that provides constant feedback from application in practice to model development in theory. The process offers an iterative approach to verify the outcome, reduces the complexity, and meets the practitioner’s reality, similar to the engineering method called spiral development.
The short paper uses an enterprise architecture (EA) tool developed specially for military enterprises to assess the opportunities and challenges in adapting the benefits of AI. The EA tool analyses the strategic posture and operational processes of a military force. Furthermore, it focuses primarily on the command and control related capabilities including sense-making, decision making, and organisational learning. Additionally, the tool helps to analyse the readiness of information, security and technical structures of armed forces.
This paper introduces an enhanced EA tool that improves the success of EA practitioner in assessing opportunities and challenges of military enterprises applying AI in their transformations. We approach the challenge from pragmatic view using design research methodology to define the problem, find a tool for a solution, demonstrate it in a case study and evaluate results. The proposed Tool helps the EA practitioner in modelling the full stack of an enterprise from culture down to technology. Secondly, it helps EA practitioner to recognise opportunities for using the features of AI. Thirdly, the Tool illuminates the interrelated evolutionary forces between the structural layers and reveal possible challenges in transformation. Consequently, the EA practitioner can provide advice to military decision makers in implementing features of AI, avoiding the typical pitfalls of practice.
The research followed the consulting unit over three years supporting their efforts. We used a case study method to collect data, constructed a conceptual architecture, and conveyed findings with management viewpoints. While promoting the business transformation of the consulting unit, the conceptual model proved its feasibility in practice but also against the class of criteria set to enterprise architecture. Therefore, we discovered a practical architecture model for consulting business to support the analysis of the journey until today and help in foreseeing future opportunities even in a crises situation.
Artificial Intelligence (AI) stands out as a new magical way to transform the digital age to further heights [1]. How can we assess the readiness of military enterprise in adopting or innovating new capabilities enhanced by the AI related technologies?
The short paper uses an enterprise architecture (EA) tool developed specially for military enterprises to assess the opportunities and challenges in adapting the benefits of AI. The EA tool analyses the strategic posture and operational processes of a military force [2]. Furthermore, it focuses primarily on the command and control related capabilities including sensemaking, decision making, and organisational learning. Additionally, the tool helps to analyse the readiness of information, security and technical structures of armed forces.
The coherent EA model is tested in experimentation where three separate transformation journeys of different Armed Forces are analysed from starting point to end state. The validity of the model is assessed according to its usability in determining possible positive and negative forces affecting the transformation of a military enterprise and providing advice to manage the change. The EA model focuses on helping architects working in the field of military Command, Control, Communications, Computers and Information (C4I), to examine their existing situation, to find realistic paths for transformation and to provide advice in each step of change of military enterprise.
The design of research follows the approach of pragmatic worldview, using qualitative deduction in explaining how military affairs (business) have evolved through time and how that may affect the way C4I systems should be implemented. The paper assumes that evolution of military affairs can be explained by a confrontation situation defined by Clausewitz (1984) using a combination of the Ross et al. (2006) model for strategic operation methods and the Gattorna’s (2010) model for a strategic position in the competition. When main changes of military affairs from 30 years’ war to contemporary doctrines are studied through the hypothesis, a roadmap of evolution in military affairs emerges. The roadmap tool is further tested by three reductional experimentation cases.
The evolutionary architecture roadmap considers military affairs from confrontation, organizational structure, and a strategic resources approach focusing on the business level. The roadmap explains better the dynamic nature of business architecture thus avoiding the linearity of existing architecture frameworks. Consequently, a more balanced systems based model is proposed to the Military Science and business architecture body of knowledge.
For many military enterprise architects, it is challenging to define how the strategic posture and processes of the organization will adopt the tools and systems being rolled out. The roadmap for the evolution of military affairs helps the architect to assess the status of affairs. It also helps the architect to consider different approaches to develop military capabilities and the culture without creating insurmountable obstacles between the information systems and existing habits.
Keywords: Business Architecture; Military Affairs; Enterprise Strategy; command, control, communications, computers, and information system; Enterprise resource planning
The research follows the lines of the hypothetico-deductive model. The paper assumes that there exists a trust mechanism of physical, system, application, and container (Chen and Gong, 2012) and that there exist paths of development linking these trust mechanisms together that an enterprise will follow when selecting one trust mechanism to replace an another. When the hypothesis is studied with an evolutionary model based on the work of Mokyr (1998), Andriani and Carigani (2012), and Choo (1998), different paths of transformation emerge. These paths are illustrated on a roadmap that reflects different evolutionary powers and approaches for military information security.
The roadmap is tested with several empirical cases captured from military organizations past 20 years. Changes in commercial information security also validate the roadmap. Together these cases demonstrate the validity of the hypothesis. The resulting roadmap for information security illustrates both stages, paths, and forces of evolution for enterprise architects to analyse complex transformational situations.
For many enterprise architects, it is hard to define how the business and cultural natures of the organisation will react to renewed technology. The roadmap for information security helps the architect to assess the status of information security of the enterprise by focusing on the trust mechanism. The architect can then use the roadmap to consider different development paths, optimizing technical solutions with business structures and cultures.
The foundation is presented in Darwinian (1859) Theory of evolution. It is applied to technical systems by Mokyr (1998). Since the system in the Mokyr’s model was found too monolithic, Andriani’s and Carigani’s (2012) approach is applied to introduce modular design and innovation. Mokyr defines knowledge as underlying structure needed to design systems. The creation of knowledge is extended using features of Choo’s (1998) model for Knowing Organization. The extended model is tested from the viewpoint of Bertalanffy’s (1968) general system theory.
The model for the evolution of the socio-technical system of systems is verified with the military evolution of mechanized forces and maneuver tactics (Vego, 2007). The research model has also been used in studying the development of military knowledge management, the evolution of military training and evolution of military implementations in information security in the context of Enterprise Architecture.
The paper focuses on information dimension and searches for better models to describe the structure of blue force information, especially from Enterprise Architecture (EA) approach. Enterprise Architecture has been developed better to communicate the complex structures of military capabilities. Major EA frameworks (TOGAF, DODAF) recognise the layer of information between business and technology but in practice, the focus turns more to the technology as has happened in several Command, Control, Communications, Computing, Information, Surveillance and Reconnaissance (C4ISR) or Enterprise Resource Management (ERM) programs. The paper develops a tool for architects to use in measuring the maturity of information management in the current military organization and in defining the possible paths of evolution in information management available for military.
The outcome of this paper is a roadmap picturing the evolution of military information management. Enterprise Architects may utilize the roadmap in analysing and developing both C4ISR and ERM capabilities in military organizations.
In this scenario, exponentially extending digitisation and use of digital technology enforce production (e.g., big data) and use of data (e.g., data economy). The extent of data transfers processes with automation, user interfaces (XR/Metaverse), and increases the amount of information. Moreover, improving understanding with human competency and machine learning changes the behaviour of a socio-technical system.
The first wave of global competition for digital dominance is ongoing. Since the cyber environment is an international artificial structure, it does not fit under traditional national or international governance structures. Mingled powers of open market and governmental control have created digital colonisation, where the US-based corporates and China dominate the cyber environment, its services and content. Some countries like Russia, Iran, Turkey, Vietnam, and the UAE are actively trying to protect their national cyber infrastructure by technically filtering the content and services of the Internet. In addition, European Union uses regional regulation to protect the sovereignty of data and the common market.
The next wave of digitalisation will build up faster and will be about 2-3 times larger than the first wave measured in the amount of data. The second wave may transfer the current digital dominance if countries are digitally mature and digital trust is firm enough. The ongoing development transfers international dependencies and enforces different power politics.
The contemporary militarisation of the cyber and information environment has culminated in the Russian power projection 2014-2022. For example, Ukraine stores its nationally critical information abroad, safe from the Russian invasion. Russian operational preparations included cyber, data, and information impact joint with kinetic effects to create electrotechnical shock during February 2022. Furthermore, Russia arranges the media, social media, and cyber infrastructure in their captured areas of Donbas to gain control over public opinion.
The current indication of data valuation in military operations and future possibilities of digitalisation will change the coming confrontation between states. Therefore, the transformation of international relations needs to be understood in national defence preparations.