September 27, 2007
There is a lot of talk about how agility in IT systems is necessary to “out turn” our adversaries in modern conflict. The Army’s Future Combat System may end up putting the theory to the greatest test if it successfully fields smaller more lightly armored vehicles and by banking on better information to be the compensating force multiplier. Those kinds of trade-off bets haven’t always worked out well in the past, so the Army is really putting its money where its mouth is. The Air Force says IT agility is important too, but isn’t buying smaller slower cheaper less maneuverable jets that will rely on better information so it’s hard to tell if they really believe it (that was said tongue in cheek, please don’t send me hate mail).
The reality is that IT systems in the DoD today manifest very little agility. They are slow to build, slow to respond to changing requirements, and are frequently still integrated in a manner that makes for an incredibly brittle enterprise. This may not be the end of the world when your physical assets can still outperform everyone else’s but what about in the cyber domain? Is it ok there?
In cyber warfare coding is the new maneuver. Cyber warfare won’t be won by attrition (though I suppose there are elements of cyber warfare that are analogous to attrition), it will be won at least in part when we can sense an attack, counter it, find a vulnerability, and strike back faster than our adversary can react. Some of this “maneuver” will be through the effective and creative use of existing tools, and some will require that we very rapidly develop new software capabilities and tools to exploit a particular vulnerability or to provide defense against an enemy exploit.
Maybe this “coding is maneuver” analogy is a bit of a stretch; however, I think the underlying idea is valid: that in the cyber domain technology agility will matter more because there are no compensating physical assets. In this domain code and the ability of the people using it is sort of equivalent to a ship and a well trained crew in the Maritime domain. I don’t think it is too much of a stretch from there to say that being able to quickly modify the code / tools is similar to maneuver in the effect it has on an enemy.
Imagine a world where an armored maneuver commander would have to get to Milestone B before he could conduct a “thunder run,” or one where an Air Operations Center would have to draft an RFP and obtain approval before it could dispatch a mission package to a deep target. It sounds silly, but a cyber domain commander working under the constraints of our current system for software acquisition might feel similarly constrained.