Disruptive by Design: 4 Steps to Tactical-Strategic Network Integration
While the U.S. Defense Department struggles to connect tactical and strategic networks, industry has cracked the interoperability code. Commercial pressure to develop a digital ecosystem where any device delivers content across platforms and service providers has led to robust industry standards and intuitive application programming interfaces.
Increased interoperability and access, however, bring increased risk, which discourages the bridging of networks and enterprise services. Innovators must face these fears head-on. Strategic-tactical network integration requires a plan for analyzing risk, employing control measures, developing operating procedures and training across organizations.
Understand Risk Liability
To effectively bridge networks, innovators must know who the “risk owners” are and the approvals they can grant. These individuals have been given authority via law, regulation or policy to adjudicate exceptions to the rules. For instance, a division commander may have authority over tactical systems, but a theater signal commander may own the risk on the strategic network. If a risk becomes a reality on either network, then commanders will be held liable or hold others liable.
Risk owners typically delegate to system owners the authority to operate networks and connect systems or devices. System owners then manage risk at their level. Many organizational boundaries segregate system ownership, leading to challenges with cross-organizational connections. No one wants to introduce undue risk by allowing access to those outside of his or her authority, but proper agreements can minimize this fear.
Because system users themselves either deliberately or inadvertently present risks, administrative access is typically restricted. Strategic commands struggle with this because they have little authority to enforce responsible behavior across operational lines. For example, division commanders maintain punitive control over their personnel, regardless of whether those personnel affect strategic systems.
A system owner is liable for not employing proper controls, and a risk owner is liable for any negative effect resulting from user exceptions.
Consider Control Measures
Knowing who is liable allows the development of effective control measures. Typically, risk owners wish to segregate, prevent or minimize risks before approving exceptions. Engineering to isolate a risk reduces the potential impact on a broader system. Understanding system owner demarcations and creating ways to manage access across boundaries also can temper fears. Likewise, planning for worst-case scenarios enables system and risk owners to understand the scope of any recovery efforts.
Develop Tools, Processes and Procedures
Integrating networks requires new sensors and monitoring tools that can mitigate risks and display a common operating picture for system owners. Employing these tools requires collaboration between organizations that goes beyond simple engineering coordination. Putting a new firewall or a network sensor in place does little without shared policies or well-developed and rehearsed response procedures at both the tactical and strategic levels.
Train for Cross-Organization Collaboration
Regular training can increase the effectiveness of cross-organizational response plans. Detailed scenarios that stress the ability to employ proper responses and coordinate across organizations are critical to teasing out friction points and seams in planning. For example, whether a threat on a tactical client should be isolated, remediated or ignored may depend on the operational impact, such as whether that client is being used by a medevac or a digital call-for-fires. It also will likely depend on the suspected impact on the strategic network—whether the threat could lead to loss of strategic command and control or even greater calamities. These challenges require deliberate cross-organizational exercises to examine and develop new decision-making tools.
The time has come for tactical and strategic organizations to collaborate on these issues and for innovators to address concerns through effective control measures backed by sound tools, processes and procedures.
Maj. Ryan Kenny, USA, created an online forum for discussions on emerging technologies at www.militarycommunicators.org. The views expressed here are his alone and do not represent the views and opinions of the U.S. Defense Department, U.S. Army or other organizations with which he has had an affiliation.