Some people can teach and also blog prolifically. I am not of them. I pour everything I have into preparing
(perhaps over-preparing) for every graduate class I teach. And so this blog dries
up during the academic year, only to be reborn during academic breaks. Such a break is now upon us, before I am
consumed by summer conferences and preparation of readings and syllabi for next
year. So here goes.
I teach that strategy is a concept -- the “why” of an issue -- the
cause and effect relationship that links action to outcome. If we do X,
then we get Y. Yes, yes – it can be much
more complex. There can be lots of X’s
and lots of Y’s, and we may have to prioritize and de-conflict. But basically (and this is at odds with others
who have been teaching strategy and losing wars for the last two decades),
strategy is a concept that proposes to get Y by doing X
Policy is the “what” of an issue -- what we are going to
do to achieve the ends desired. Policy is the X in the construct, "X leads to Y."
Operations is the “how” of action -- how we are going to
accomplish the policy that implements the strategy and achieves victory?
Bureaucracies craft
policies and manage operations to ensure that X is implemented as efficiently
and effectively as possible. For a bureaucracy, X is always the answer to a given policy issue.
Not implementing X requires an “exception to policy” from someone “at a
higher pay grade.”
It is sometimes hard to demonstrate
for students a concept of strategic cause and effect in real time. Policies
are easy to see. And history shows the cause and effect of some strategies clearly
in retrospect. (See the differing
concepts behind the British and American air campaigns against Nazi Germany
for an example.) But identifying flashes of strategic insight in the daily business
of government is hard, largely because so many government documents today are
labeled “strategies” when they involve no cause-effect analysis at all. Fortunately,
Congress has just provided a current example of an action (requiring the
President to define a term) that may have significant strategic consequences
(cause and effect).
"Senate Armed Services panel adopts cyber
'act of war' provision
“The Senate Armed Services Committee this week
added a cybersecurity ‘act of war’ provision to its annual defense
authorization measure, requiring the president to ‘develop a policy for
determining when an action carried out in cyberspace constitutes an act of war
against the United States.’ The committee completed its closed-door markup of
the National Defense Authorization Act on Thursday and will soon release the
contents of the bill." (Inside
Cybersecurity)
The goal of the
committee (apparently) is to increase cybersecurity by forcing the
Administration to draw a line informing
both friend and foe of what cyber targets we will defend by use of force. Note
that the committee does not direct what definition to use, or a resulting
strategy, or how to enforce it -- just that the concept of cause and effect should
be identified in public.
This strategic concept (IF we define cyber war and advise our
opponents THEN we can deter those opponents, and prepare for conflict should we need
to fight and defeat them), is grounded on a strategic theory -- that
deterrence can and will work in the cyber world. And perhaps upon
confidence that we can develop a 2d theory - how to fight and win a cyber war –
if we can just define when the conflict starts.
This is a great example of strategic thought,
because it addresses a great strategic concern. With our current approach to national
cyber security, we are doing something rare in human history - we are allowing
a small group of people to create a secret theory of deterrence and war in the
cyber realm, without a broader political, military or academic discussion. By
comparison, during the Cold War, the specifics of nuclear weapons and operations
remained highly classified, but the general strategic concepts and policies were
broadly identified and debated. Superiority or Mutually Assured
Destruction? Missile Defense or Second Strike Capability? Heavy throw weight or
lighter MIRVs? That robust debate, and
the requirement for a public defense of public expenditures on the resulting
solutions, is one of the things that kept us out of nuclear war.
History provides examples of the President’s current alternative
approach which might be called “strategic ambiguity.” The idea is to deter the enemy by
keeping your capabilities, intent and strategic concepts a secret, leaving your
opponent unsure of exactly what will happen if he makes even a limited
offensive move. The system of secret
alliances prior to the First World War followed this strategic concept. The result
was war on an unanticipated scale, because enemies could not anticipate the results
of each others’ actions.
We are already engaged in cyber war. The Secretary of
Defense said so last week at the change-of-command for the US Northern
Command. He described how we are launching "cyber bombs"
against ISIS (and maybe others). But under what rules? What laws? Whose
control? With what strategy and policy?
Somebody apparently thinks they have a handle on the proper
relationship of cyber strategy, policy and operations, because they are waging cyber
war in our name. Letting us in on
the concepts and getting our support – while retaining essential secrecy about
capabilities and operations – is a wise approach. Thanks, Senate Armed Services Committee, for
a great real time example of strategic thinking.