A tale of two allied defence departments: new assurance initiatives for managing increasing system complexity, interconnectedness and vulnerability

Abstract

Over the last three decades, defence communication and information systems have been increasing the complexity and interconnectedness of systems that has pervaded society more broadly throughout the Information Age. Even more than society in the broad, Western Departments of Defence (DoDs) have sought to attain information dominance. The result has been a large number of complex systems, system-of-systems and families-of-system-of-systems. In seeking to assure such interconnected systems, defence forces initially focused on specifying the high-level functions that this interconnectivity enabled: first command and control (1970s), then adding communications and computers (1980s) and finally adding intelligence, surveillance and reconnaissance (1990s); all while defining connections through interoperability protocols. The ability of highly interconnected systems to enable higher order human thinking has arguably gone beyond functions and even the informational, leading to synthetic systems. Furthermore, evolving cyber threats are now seeking to exploit the vulnerabilities of the broad informational attack surfaces of these complex DoD systems. This paper examines the key assurance initiatives pursued by the U.S. DoD to effect these more integrated, interoperable and information-assured (I3) capabilities while ensuring resilience to cyber threats. These approaches are compared to the Australian DoD’s assurance strategies and recommendations made on how Australia could substantially recover I3 assurance with the U.S. and other allied forces. The contrast between the two allies makes this a useful reflection for DoDs in other countries, and more generally to society’s assurance strategies.