Short Bursts:
Navigating Cyberspace: The Importance of Digital Literacy for Operational Security

by Alexander Rudolph & Major Alex Buck, CD

The Department of National Defence (DND)/Canadian Armed Forces (CAF) has recognized cyberspace as an operational domain for some years, which is reinforced in the Digital Campaign Plan and Modernization Vital Ground and developing concepts of Pan-Domain Command and Control (PDC2). That noted, one of the key challenges in the incorporation of digital risk in the Canadian military is that digital and cyber capabilities are not acknowledged in CFJPs 01 Canadian Military Doctrine, which provides the fundamental principles the Canadian Armed Forces (CAF) operate on. While some may argue that the fundamentals of a sound doctrine don’t require updates to include new capabilities, this perspective is shortsighted and fails to recognize the foundational changes that pan-domain operations will bring to CAF doctrine. Treating digital capabilities as simple tools that the CAF can use to maintain or reinforce existing doctrine overlooks their impact on modern military operations. Using a computer with connectivity like a software-defined radio (SDR) means operating in and through cyberspace. The article argues that foundational digital literacy is vital for all CAF members to effectively navigate modern, technology-driven pan-domain warfare.

Acknowledging cyberspace as a separate domain of operation means treating it as such, with its own unique challenges that shape risk management strategies. The integration of digital capabilities at the strategic, operational, and tactical levels has a significant impact on tempo. Digital capabilities reduce time and turn it into a tangible resource that can be leveraged by individuals and organizations alike. In more explicit terms, Information and Communication Technology (ICT) allows individuals and organizations to operate more quickly and efficiently—especially regarding routine tasks or “boring stuff.”  However, it’s crucial to avoid treating risk mitigation as just another mundane task, as it plays a vital role in overall success.

Risk and Digital Literacy

CAF strategies emphasize that digital technologies are essential in conducting warfare, which requires a parallel evolution in risk mitigation. Risk mitigation of networks and ICT in the CAF is formally relegated to the Canadian Force Network Operations Centre (CFNOC) and those at Canadian Forces Station Leitrim. However, a key aspect of risk mitigation is addressing the underlying risks linked to individuals using the technology. Advancements in technology, doctrine, and pan-domain concepts have led to more infantry being equipped with SDRs or other data-generating devices to supply information to support elements or commands. As a result, each soldier equipped with such a device must know how to use it effectively, as well as how to avoid potential misuse. This means that while CFNOC and other areas of the CAF are responsible for actively protecting ICT networks and infrastructure, every individual in DND/CAF who uses digital technology also has a role and responsibility to ensure their actions do not increase the risk of compromise.

An analogy to consider is the comparison between advancements in indirect fire and the methods and techniques that infantry have developed for self-protection. Despite significant advancements in indirect fire artillery over the past century—enhancing its destructive power, accuracy, range, and portability—it remains a relatively imprecise tool, primarily used to neutralize adversaries, with casualties or collateral damage viewed as secondary outcomes.^{Footnote 1}  Regardless of how reductionist this statement is, artillery continues to be a vital tool in NATO and Canadian doctrine. From the beginning of their careers, soldiers are trained on how to respond to indirect fire attacks. The constant explosion of artillery simulators near the Farnham training area is a testament to this fact. Soldiers hear the telltale whistle of a simulated artillery shell hurtling towards their position, and they immediately scatter, seeking cover from the inevitable explosion. Additionally, they are trained in constructing trenches and bunkers that provide protection from the devastating effects of artillery. The necessity of armed conflict dictates that soldiers must train appropriately for the domains and environments in which they operate, including cyberspace.

As DND/CAF increasingly operates in and through cyberspace, it must equip its members with the appropriate knowledge on the proper use of their equipment. For instance, consider all the standard issue items infantry will wear to protect themselves, including, but not limited to, proper clothing and uniform, body armour, helmet, and boots. These items can help protect a soldier from bullets, shrapnel, inhospitable terrain, or minor injuries exacerbated in combat. Now consider the training and knowledge that infantry is given to ensure protection in the field: trenches, foxholes, camouflage and other methods for concealment, and formations.

Poor operational security using digital technology can be viewed as no different from walking out of formation or waving your arms in the middle of a field. Actions that disable or compromise security for the sake of convenience or speed are detrimental to maintaining operational security. While they may temporarily ease one limitation, they often lead to foreseeable consequences that must be carefully considered. For example, if you switch from a multi-channel radio with a fading signal to a single channel to maintain connectivity, you disable frequency hopping. While this may provide a temporary solution, it increases the risk of your signal being jammed or intercepted by adversaries. Alternatively, you might opt to use your cellphone to contact command due to the radio jamming, which also exposes you to significant security vulnerabilities. Alternatively, to avoid this situation, you might decide to use your cellphone to contact command because the radios keep getting jammed. However, this can lead to even more severe consequences, such as your cellphone being tracked and used to facilitate an airstrike or ambush. While these scenarios might seem exaggerated, they reflect real situations the Russian military found itself in on numerous occasions at the outset of its 2022 invasion of Ukraine.^{Footnote 2}

Most that join the military must complete basic military qualification, where they learn the basics of operating in the land domain. However, why isn’t basic digital literacy considered equally important, especially since the Digital Campaign Plan recognizes that fostering a culture of digital literacy is crucial for successful digital transformation? Pan-domain and PDC2 concepts recognize that digital capabilities are foundational for the CAF’s ability to conduct effective operations across all domains. Cultivating digital literacy in the CAF requires every member — not just specialists— to be equipped with the skills to navigate the complexities of a pan-domain environment where digital tools are ubiquitous just like anyone in modern conflict must be competent in how to react to indirect fire.

ABOUT THE AUTHORS

Alexander Rudolph is a PhD Candidate in the Department of Political Science at Carleton University where he researches the force structures and doctrine of cyber conflict. As a researcher and speaker, Alex regularly contributes to discussions on Canadian cyber defence and international cyber conflict. He is the founder of Canadian Cyber in Context, the first open research publication dedicated to Canadian cyber defence policy. He currently works as an analyst and consultant in Ottawa.

Major Alex Buck, CD, is an infantry officer with The Royal Canadian Regiment (The RCR) currently serving as Directing Staff at the Canadian Army Command and Staff College. His background has primarily been focused on tactical operations and collective training. During his career, he has served in the 2nd and 3rd Battalions of The RCR, 1st Brigade Combat Team 10th Mountain Division, and several other units. He has deployed to Afghanistan twice, to Ukraine, and on a smaller operation in the Middle East & Africa. He has an MA from American Military University, where his thesis focused on Cyberterrorism.

This article first appeared online in the Short Bursts section of the Canadian Army Journal (December 2024).