by Bill Williams
Military attacks generally focus on an enemy’s weaknesses. When cybercriminals, for example, wanted plans for America’s new state-of-the-art Joint Strike Fighter, they targeted one of the project’s subcontractors. Cutting around heavily guarded servers at the U.S. Department of Defense and the aircraft’s prime contractor, Lockheed Martin, proved effective.
But criminals or an enemy force who think that Canadian Armed Forces Reserves are soft targets have another think coming. “Maybe someday someone will target the Army Reserve,” said Lieutenant-Colonel Frédéric Lauzier, Chief Information Officer of 2nd Canadian Division. “But we will be ready.”
Cyber threats were designated as a mission task to be explored under an initiative called Strengthening the Army Reserve (StAR), the Army’s response to a directive in 2016 by General Jonathan Vance, Chief of the Defence Staff, to operationalize the Reserve Forces. That has resulted in an overall boost in the size the Army Reserve as well as the introduction of new capabilities, broader access to equipment and new responsibilities.
During the past year, the effects of StAR on the cyber front have gained ground. Pilot project cyber groups have been created at the Army Reserve level in 2nd Canadian Division and 4th Canadian Division with 34 Signals Regiment in Montreal and 32 Signals Regiment in Toronto respectively. In the future, units in the remaining Divisions will also be selected to fill similar roles.
The changes couldn’t have come soon enough. The 2017 defence policy, Strong, Secure, Engaged, concluded that cyber threats from foreign spies, hackers and military services are expected to grow during the coming decades. Potential targets include command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) systems as well as related operational and weapons technologies on which soldiers depend.
According to Lauzier, protecting classified and unclassified Army networks, which encompass a broad range of IP hardware, sensors, wiring, and related software, will be a key priority. Projected tasks will include screening computers, router switches and endpoints using a range of private sector, internally developed and COTS suites and tools to detect unusual activity. There will likely also be a training component, with defence force cyber experts expected to train non-specialists in secure practices and warning signs.
The precise role that Army Reserve cyber specialists will play in training and actual operations will only be wholly defined once initial and full operating capability have been attested.
“Integrating cyber capabilities into Reserve units makes sense for many reasons,” Lauzier explained. “The people we are attracting are bright, motivated and they come from all walks of life. Many have IT careers in the civilian world, so they are able to mesh skills that they learn here with things they do in their daily work lives.”
Another benefit stems from a reality inherent in almost all government initiatives: Funding for National Defence education and training programs can be tied up for long periods of time in Ottawa bureaucratic channels. The upshot is that civilian recruits with on-the-job or private sector training may, in certain cases, be more up-to-date than their military counterparts—skills that those who join the Reserves can port over.
ATTRACTING MORE TALENT
One of the strongest believers in the role that Reserve forces can play in cyber defence is Lieutenant-Colonel Jean-François Denis, commanding officer of 34 Signals Regiment. Denis, who currently also fills a chief information officer-style role in the private sector, took command of 34 Signals Regiment in 2017 shortly after retiring from the Regular force. He almost immediately began drawing on his vast network of contacts to lobby hard to get the 2 Can Div cyber mandate for his unit, a goal he finally achieved in June 2018. The next step was spreading the word to generate maximum interest among existing personnel and new recruits, among which he was able to identify 15-20 candidates.
A key priority right now is formulating the training program for 2019-2020 season. “Soldiers in the Reserves, by their very nature, have differing levels of commitment,” said Denis. “We need to determine the core nucleus among those we have recruited into the tasking. Then we can build around them.”
Another priority will be leveraging vast dormant talents among female members in the Canadian Armed Forces. “I am a strong believer in diversity,” Denis stated. “We have a lot of women in 34 Signals and they are doing a great job. But right now, the cyber role is attracting primarily men.”
Despite the clear progress, questions remain regarding how Army Reserve cyber personnel would be deployed on exercises and operations. Providing blue force protection on training mandates and assigning individual members temporary placements with Regular Force units on an as-needed basis seem like obvious examples.
A fuller picture will likely only emerge once personnel are more fully trained and are functioning as cohesive units. Key coming milestones include training exercises with an unspecified Ottawa organization this fall, followed by deployments at international events in the next few years. Meanwhile, Denis is pushing hard. “I am on target to achieve initial operating capability in 2022, but honestly, my objective is to be there much earlier.”
However, while Army officers admit that integration of cyber capabilities at the Reserve level offers tremendous advantages, they are careful about overpromising. “To get the right person in the right job with the right training takes time,” said Lauzier. “That means we have to make sure that we not only recruit the right people, we also need to figure out ways to keep them.”