Lack of Sharing, Training Compounds Insider Threat

Malicious and trusted insiders pose a range of challenges in terms of counterintelligence risks and physical threats, and experts say policy needs to catch up quickly to the new technologies available to help mitigate the problem.

Source: Lack of Sharing, Training Compounds Insider Threat


Multi-Domain Confusion: All Domains Are Not Created Equal

Total Domain Confusion Confusion

Domains are not complicated at all. Thus, my knee jerk reaction to the article (link below) was why this confusion? I looked at the author, list of references and had a flashback to Boeing and how nitpicking happens. One of my roles as part of the Enterprise Architecture organization was when the company wanted to define its Information Architecture concepts and group.

Domains and functions are core concepts in Enterprise Architecture. To start with a good and short conceptualization, regardless of the organization, if X is unique enough to require its own set of capabilities, separate from other X’s and not relevant to their core operational needs, it is a domain, otherwise it is a function. For example, in a business, Marketing is a domain not required to run the Supply Chain domain and vice versa. Tech support is a function that cuts across those and other domains (visual here.)

Challenges were not just about semantics and taxonomies. There were hours long and months of on-going meetings with seasoned professionals arguing that information and data are the same. And yes — references to the dictionary and appeal to authority type of arguments. Good people — but thinking about those environments and meetings make me more nauseous than Comey.

If you think information and data are the same you are not abstracting, and not everyone has learned how to or can, but many conflicts are also due to large organization politics and turf protection. In that light, the article makes more sense.

From an analytical approach, it makes assumptions that are not correct:

  • “Etymological problems” and ” Semantic Implication of Ownership” are mistakes of equating a “domain” with physical control. Such associations are neither inherent nor necessary to define domains
  • While the historical progression of thought and proposals (which are abound in large and bureaucratic organizations) are informing, revised domain constructs and effect based definitions are even more confused. There is no such thing as “human (cognitive, moral, and social)” domains in the type of abstraction needed (following below)

Building on those assumptions, the article concludes “What is needed is a simplified construct that defines domain as ‘an area of knowledge, influence, or activity by which a target system can be affected’ with reference to three overarching and interrelated warfighting dimensions—physical, virtual, and social.”

As for affecting, it is too general for war and is not a consideration in the definition of domain. War is about an end state brought by use of force. Effects of affecting are clear: disrupt, deny, destroy. e.g. Stuxnet worm (cyber payload) affected target nuclear centrifuges but it really disrupted their functions as part of the general goal of disrupting a nuclear enrichment program.

Read paragraph 2 above and think of domains as abstractions. Land, sea and air are physical mediums. Their domain quality is not because they are distinct physical operational environments but rather the uniqueness of capabilities and competencies necessitated by that environment. That is the abstraction of why.

Which also makes social a non-candidate since it is not an abstracted medium. Disinformation, deception, PSYOPS are one or other flavors of information warfare but because something may be a domain somewhere does not make it one elsewhere, and information itself is not a “warfare domain.”

There is no confusion except for Domain Confusion Confusion.

Source: Multi-Domain Confusion: All Domains Are Not Created Equal

A force in flux: Military adjusts to emergent domains of warfare – Fifth Domain | Cyber

These guys are getting it right and not making the same mistake of taking Cyber as a mishmash of computers, networks and programmers/hackers and CYBERCOM as an administrative silo/stove-pipe.

Classic EA stuff of separating scope, domains and support functions.


Source: A force in flux: Military adjusts to emergent domains of warfare – Fifth Domain | Cyber