Since 1958, North American Aerospace Defense Command (NORAD) has a proven history of adapting and evolving to meet changing military defense challenges using new technology—from its early years providing ground-based radar warning of approaching Soviet bombers, to ground-based radar warning of in-bound Soviet ICBMS, to satellite-based warning of any missile launch occurring around the world, to extended radar warning of approaching cruise missiles, to the warning of suspect maritime vessels approaching North America. Overall, NORAD has sole responsibility for receiving early warnings from numerous space-based and ground-based sensors and developing an integrated North American attack assessment.
Because all of the sensors feeding into NORAD travel across the broader “information superhighway,” there exists a genuine risk of potentially hostile nations conducting damaging cyberspace operations against NORAD (to include blinding NORAD to actual threats or feeding the Command false information for incorrect action.) With the recent increase in worldwide cyberspace events, NORAD has thus begun examining its own potential role in this new operational domain.
An exact definition regarding what constitutes a “cyber attack” remains in flux. Despite this lack of definition, however, both the U.S. and Canada have been quick to establish new, dedicated military organizations specializing in conducting cyberspace operations. Further, current military cyberspace event conferences now share warning information between U.S. Combatant Commands around the world, to include the NORAD and USNORTHCOM Command Center. (One area of concern: current U.S. classification policies restrict the sharing of certain classified information with Canadian NORAD members.)
Over the course of 50 years, NORAD has repeatedly reassessed, redefined, and updated its core operational missions based upon a constantly evolving threat. The NORAD Agreement clearly reflects both Nation’s desire that NORAD be able to adapt and defend against newly evolving military threats which each nation may jointly face.
Likewise, numerous U.S. and Canadian national strategies recommend working with international organizations to develop international watch-and-warning networks in order to detect and prevent cyber attacks. U.S. military policy advocates the need to integrate coalition partners early into the planning process to reduce operational seams across the coalition and thus increase the overall success of operations. Finally, from a Canadian perspective, both Canada’s civilian and military strategies mirror the same themes of working with international organizations to develop international watch-and-warning networks in order to detect and prevent cyber attacks.
With this background in mind, this thesis developed three courses of action (COAs) regarding possible roles NORAD might play in future military cyber attack warning situations. Each proposed COA was initially analyzed to ensure it met specific validity criteria (e.g., adequate, feasible, acceptable, distinguishable, and complete.) COAs were then arranged by increasing levels of responsibility being placed upon NORAD. Each COA was then examined for specific advantages, disadvantages, and possible solutions for successful implementation.
After considering these three COAs, this thesis proposes NORAD advocate for unrestricted national cyberspace event conference participation. This would seem to be a realistic, achievable first step that offers significant improvement in NORAD cyber attack situational awareness and improved operational responsiveness, while requiring only a change in DOD information classification policy for implementation. Allowing NORAD Canadian personnel to fully participate in real-time cyber event conferences would fulfill stated U.S. and Canadian national policies, which repeatedly highlight the need for greater cooperation and information sharing with between allies.
In conclusion, while requiring challenging staff actions nationally within DOD and internationally with Canada to provide unrestricted access to cyberspace operations, the recommended action harnesses proven NORAD binational relationships and warning procedures to provide all-domain warnings to both nations.