The Defense Science Board (DSB) is a an advisory body consisting of approximately 50 very accomplished strategic thinkers and experienced national security policy makers who perform studies for the Secretary of Defense. The DSB provides independent advice and recommendations on matters relating to national security, with a focus on science, technology and related challenges in areas like research, engineering, manufacturing and enterprise IT.

Over the years the DSB has conducted numerous studies and issued reports on a wide variety of cyber conflict and cybersecurity related topics. DSB reports have helped the Department of Defense improve its strategic posture regarding cyber operations, especially in the domain of cyber defense. Reports like these have helped the department think through the complex and dynamic domains of computer security, information assurance, resilience in the face of attack, and ways to improve cyber deterrence. These are critical and important, but clearly not sufficient to true defense. Defense requires an ability to truly operate in cyberspace with strategic impact.

The topic of the latest DSB report is Cyber as a Strategic Capability.  The report is the result of a year long study that not only built upon previous DSB work but assessed the state of the department’s offensive cyber capabilities and operations. This was done to help DoD strategic leaders better conceptualize the role of full-spectrum cyberspace operations to supporting national objectives. Key questions considered included how offensive cyber capabilities can be leveraged as strategic capabilities instead of just components of ongoing military actions.

Report conclusions point to many surprising weaknesses in the nation’s full spectrum cyber capabilities. In a memo forwarding the report, Craig Fields, Chairman of the DSB, noted that:

The United States is currently years behind its rivals in cyberspace, both conceptually and operationally. The findings of this study illuminate the scope of the problem. The recommendations proposed in this report will, if implemented, create the necessary conditions for the Department of Defense to possess cyber as a strategic capability. The asymmetry between the United States and its rivals in the cyber domain contributes to escalation and leaves the United States increasingly vulnerable to theft, sabotage, espionage, and subversion. Remedying this strategic inadequacy must be a priority for DoD military and civilian leadership over the coming years

The co-chairs of this DSB Study, Chris Inglis and James Gosler, summarized the criticality of this topic in their summary letter, writing that:

If the DoD fails to harness cyber as a strategic capability, the United States will not be able to maintain its current global posture. The U.S. homeland and the military will be left unacceptably vulnerable to adversary coercion and meddling. It is our sincere hope that the recommendations provided in this report are implemented with the seriousness of purpose that they deserve.

There are lessons in this report for every leader, including leaders in business, academia and the non-profit sector. One key lesson all of us is a lesson captured by John Boyd in his construct of the OODAloop. Recall that his famous articulation of Observe-Orient-Decide-Act is as process meant to optimize decision-making even in the face of overwhelming ambiguity and adversary action. Arguably his greatest contribution with the OODAloop was his articulation of the “Orient” step. He considered this the most important part of the OODAloop, because in his words “it shapes the way we observe, the way we decide, the way we act.” It is a critical reminder that leaders are responsible for ensuring they are using the right decision making models. Falling into old traps like doing things the same way just because they always have been or doing things because doctrine and general approaches have always been that lead to failure.

Keep Boyd in mind when you read the number one finding from the DSB Cyber as a Strategic Capability report. The DSB concluded that:

• Current cyber strategy is stalled, self-limiting, and focused on tactical outcomes. The DoD must build and adopt a comprehensive cyber strategy.

Said another way, the DoD models and approaches are wrong. DoD needs to re-orient.

Following a list of findings, the DSB task force provides 16 recommendations, most of which point to ways to address our stalled and sub-optimized doctrine, strategy and policies regarding cyber conflict.

John Boyd would be proud.

For more see: Cyber as a Strategic Capability.