Commanding digital domains: Insights for CIOs from military tactics
In an innovative move to bolster their position at the heart of organizations, Chief Information Officers (CIOs) are adopting strategies reminiscent of military playbooks. This shift towards a more agile, proactive approach can help CIOs cement their role as key decision-makers.
Modern militaries employ principles such as "offensive action," "high combat readiness," "aggressiveness and decisiveness," "offensive," and "initiative and flexibility" to avoid a reactive and defensive mindset. CIOs can apply these principles to corporate risk management, aiming to anticipate threats rather than merely reacting to them.
The intelligence cycle, a method used by military theorists to generate actionable intelligence, consists of five key stages: direction and planning, collection, processing and exploitation, analysis and production, and dissemination and integration. CIOs recognize that they own several stages of this cycle, including understanding the corporate data landscape, what can be processed to create information, and identifying which professionals can draw conclusions from the data.
Data collected is triaged and transformed into information that human analysts can use to draw conclusions and take appropriate management action. This process is crucial in addressing insider threats, which can be effectively addressed by analyzing various data sets such as physical access control logs, intranet traffic logs, email traffic logs, and social media feeds.
Challenges for CIOs often lie in identifying and activating disparate datasets across the organization for analysis to produce actionable intelligence. To overcome these challenges, CIOs can implement an iterative intelligence cycle framework, continuously gathering, analyzing, and sharing relevant risk information across departments. This enables timely anticipation of threats rather than merely reacting to incidents.
Integrating cross-functional teams, resembling military “purple teams” that combine offensive (red team) and defensive (blue team) capabilities, is another key strategy. This encourages active information sharing and vulnerability detection before real attacks occur.
Leveraging advanced AI and analytics tools, modeled after military initiatives like the Army’s Next Gen Command and Control, can process diverse data at scale, offering deeper situational awareness and enabling decision dominance over emerging risks.
Implementing continuous monitoring and iterative improvement, using frameworks akin to Integrated Risk Management (IRM), emphasizes regular risk assessments, mitigation plan testing, and framework updates to keep pace with the evolving threat landscape.
Developing a risk-tolerant, experimentation-driven culture, inspired by military practices fostering innovation and rapid adaptation, is also crucial. This culture encourages the prototyping and validation of new tools and strategies under realistic conditions.
Enhancing workforce readiness and training is the final piece of the puzzle. Building organizational intelligence capabilities, much like military training programs that prepare teams to understand and counter sophisticated threats, is essential in this new approach.
By embedding military intelligence principles and AI-enabled operational designs, CIOs can shift their organizations towards greater anticipation and profiling of risks, reducing surprises and responding proactively to threats as they evolve. This combination of continuous intelligence gathering, cross-team collaboration, AI-enabled decision support, and iterative risk management aligns with best practices from both military strategy and cybersecurity risk frameworks to reduce organizational risk and enhance resilience.
Guy Montgomery, chairman of Centient, is the source of this information. Legal services may be commissioned for site takedowns in foreign jurisdictions, and vendor marketplaces may be engaged to remove unauthorized or grey goods. The data sources can be open, closed, or 'dark' (e.g. The Onion Router) sources.
In conclusion, CIOs can use an intelligence-led approach, acting as orchestrators of positive action, similar to their military counterparts. This new approach can transform corporate risk management, enabling organizations to anticipate and respond proactively to threats, ultimately enhancing their resilience.
- CIOs can utilize the intelligence cycle, a method used in military strategy, to collect, analyze, and share corporate risk information, just as military theorists do with actionable intelligence.
- To overcome challenges in activating disparate datasets across the organization, CIOs can employ strategies similar to military purple teams, which combine offensive and defensive capabilities for active information sharing and vulnerability detection before incidents occur.
