Cyber Security Beyond the OODA Loop



The dominant military strategy of the last 50 or more years has been the OODA loop – Observe, Orientate, Decide and Act. First described following the Korean War, it captured the military benefit of rapid response, manoeuvrability, and general agility.

It has segued nicely into the information age. Situation awareness and data distribution expand the notion of Observe. Networked forces expand the notion of Orientate. Newer technologies such as AI and cloud services, can impact the speed and agility of Decide and Act.

Does the OODA loop reflect the emerging battlespace?

With fully networked C3, and with IT now able to take over some decisions and actions, the agility inherent in the OODA loop can be broadened to SPEE – Streaming, Processing, Enabling and Enacting.

Streaming – to reflect the rich data streams between sensors and shooters, with on-demand access resembling a modern music or film streaming service.

Processing – the need for automated data analysis and fusion of disparate feeds.

Enabling – a continual process of preparation, deploying multiple units, addressing the options produced by the processing.

Enacting – the synchronised deployment of multiple units towards multiple objectives.

There is still a loop. Streaming and processing provide the strategic and tactical analysis which drive the engagement. Progress towards the mission objectives drives the requirement for further streaming and processing.

So, what has this little brainstorm to do with cyber security?

Well, systems are still procured and secured with a focus on specific capabilities, and less on how the sum can be greater than the parts by combining streaming and processing. And cyber security reflects this, by focussing on boundaries, and constraints on data sharing.

Cyber security needs to enable the new paradigm and that means a transformation in how we design, secure, and manage cyber security throughout a system lifecycle.