Organizing cyber capability across military and intelligence entities: collaboration, separation, or centralization

Abstract

Abstract This paper explores how the Netherlands, France, and Norway organize their cyber capabilities at the intersection of intelligence services and military entities and provides recommendations for policy and research development in the field. Drawing out key organizational differences and ambiguities, the analysis identifies three models of organizing military and intelligence relations: A Dutch collaboration model, a French separation model, and a Norwegian centralization model. Despite their divergence in organizing cyber capabilities, the three countries converge on the assumption that both responding to cyber conflict short of war and developing military cyber power are dependent on the skills, information, and infrastructure of intelligence services. This calls for cooperation and coordination across military and intelligence entities. However, it remains unclear whether decision makers have systematically assessed the implications of the organizational structure for the ways in which the two dimensions relate to and shape one another at strategic, tactical, and operational levels. The paper concludes that there is a need for increased political attention and a deliberate approach to how the organizational model allows for the operational cyber capacity to travel from, translate into, and shape intelligence and military entities and to which political implications at both national and international levels.