The future of US-Canada defense: A new NORAD for the digital age

A month ago, a U.S.-based telecom company announced that it had been hacked by suspected Chinese state-sponsored cyber actors. It was a window into 21st-century conflict. No missiles were fired or borders crossed, but the aim was to access the data center of vital infrastructure. 

The brazen act was also a portent. North America’s existing defense architecture, the spine of continental defense for decades, was designed in an era of radar screens, air interceptors and missile silos. It depended on deterrence by denial or punishment, both made credible by early warning of Soviet bombers or missiles. 

The system worked for that era because threats were visible, perimeters were clear and attacks came from the sky. Now threats come through data cables, computer networks and supply chains.

The challenge is to build a new continental defense architecture that defends that space as effectively as North American Aerospace Defense Command, known as "NORAD," once defended airspace above the continent. 

The 21st century is already what security experts are now calling a “gray zone” of competition and contestation between peace and war. 

Nations, non-state actors and proxy forces are exploiting information age vulnerabilities like cyberattacks, propaganda and economic pressure to harm their rivals without provoking overt retaliation. “Hybrid threats” from peer or near-peer competitors use a mix of traditional and unconventional statecraft to attack the vital systems of the modern age: finance, energy, communications and trust. 

Hard power is not just about weapons stockpiles but also about controlling information, shaping perceptions and weaponizing asymmetries and dependencies. The new battlefield is the battlefield of systems. 

This changes the nature of deterrence. In the old paradigm, deterrence was a function of visible military power and the threat of escalating punishment. In the hybrid age, deterrence will have to depend on resilience: the ability to withstand and recover from disruption before an adversary can exploit it. 

Security is no longer a function only of missiles and fighter jets; it is also the product of the reliability and robustness of the systems on which modern society depends. Credible deterrence must make it clear to would-be adversaries that any effort to disrupt those systems will fail, damage will be contained and life will go on. 

For Canada and the U.S., that means reimagining continental defense as a single, integrated system. The Cold War division of labor, with Canada patrolling the northern skies while the U.S. focused on nuclear deterrence, does not meet today’s threats. 

Cyberattacks, disinformation and supply-chain disruption can cross borders instantly. A cyberattack on Canadian energy infrastructure, an online influence campaign targeting American voters or economic coercion by a near-peer competitor could threaten both countries simultaneously. Canadian and American security are indivisible.  

Meeting that challenge will require both countries to build a new kind of defense architecture with three core characteristics: common awareness, resilience and coordination. 

Common awareness means real-time, shared information across military, government and private sector networks. Resilience means hardening power grids, communications, transportation and other key systems to ensure they can survive an attack and recover quickly. Coordination means building institutions that can move as quickly as the threats across bureaucracies, systems and national borders.

In the gray zone, information, connectivity and integration are as important as hard power. 

NORAD’s creation during the Cold War provides a powerful blueprint for how to do that. Two sovereign nations shared command, intelligence and decision-making authority to defend a common domain: the airspace above North America. 

It was an act of creative imagination as much as technical and engineering prowess, born of the recognition that neither nation could secure the continent on its own. 

The task now is not to retool NORAD, which remains critically important in its original mission, but to build a new version of it: an institution designed for the age of gray zone conflict and hybrid threats. 

This new NORAD must defend networks, data flows and key infrastructure with the same effectiveness as the original defended airspace. It must build cyber, economic and informational resilience into a new architecture of deterrence, where the strength of connections across networks matters as much as the strength of individual systems. 

Just as the first NORAD transformed geography into security, the next one must transform connectivity into security. 

The Cold War-era deterrence architecture was built to defend against visible threats that can be seen and shot down. The hybrid threats of the gray zone era are harder to see and even more difficult to stop.

The institutions created to defend North America from an air attack must now be re-engineered to defend against cyberattacks, disinformation and manipulation of global supply chains. 

The recent telecom breach was a dress rehearsal. Just as NORAD once turned the airspace into a common space of defense, Canada and the U.S. must now do the same with the digital space. 

Andrew Latham is a professor of international relations at Macalester College in Saint Paul, Minn., a senior fellow at the Institute for Peace and Diplomacy, and a non-resident fellow at Defense Priorities in Washington.