Problem Solving Through Diagnostics vs Threat Assessment Policy Silos
Sifting Through the Grey Zone
Problem Solving Through Diagnostics vs Policy Silos Based on Threat Assessment
Sifting Through the Grey Zone
The shift from Old Guard threat-based assessment to the diagnostic approach (as seen in the Engineered Vulnerabilities framework) represents a move from reactive defence to structural resilience. While the former focuses on “Who is attacking us?”, the latter asks “Why are we breakable?”
Here is how these two paradigms differ across key metrics:
1. The Focal Point: Intent vs. Structure
Old Guard (Threat-Based): This approach is actor-centric. It focuses on identifying specific adversaries (state or non-state) and gauging their intent and capability. Success is measured by the ability to deter or intercept a specific “move” by an opponent.
Diagnostic (Engineered Vulnerabilities): This is system-centric. It uses the ALC model (Authority, Legitimacy, Capacity) to diagnose internal fragilities. It assumes that in a “Grey Zone” environment, reflected in Ambiguity, Incrementalism and Hybrid Blending the threat is constant and often invisible; therefore, the focus must be on the “engineered” gaps in our own autonomy that allow external influence to take root.
2. The Role of “Grey Zones”
In the Old Guard view, Grey Zones are often treated as a series of unconventional “attacks” (cyber-attacks, disinformation) to be countered individually.
The diagnostic approach treats the Grey Zone as an environment rather than an event. It argues that vulnerabilities are often “engineered” through path dependency—for example, how institutional socialization in universities or bureaucratic “sunk costs” create a self-imposed ceiling on policy autonomy. Instead of just fighting the disinformation, the diagnostic approach seeks to fix the legitimacy or capacity gap that made the disinformation effective in the first place.
3. Problem-Solving vs. Threat-Analysis
The Old Guard often ends at Threat Analysis: “We are being targeted by X.” This frequently leads to policy paralysis or “admiring the problem.”
The Diagnostic approach moves immediately to Problem-Solving:
Identify the specific friction point: (e.g., Is it a lack of state Capacity to enforce regs, or a lack of Legitimacy in the eyes of the public?)
Targeted Intervention: If the vulnerability is “engineered” by past policy choices, the solution is a structural decoupling or a reinvestment in sovereign capabilities.
4. Why the Resistance?
The “Old Guard” resistance to a whole-of-society diagnostic—like the one proposed in the Engineered Vulnerabilities framework—isn’t just a matter of oversight. It is often a structural by-product of how traditional security institutions were built.
The reluctance usually stems from three primary “friction points”:
1. The “Silo” Mandate (Legal and Jurisdictional)
Traditional security institutions are built on strict jurisdictional lines. A “whole-of-society” approach requires looking at universities, private capital, and social cohesion—areas that are traditionally “out of bounds” for intelligence and defence bureaucrats.
· The Conflict: To perform a diagnostic on societal legitimacy or institutional socialization, an agency would have to “look inward” at domestic populations.
· The Old Guard View: This is often seen as “overreach” or a violation of the divide between state security and civil society. They prefer a threat-based model because it keeps the focus on “foreign actors,” which is a much cleaner legal and political mandate.
2. The Professional “Sunk Cost”
As noted in recent discussions, the Old Guard has invested decades of intellectual and financial capital into Threat Analysis.
· Methodological Inertia: Their expertise is in tracking intent (what an adversary wants) and capability (what they have).
· The Diagnostic Shift: A diagnostic approach (using ALC or CIFP metrics) requires a different skillset—sociological analysis, economic structuralism, and an understanding of how policy “socializes” students and bureaucrats. Switching to this requires admitting that the previous multi-billion-dollar focus on “threat monitoring” may have missed the structural decay happening at home.
3. The “Problem-Solving” vs. “Problem-Admiring” Gap
A whole-of-society diagnostic is inherently uncomfortable because it identifies internal failures rather than external enemies.
· Accountability: If a diagnostic shows that Canadian autonomy is undermined by its own “engineered” vulnerabilities (like dependency on specific foreign capital or academic pipelines), the “problem” lies with the policy-makers themselves.
· The “Old Guard” Shield: By sticking to a threat-based assessment, the focus remains on the “attacker.” This allows institutions to ask for more resources to counter the threat without having to fundamentally reform the structure that made them vulnerable in the first place.
4. Fear of the “Legitimacy” Metric
In the ALC (Authority-Legitimacy-Capacity) framework, Legitimacy is the hardest metric for the Old Guard to swallow.
· A diagnostic might reveal that a “Grey Zone” attack is only successful because of a pre-existing domestic legitimacy crisis.
· For a traditional bureaucrat or “Ottawa bubble” analyst, addressing “Legitimacy” as a security vulnerability feels dangerously close to politics. They would rather treat a disinformation campaign as a technical “threat” to be blocked than a “diagnostic signal” that the population no longer trusts the institutional narrative.