A Sensemaking Framework for Defensive Cyber Operations: Filling the Void in Leadership Discourse


  • Dr. Tim Shives Professor
  • Frank Wleklinski Graduate Student




Defensive Cyber Operations, Sensemaking Framework, Defensive Cyberspace Forces, Cyber Risk Mitigation, Operational Resilience


In the realm of contemporary warfare dominated by cyber threats, Defensive Cyber Operations (DCO) serve as a linchpin for mitigating risks and ensuring mission assurance. This article delves into the intricate landscape of DCO, focusing on the critical role played by Defensive Cyberspace Forces (DCFs). Despite their significance, the absence of a unified sensemaking framework poses a challenge for leaders responsible for the nuanced development and strategic employment of DCFs. The lacuna in the existing literature revolves around the lack of a comprehensive sensemaking framework tailored for operational and DCF leaders. The inadequacies of current frameworks, either overly broad or excessively specific, hinder effective dialogue and understanding. This deficiency not only obstructs the planning efforts and operational tempo of DCO but also restrains the maturation of DCFs, amplifying residual risks faced by commanders. This paper endeavours to present a purpose-built sensemaking framework crafted for leaders engaged in the dynamic realms of DCF development. Integrating well-established risk mitigation principles with the unique organizational structures and missions of DCFs, the framework fills a crucial void in the literature. Beyond being a decision-support tool, it strives to foster a shared mental model, providing a nuanced lens for leaders to contextualize and prioritize their efforts in the complex landscape of DCO. Through a meticulous critique of existing frameworks, this article introduces a tailored model designed to address identified shortcomings. Emphasizing the practical utility of the proposed framework, the discussion unfolds to elucidate how it not only facilitates the development and employment of DCF but also contributes to organizational resilience and risk mitigation. This article contributes a novel sensemaking framework to the academic discourse on DCO. While acknowledging limitations imposed by an unclassified context, the framework provides valuable insights into the strategic dimensions of DCF development and employment, DCO planning intricacies, and organizational analyses. Future avenues for research include the integration of classified information to refine the framework, ensuring its applicability across diverse DCO mission types and aligning DCF core functions with specific threats, thereby enhancing the efficacy of defensive cyber strategies.

Author Biographies

Dr. Tim Shives, Professor

Postgraduate School (NPS). He holds a Doctor of Education and an Education Specialist degree, an MS in Information Technology Management, an MBA, and an MA in National Security. Dr. Shives previously served as a Senior Advisor to Commander of Fleet Cyber Command/10th Fleet and as a civil servant at the Department of Defense, and as an officer in the United States Marine Corps, where he began his career as an attack helicopter pilot. His research interests include cyber operations, information warfare, and information technology management.

Frank Wleklinski, Graduate Student

Frank Wleklinski is a graduate student at the Naval Postgraduate School, studying Information Sciences and Cyber operations. He plans and executes blue-team and red-team operations and advises organizational leaders on the development and maintenance of their cyber capabilities. His main research areas are cyber-enabled decision support systems and cyber defense.