Coalition Defense Coordination

Domain Context

The coalition-defense landscape is structured by overlapping alliance frameworks, each with its own data-handling and command-and-control instruments. NATO operates under STANAG 4774, which specifies confidentiality labels, and STANAG 4778, which specifies the binding of those labels to data objects through cryptographic metadata; together they form the substrate for NATO's "labelled object" model that lets data flow across national CIS systems while retaining originator-controlled handling caveats. The Federation Mission Networking (FMN) framework defines the spirals of capability through which alliance and coalition partners agree on interoperability requirements for a given operation, with FMN Spiral 4 and onward formalizing zero-trust and cross-domain solutions.

Five Eyes (U.S., U.K., Canada, Australia, New Zealand) operates as a deeper but narrower sharing arrangement, with intelligence-community-specific compartments and originator-controls that predate and partially overlap with NATO's instruments. AUKUS Pillar II (advanced capabilities including AI, autonomy, undersea, hypersonics, electronic warfare, and quantum) layers a trilateral capability-development regime over both Five Eyes and bilateral relationships, with its own export-control reform and information-sharing posture. The U.S. Department of Defense's Joint All-Domain Command and Control (JADC2) program, and its combined extension CJADC2, project these arrangements forward into a target architecture in which sensors and effectors across services and partners compose in real time.

Operationally, a single coalition mission touches all of these instruments simultaneously. A maritime interdiction in the Indo-Pacific composes Five Eyes intelligence cueing, AUKUS-derived autonomous platform contributions, NATO-style labelled targeting data shared with a partner outside the formal alliance, FMN-conformant networking on the operational nets, and JADC2 sensor-to-shooter pathways within the lead nation's force. Each contribution carries distinct national authorities, distinct release authorities, and distinct caveat structures.

Architectural Requirement

The architectural requirement is multi-party settlement that is grounded in physical proximity (because coalition assets are physical platforms with physical sensor footprints and physical effector ranges) and that admits cross-domain authority handoff (because no single domain authority covers a multi-national operation). A targeting cycle that begins with a Five Eyes intelligence product, transits a NATO-labelled targeting message, draws on an AUKUS-developed autonomous sensor, and ends in a national-authority weapons release must settle each step against the right authority without ever consolidating those authorities into a coalition-level monolith.

Three properties drive the architecture. First, national authority over national assets must be structurally preserved: when a partner contributes a sensor track, the partner remains the authoritative source for that track and remains the holder of release authority for derivative products. Second, role-differentiated attestation must capture the operational reality of lead, supporting, and observing partners: a lead partner's authoritative actions, a supporting partner's contributory actions, and an observing partner's situational-awareness consumption are different operations that must produce different audit artifacts. Third, byzantine-robust coordination must handle the adversarial reality that coalition partners may be compromised, may be coerced into forced disclosure, or may be impersonated; the architecture must keep operating in the presence of a non-trivial fraction of misbehaving parties without collapsing the coalition.

Why Procedural Compliance Fails

The procedural status quo for coalition coordination is a stack of bilateral and multilateral agreements, liaison officers embedded in partner headquarters, gateway systems that translate between national networks, and event-specific rules of engagement. The procedural stack has three structural failure modes that surface every time a coalition tries to operate at the speed and scale that contemporary threats require.

Coalition data-fabric capture is the strategic failure. Every proposal to "just build a coalition data fabric" runs into the unavoidable politics that whichever nation hosts the fabric becomes the de facto authority over the fabric's contents, which makes adoption impossible for partners who are unwilling to surrender national authority over their own contributions. The result is that coalition data sharing is implemented through gateways and translations that lose lineage at every hop, which makes post-operation reconstruction unreliable and makes adversarial-action attribution dependent on whichever gateway happened to log what.

Integration complexity is the operational failure. The cost of bilateral integration grows superlinearly with partner count, because each new partner needs a bilateral arrangement with every existing partner whose contributions the new partner will consume. A coalition of five partners requires ten bilateral arrangements; a coalition of ten requires forty-five; a coalition of fifteen, well beyond what any liaison-officer regime can sustain at operational tempo. The procedural fix is to designate a lead nation whose systems become the de facto hub, which collapses the integration cost but reintroduces the data-fabric capture problem at the political level.

Authority disputes at every cross-national boundary are the persistent failure. A targeting product derived from partner intelligence, processed on lead-nation infrastructure, transmitted over coalition networks, and acted on by a third-partner platform crosses at least four authority domains. Each crossing currently requires either a pre-negotiated standing arrangement or an ad-hoc release decision; the standing arrangements do not anticipate every operational case, and the ad-hoc decisions create the friction that makes coalition tempo lag adversary tempo.

What the AQ Primitive Provides

The n-party-coordination primitive treats coalition operations as multi-party settlement events in which each participating party retains national authority over its national contributions, and in which the composition of contributions is settled through declared coordination rather than through a coalition-owned store. A targeting cycle is a settlement: each contributing party emits a credentialed event under its national authority (a Five Eyes intelligence product, a NATO-labelled targeting message, an AUKUS-sourced sensor track), and the targeting decision is the settlement that references those events with their national credentialing intact.

Physical-proximity grounding is the property that makes the settlement operationally meaningful. Coalition operations are not abstract data exchanges; they are platforms operating in shared physical space with shared sensor coverage. The primitive grounds settlement in the physical-proximity reality that two coalition platforms in mutual sensor range can mutually attest to each other's presence, which gives the coalition a non-spoofable substrate for "this partner's platform was where the partner says it was at the time the partner says it was there." Forced-disclosure scenarios, partner impersonation, and coordination-disruption attacks all surface as credentialed integrity events against this proximity-grounded substrate.

Cross-domain authority handoff is the property that resolves the boundary-crossing problem. A targeting product crossing from a Five Eyes intelligence domain into a NATO-labelled operations domain into a national-authority release domain is a chain of credentialed handoffs, each of which is a settlement under the authority of the receiving domain that references the credentialing of the originating domain. STANAG 4774 confidentiality labels and STANAG 4778 binding metadata compose into the handoff as the declarative caveat structure rather than as a parallel mechanism. Role-differentiated attestation captures lead, supporting, and observing roles directly, so that a coalition operation produces an audit chain in which each partner's contribution is identifiable as that partner's contribution at that role.

Compliance Mapping

The mapping to existing instruments is structural. STANAG 4774 confidentiality labels and STANAG 4778 binding metadata are the declarative caveats on credentialed events; an event labelled NATO SECRET REL FVEY enters the architecture as a credentialed event whose declared release is to Five Eyes parties, and the cross-domain handoff machinery enforces the release by checking the receiving party's credentialing rather than by gateway-translation. Five Eyes originator-controls, AUKUS Pillar II information-sharing posture, and bilateral arrangements compose as additional credentialing classes on the same events.

FMN spirals consume the architecture as their interoperability substrate: spiral-defined services and capabilities are declared compositions over the coalition's credentialed-event stream, and FMN's zero-trust direction is satisfied as a side effect of treating every cross-party operation as an authenticated, authorized, audited event. JADC2 and CJADC2 sensor-to-shooter pathways become declared compositions over partner contributions, with each pathway producing a reconstructable lineage from sensor-detection through targeting-decision through effector-tasking. ITAR, EAR, and partner-nation export-control regimes that govern what may be shared with which partners under which arrangements compose as additional declared release rules on the credentialed events, satisfying export-control obligations without requiring parallel manual review at every transfer.

Adoption Pathway

Adoption does not require a coalition-wide commitment. A single nation can deploy the architecture inside its own coalition-facing systems, treating partner contributions as credentialed events under partner authority and emitting its own contributions as credentialed events under its own authority. Other partners that have not adopted the architecture are still consumable as credentialed-by-attestation events: the deploying nation attests to having received the partner's contribution under the partner's stated authority, and the resulting lineage degrades gracefully into the same audit-grade chain that fully-adopted partners produce.

Bilateral and trilateral pilots follow naturally from the deepest existing relationships. A Five Eyes pilot focused on a single intelligence-product class, an AUKUS Pillar II pilot focused on a single autonomous-capability development line, or a NATO pilot scoped to a single FMN spiral capability all run end-to-end without waiting for coalition-wide adoption. As alliance frameworks evolve (NATO post-2030 force model, AUKUS Pillar II expansions, ad-hoc coalitions formed for specific operations), the architecture admits the changes through declared specification rather than through re-integration, which is the property that lets coalition coordination keep pace with the strategic environment rather than with the bilateral-arrangement calendar.