Take the UK’s 2021 Integrated Review. It didn’t use the term “six pillars” outright, but its structure maps neatly onto such a model. Same with Australia’s 2023 Defence Strategic Review. Even the EU’s Strategic Compass, while more political, dances around these same six core ideas. So while the phrase isn’t enshrined in law or doctrine, it’s become a kind of shorthand—a way to simplify a sprawling, high-stakes system. And that’s exactly where confusion sets in. People don’t think about this enough: defence isn’t just tanks and soldiers. It’s also power grids, satellite networks, diplomatic channels, and even public trust. When a cyberattack knocks out a hospital, is that a defence failure? Absolutely. So the “pillars” aren’t just military. They’re societal.
Defence Isn’t Just War: Context and Misconceptions
Before we dive into any list, we need to dismantle a myth. Defence doesn’t mean warfighting. Not entirely. Yes, armed conflict is part of it—always has been—but modern defence is more like a spectrum. At one end: total war. At the other: peacetime deterrence, diplomacy, and disaster response. The issue remains that many still view defence through a Cold War lens—bombers, battalions, big budgets. But today, a successful attack might come via a phishing email, not a missile. That’s why the “pillars” must include non-kinetic elements. Take Estonia in 2007. No shots fired. Just a wave of coordinated cyberattacks shutting down banks, media, and government services after a diplomatic row with Russia. Was it an act of war? NATO said yes, informally. And that’s when the first pillar—deterrence—had already failed. Or had it?
The Myth of a Fixed Doctrine
There is no Geneva Convention for defence models. Each country builds its own. The U.S. leans on “integrated deterrence,” a buzzword coined by the Pentagon in 2022, blending nuclear, conventional, and cyber tools. France prefers “strategic autonomy,” emphasizing independence from NATO and U.S. command. India’s doctrine is asymmetric, focused on China and Pakistan. So when someone says “the six pillars,” ask: whose version? Because doctrine is political. It reflects threat perception, budget limits, and national pride. And because of that, any list you read—this one included—is interpretive, not definitive.
Why Six? Why Not Five or Seven?
Simple: six is a tidy number. Not too few to omit critical areas, not so many it becomes unmemorable. It fits on a slide. It works in a speech. But honestly, it is unclear whether six is optimal. Some models use four (like the UK’s “Defence in a Competitive Age” paper). Others go up to nine. The number is less important than the logic behind the categories. Suffice to say, six allows enough granularity without drowning in complexity.
Deterrence: The Art of Not Fighting
The first pillar, and often the most misunderstood, is deterrence. It’s not about winning wars. It’s about preventing them. The logic is cold: if an adversary believes the cost of attacking exceeds any possible gain, they won’t act. Nuclear deterrence is the classic example—Mutually Assured Destruction kept the Cold War cold. But today, deterrence is broader. It includes cyber retaliation, economic sanctions, and even rapid troop deployment. For instance, NATO’s Enhanced Forward Presence in the Baltics—around 5,000 troops rotated from allied nations—is meant to signal: “Attack one of us, and you face the whole alliance.” That’s classic deterrence. But does it still work against hybrid threats? What if the attacker is a non-state group, or a country that denies involvement?
And that’s where it gets tricky. Deterrence relies on clarity. But modern attacks are often ambiguous. A ransomware gang in Russia hits a German factory. Is that the Kremlin? Maybe. Maybe not. Attribution takes time. By then, the damage is done. So deterrence falters. Because it requires a known, attributable actor. Which explains why some experts argue for “deterrence by resilience”—making systems so robust that attacks fail to achieve their goal, hence discouraging future attempts.
Readiness and Rapid Response: Boots on the Ground, Fast
Readiness means being able to fight—today, not next year. It’s not just having soldiers. It’s having them trained, equipped, and deployable within hours. The U.S. Army’s 82nd Airborne Division can deploy anywhere in the world within 18 hours. The UK’s 16 Air Assault Brigade is similar. This isn’t theoretical. In 2021, when Kabul fell, U.S. forces evacuated 124,000 people in two weeks. That required readiness at every level—airlifts, security, logistics. But readiness is expensive. Keeping units at peak alert burns through fuel, wears out gear, and strains personnel. So most armies rotate readiness: some units on high alert, others in training or rest. The problem is, when a crisis hits, you need the right units ready—not just any units. And that’s where capability gaps appear.
Force Generation: The Engine Behind Readiness
Readiness doesn’t happen by magic. It’s fed by force generation—the pipeline that recruits, trains, and equips personnel. The British Army, for example, has struggled with recruitment since 2020, missing targets by over 4,000 soldiers per year. That weakens readiness. Same with equipment. Germany’s Leopard 2 tanks are top-tier, but in 2022, only 31 out of 220 were combat-ready. Why? Maintenance backlogs, spare parts shortages. So readiness isn’t just about policy—it’s about industrial capacity, budget stability, and long-term planning.
The Time Factor: Why Minutes Matter
In war, speed saves lives. A 2015 study by the U.S. RAND Corporation found that reducing response time by 24 hours in a Baltic conflict scenario increased allied survival rates by 37%. That’s not a typo. One day. One-third more lives saved. That’s why rapid deployment forces exist. And that’s why countries like Poland are building express rail lines to their eastern border—to move tanks faster. Because when the enemy moves at 60 km/h, you’d better not crawl at 20.
Resilience: When the Lights Go Out
Resilience is the quiet pillar. It’s about surviving attacks—even catastrophic ones—and bouncing back. Think power grids, water supplies, communication networks. In 2022, Russian missiles hit Ukrainian energy infrastructure. Millions lost heat in winter. But Ukraine kept the grid limping along—repair crews working under fire, decentralizing power where possible. That’s resilience. NATO now requires all member states to assess critical infrastructure vulnerability. The U.S. Department of Homeland Security mandates cyber resilience for utilities. Because a blackout can be as damaging as a battlefield loss.
But resilience isn’t just hardware. It’s social. Can the public endure hardship? In Finland, civil defence includes stockpiling food, training civilians in first aid, and maintaining emergency radio networks. Sweden reintroduced conscription in 2017, partly to build societal cohesion. And because, well, when the chips are down, you need people who know how to act. Not panic.
Intelligence: Knowing Before It Happens
You can’t defend what you don’t see. Intelligence is the eyes and ears of defence. It’s not just spies. It’s satellites, signals intercepts, open-source data, and even social media monitoring. The 2003 Iraq War is a grim reminder of what happens when intelligence fails. No WMDs. But more recently, intelligence successes stand out. In 2022, Western agencies detected Russian troop buildups around Ukraine weeks in advance. That allowed NATO to prepare. Lives were saved. Early warning is force multiplication.
Yet, intelligence is imperfect. It’s a mosaic—thousands of fragments, some false, some outdated. Analysts must piece it together under pressure. And sometimes they get it wrong. The issue remains: more data doesn’t mean better insight. It means more noise. Which is why AI is being used now—not to replace analysts, but to filter. The UK’s GCHQ uses machine learning to flag suspicious cyber patterns from petabytes of traffic. But humans still make the call. Because nuance matters. A spike in communications could mean attack—or just a holiday.
International Cooperation: Strength in Numbers
No country defends alone. Even the U.S. relies on allies. Take GPS. The system is American, but Europe’s Galileo and China’s BeiDou offer alternatives—yet most militaries use multiple systems for redundancy. Or consider the F-35 fighter jet: built by the U.S., but with components from 9 countries, including the UK (engine) and Italy (final assembly). That’s cooperation. It spreads cost, shares risk, and deepens alliances. But it’s not without friction. Turkey was kicked out of the F-35 program in 2019 after buying Russian air defence systems. So cooperation requires trust. And alignment.
NATO is the gold standard. But there are others: the Five Eyes (intelligence sharing between U.S., UK, Canada, Australia, New Zealand), AUKUS (nuclear submarines for Australia), and the European Union’s Common Security and Defence Policy. Each has strengths. Five Eyes is agile. AUKUS is high-tech. The EU is bureaucratic but improving. The question is: which model fits future threats?
Frequently Asked Questions
Are the 6 pillars of defence official military doctrine?
No. There is no single global doctrine that defines them. The term is used informally across governments and think tanks to describe a comprehensive approach. Some nations, like Australia, have official frameworks that resemble the six pillars. Others don’t. Experts disagree on whether standardizing such a model would help coordination—or just create bureaucratic inertia.
Can a country skip one pillar and still be secure?
Theoretically, yes. But it’s risky. Switzerland has no navy—obviously, it’s landlocked. But it compensates with massive resilience and neutrality. North Korea skips cooperation and transparency but relies on extreme deterrence and control. Most nations, though, need all six to some degree. Omitting one creates a gap. And adversaries exploit gaps.
Is cyber defence one of the six pillars?
Not as a standalone pillar. But cyber cuts across all six. It’s part of intelligence (hacking for data), resilience (protecting networks), deterrence (threat of retaliation), and cooperation (sharing threat intel). The UK spends £2.6 billion annually on cyber defence. The U.S. Cyber Command has over 6,200 personnel. So while it’s not a pillar, it’s woven into every one.
The Bottom Line: Defence Is a Living System
I am convinced that the six pillars aren’t a checklist. They’re a mindset. A way to think about security in layers. And I find the rigid doctrine approach overrated—strategy must adapt. The world isn’t static. Neither should defence be. That said, resilience deserves more investment than it gets. We pour money into jets and drones, but forget that a society that crumbles under pressure can’t fight back. My recommendation? Double civil defence budgets. Train civilians. Harden infrastructure. Because the next war might not start with a bang. It might start with a blackout.