Australia’s response to the emerging centrality of cyber space in the conduct of future war has been slow and fragmented. The Australian play-book is not blank but it looks very different from those of pace-setter countries: key chapters in their play books do not yet appear in ours. The dilatory tempo of Australian policy is true in different ways for various actors: the government, the armed forces, the private sector, and the strategic studies community. This paper describes a number of international benchmarks which might provide guideposts for a rapid catch-up in Australian capabilities for military security in the information age (for cyber-enabled war). The paper will be relevant to other middle powers, many of which are even more disadvantaged than Australia in national military policy for cyber space.
Discussion Papers, Briefs and Lit Reviews
The Discussion Paper Series is a vehicle to subject the research of scholars associated with UNSW Canberra Cyber to further review and debate prior to the finalisation of research findings in more formal scholarly outlets, such as journals or books. Briefing Papers are more descriptive and present background data or information used in the research in accessible forms. The Literature Review series also provides useful background analysis of the field.
Works in this series from UNSW Canberra Cyber are licensed under a Creative Commons Attribution 4.0 International License.
The cyber challenge faced by the Australian Defence Force (ADF) is not simply one of preventing information compromise (classic cyber security) in peacetime, but includes preventing its systems and platforms from being crippled or subverted by the offensive cyber operations of an enemy in combat. In principle, all new ADF weapons platforms should have specifications and capabilities that can address both needs. Since 2009, the U.S. armed forces have had clear policies to ensure that the threat posed by cyber warfare is integrated into the development, acquisition, and fielding of all of its platforms that use information or software systems. As a result, U.S. forces attach a high piroity to designing cyber-resilient systems. Unlike its U.S. counterpart, the ADF has not formally required its new defence systems to be tested against cyber-threats as a standard practice in its operational testing and evaluation (T&E) that takes place in the acceptance phase for new major platforms. Consequently, the ADF would appear to be missing a vital step in addressing the potential vulnerabilities of its major platforms to cyber-attack. This paper argues that Australian test agencies urgently need an updated T&E policy and additional funding to enable the ADF to conduct cybersurvivability trials, and that we look for economies in this through enhanced cooperation with the U.S. armed forces.
Australia’s take up of advanced technologies has been highest in consumer applications, commerce, science, mining and health. The response has been moderate in most industrial and defence applications. It has been poor in education and a range of social management, policing and government functions. The federal government has moved aggressively in the past nine months to redress the country’s technological lag with a new ambition to enter the top ten of the most technologically innovative countries in the world. When it comes to addressing threats from those advanced technologies, the country has been even farther behind the pace. Awareness in the broader community and even in leadership circles of the threats from advanced technology is quite weak. Almost all countries are in the same position of lag facing advanced technology threats but that is small cause for comfort.
The cyber security skills crisis is a key policy issue in many countries, and governments look in part to universities to address it. This paper addresses one narrow question to see how it speaks to the broader challenges: are current Master of Cyber Security programs in Australia preparing students for the workforce? This research flags a new direction for further, much needed research rather than claim to be an exhaustive analysis. The paper outlines cyber security education as being multi-faceted and multidisciplinary and then identifies current gaps in university-based offerings. It pursues several lines of investigation. The first approach is to scope the field. To do that, and following a brief literature review, the paper proposes a new multi-level matrix, the Cyberspace Education Framework.
The announcement of a new ‘Information Warfare Division’1 within the Australian Defence Force acknowledges the need for cyber-enabled warfare strategies to address the challenges of the information age. Implementing such force modernisation demonstrates a positive, albeit belated, approach to address the disruptive nature information technology is having on the character of modern warfare. This announcement presents an opportunity for Australia’s Special Operations Command (SOCOMD) to maintain its position as the Government’s military-strategic vanguard by developing a cyber-enabled ‘Special Information Warfare’ concept. This concept will call for bottom-up action that senior Government and Defence decision makers can support through policy and doctrinal debate.
The paper sets out some background on the concept of cyber storm since the weather metaphor was given some currency beginning in 2006. Looking to the future, the paper then suggests that cyber blitzkrieg may be a more appropriate term, since states are contemplating sustained multi-vector, multi wave information attacks in which suddenness (including pre-emption) may be an essential characteristic. The paper then gives an overview of the concept of civil defence, including the idea that a civil defence gap can affect strategic military deterrence in certain circumstances. The paper reviews in brief the evolution of cyber civil defence in the two decades beginning in 1998, suggesting that by 2016 the major powers had identified a new urgency that speaks more to the fear of cyber blitzkrieg than to fear of a cyber storm.
The report recommends that Australia move rapidly toward a comprehensive system of cyber civil defence that does not yet exist and which will demand paradigm-changing actions and decisive leadership by key stakeholders. The recommendation is underpinned by research over more than a decade on trends in technology, the observed activity of major powers, and their active planning for wide-ranging attack on civilian infrastructure of military significance in the event of war or hostilities. Over the next decade, Australia is committed to spending hundreds of billions of dollars on advanced military platforms for credible but low-likelihood contingencies. The federal government has recently begun to plan for more effective defence in national cyber crises. However, it has yet to invest the necessary political capital and money to mobilise nation-wide defence against the large-scale attacks on civilian cyber infrastructure that some states are planning in the event of war.
This UNSW Canberra Cyber Briefing Paper provides a "checklist" of seven key foundations for a sound national strategy for cyber security in Australia. It adopts a benchmarking approach, looking at the United States and United Kingdom as exemplars.
We believe that we should expect to see a reasonable degree of similarity and common elements among the strategies of these three countries given the relative state of their technological and social development in this area of policy. They all participate in a shared global exchange of trade, investment and intellectual property, and they are close allies in cyber security affairs. That said there will also be essential differences based on many other considerations, not least relative wealth, industrial base and political priorities.
On the 100th anniversary of the Battle of Beersheba, Australia’s Minister for Veterans’ Affairs, Dan Tehan, joined the Prime Minister, Malcolm Turnbull, in a commemorative visit to Israel. Tehan, who is concurrently Assistant Minister to the PM for Cyber Security, used the opportunity and most of his time in Israel to also lead a delegation from industry, government, and academia to stimulate closer ties between the two countries in the realm of cyber security.
This ACCS briefing paper analyses available public data on the main subjects of completed PhD dissertations in China to determine trends in completions on the separate subjects of cyber security, information security, quantum communications/quantum computing, and artificial intelligence. It has been prepared in support of a research project led by Professor Greg Austin on cyber security education at the Australian Centre for Cyber Security (ACCS) in the University of New South Wales Canberra.
This briefing paper assembles public source information on Chinese universities and several research institutes that are prominent in cyber security studies in China. It is based largely on material from the websites of the various institutions. In many cases, the material is simply a translation of entries in Chinese on the websites. The authors have not sought to verify any of the information from independent sources. The briefing paper was prepared as part of the background research for a project culminating in the publication of Cybersecurity in China: The Next Wave (Springer 2018).
This literature review offers some insight into how scholars have studied cyber dependencies. The main studies present, in considerable depth, the growing importance of cyber assets in the daily functioning of society. By detailing the differing types of infrastructure dependencies, the scholars affirm the fundamental risks of such dependency in the case of critical infrastructure, and the challenges these vulnerabilities present for resilience management. However, in contrast to the gravity of the vulnerability, the research reviewed reveals a lack of comprehensive information and analysis of cyber dependency that might clearly define the implications of it for critical infrastructure resilience.