ASPI Decades: Cybersecurity | The strategist
ASPI celebrates its 20th anniversary this year. This series reviews the work of ASPI since its inception in August 2001.
In the language of strategy and defense, the information space has become the combat space.
Cyberspace is a new military arena where heavy blows – âkinetic effectsâ – can be inflicted.
In this overcrowded realm, governments seek to lead, demand, defend and attack.
Tech giants are getting gargantuan. Companies abound. Spies and criminals throng.
And billions of people can act as individuals as well as as groups.
Today’s cybersphere and tomorrow’s quantum computing are a multiple expression of what Marshall McLuhan saw 50 years ago: “time and space” and instantly and continuously pours out the concerns of all upon usâ¦ He has reconstituted the dialogue on a global scale. ‘
The cyberworld can be specific and infinitely individual, an area where a lone terrorist can radicalize and take action.
Australia’s first national security statement in 2008 declared electronic security one of the top security priorities, referring to cyber warfare, cyber attacks, electronic espionage, threats to infrastructure critics running on computer systems and computers used by terrorists.
An ASPI article on threats and responses in the information age, Alastair MacGibbon said Australia’s cybersecurity policy has been overtaken by the adoption of the technology by the public, industry and government – and its abuse by criminals and foreign powers.
Canberra had relied on businesses for security solutions through industry self-regulation and a mistaken belief in “light” regulation of telecommunications. A narrow political focus on the legal definition of cybercrime has missed broader issues, MacGibbon said, causing a growing gap between the issue of cybersecurity and the national capacity to address it. Australia faced a higher level of risk due to “the progressive nature of government policy making which cannot keep pace with the speed of innovation in information and communications technology, and more importantly, of how these systems are abused â.
2011 cybersecurity investigation, Andrew Davies ruled that Australia had acted ‘after the event‘ to catch’. Awakened by “constant penetration of national and trade systems and substantial trade losses”, elements of a national strategy had emerged.
Using the expertise of cyber operations in defense and national security, Canberra could provide advice, establish regulatory frameworks and even offer technical help and tools. The outstanding questions, Davies wrote, were whether the governance mechanisms in place would be sufficient as the problem evolved and grew, and whether the resources involved were commensurate with the threat.
At the 2011 AUSMIN talks in San Francisco, marking the 60th anniversary of ANZUS, the alliance extended in cyberspace: ‘[O]Our governments share the view that in the event of a cyber attack threatening the territorial integrity, political independence or security of any of our nations, Australia and the United States would consult and determine the appropriate options to deal with the threat.
It was the first time outside of NATO that two allies formalized cooperation in the cyber domain, wrote Carl Ungerer, while warning that classic deterrence would not work in this new domain:
The real threat to cybersecurity does not come from a single weapon of mass destruction, but from the persistent and pernicious combination of online crime and espionage that undermines financial systems, compromises the identities of individuals and steals important assets. intellectual property rights to businesses and governments. The classic deterrence theory of endangering the things an opponent values ââfails in the cyber world, as potential attackers operate with a supposed level of denial that alters their calculation of risk.
ASPI hosted a conference of Australian and US experts in Washington in 2011 to discuss the future of cyber conflict and defense. Lydia Khalil wrote that the alliance should define what kind of cyber attack would be a threat to territory, politics or security:
[T]Here is an important blur between espionage and attack in cyberspace which does not exist in physical space. The same intrusion method used to extract information from a network can also be exploited to carry out an attack aimed at disrupting that network. This is a critically important distinction that policy makers need to be aware of and take into account. While not every cyber intrusion can be categorized as an âattackâ per se, it is extremely important to assess whether or not an intrusion exploited a vulnerability that could also be used to disrupt or destroy networks.
ASPI believed Canberra needed to provide more consistency and clarity on the cyber challenge. The institute’s response was to create the International Center for Cyber ââPolicy, in August 2013, with Tobias Feakin as director.
Peter Jennings said the center was ASPI’s first major expansion as a think tank, giving it a broader mandate. Cybersecurity, he said, is emerging as “one of the most important strategic challenges facing Australia”. Jennings and Feakin wrote that ASPI saw a urgent need be involved in emerging political debates:
There are two such debates: one at an often very confidential government level, and one which encompasses a larger group of civil society, but which is often limited to those with in-depth specialist knowledge of technologies of the environment. information and security. A broader dialogue is needed among those interested in many aspects of the impact of cyber issues on public policy making.
The International Cyber ââPolicy Center reportedly four goals:
- Raise the level of Australian and Asia-Pacific public understanding and debate on cybersecurity.
- Focus on the development of innovative and high-quality public policies on cyber issues.
- Provide a means to organize a dialogue on tracks 1.5 and 2 on cyber issues in the Asia-Pacific region.
- Connect different levels of government, businesses and the public in a sustained dialogue on cybersecurity.
Jennings and Feakin have defined a credo for the cyber center based on needs and ambition:
These efforts will be made nationally and internationally and will aim to strengthen cybersecurity in Australia and the region. There are currently no centers in Australia or Asia that offer a strategic research and awareness program focused on the national and international development of ârules of the roadâ and confidence-building measures for the cyber domain.
One of the core principles of the ASPI International Cyber ââPolicy Center will be to ensure that the voices of the private and public sectors are heard and taken into account. The internet is primarily in the hands of the private sector and civil society, so their input is essential if we are to build sustainable cybernorms that do not restrict innovation and commerce, and that make cyberspace a safe place.
Visiting Washington in January 2016, Prime Minister Malcolm Turnbull announced a new Cyber ââSecurity Dialogue convened by ASPI and the Center for Strategic and International Studies.
As co-chair of the first dialogue, Feakin said he was responding to a new central political interest. The two allies have achieved more could be done using the public and private sectors and academics. Unlike traditional security issues, cybersecurity could not remain the exclusive responsibility of States:
[R]resources must be pooled and expertise and information shared. In the online world, Australia faces a strategic situation filled with enemies who are constantly rewriting the rulebook as to what can be achieved through disruption and disinformation online. But governments are not the exclusive targets. States seeking a competitive economic advantage target the private sectors of other countries in search of the information or intellectual property nugget that will guarantee a national salary.
In November 2016, the Turnbull government announced the appointment of Australia’s first Ambassador to cyber business: Toby Feakin from ASPI.
From the book on the first 20 years of the institute: An informed and independent voice: ASPI, 2001-2021.