Where Defence’s diverse information and communications technology was once viewed as a corporate enabler, it’s set to transform into a core capability, generating warfighting effects for the ADF.
Defence Chief Technology Officer Justin Keefe said the ADF is moving more and more quickly to a convergence of people, sensors and platforms.
“This will change fundamentally concepts such as command and control, decision making and indeed the information we rely on for those decisions,” he told the MilCIS (Military Communications and Information Systems) 2021 conference in Canberra in February.
Defence will release an updated Information and Communications Technology (ICT) Strategy in second quarter, which is set to alter some longstanding assumptions.
“What I am seeking from this revised strategy is to acknowledge the fundamental shift of ICT from what I would contend we viewed in the past as a corporate enabler to a core capability that generates warfighting effects for the ADF,” Keefe told the conference.
He said previous ICT strategies focused on the Chief Information Officer Group (CIOG) as a backroom enabler, with commensurate resources and funding.
“We need to pivot. Our reference strategy will be accompanied by an action plan that will prioritise our effort on transforming the secret environment, improving connections across security domains and interoperability with our domestic and international partners,” he said.
“We need to evolve our procedures and processes, otherwise we will not keep up with the speed of the threat.”
Keefe said technology and technological convergence, especially over the last few years, meant that no longer could Australia assume it would enjoy a capability edge over any potential adversary.
“The processes that gave us surety and confidence, that is robust investment pathways and detailed capability development frameworks, now work against us,” he said.
Keefe added his priority was to make sure that Defence had a much more integrated approach to ICT development and investment, that was still agile enough to meet the needs of the warfighter.
“This is a more holistic and programmatic approach to managing Defence’s ICT,” he said. “We need a clear vision for the future of ICT – that is where are we taking the department and why? What will ICT look like in five years?”
One of the constants of advanced technology acquired from the US is that it comes with conditions, imposed through the US International Traffic in Arms Regulations (ITAR).
That’s a regime fundamentally designed to maintain US technological superiority by limiting transfer of advanced defence and space technology and information.
There are exemptions for close allies such as Australia, but there are also – and invariably – conditions, including use by third parties, even domestic agencies and other close allies.
Where once Australia had no choice but to comply as there were either no or limited alternatives, that’s increasingly no longer the case.
Air Commodore Jason Begley, Defence Director General Joint C4 (Command, Control, Communication and Computers) said a resounding and consistent theme from government concerned future Australian sovereignty.
He said what partner nations designed to suit their needs, with their various restrictions, wasn’t necessarily right for Australia.
“If we can’t find ways or get agreements to work with them in a DEVSECOPS approach, then obviously alternatives to that become far more attractive,” he said.
DEVSECOPS (development, security and operations) is an approach to IT culture, automation and platform design that integrates security as a shared responsibility throughout.
Colonel Michael King, director of Land C4, said the ADF needed the ability to rapidly evolve and ITAR had many constraints, although there were areas where we were willing to accept those constraints for what that capability delivered.
He said Australian industry offered huge opportunities. “Army will not always go to fight only with Five Eyes powers. We will in the region almost always have our regional partners along the way with us,” he said.
“ITAR heavily constrains our ability to achieve some of the interoperability requirement we have with those partners.”
COL King said the C4 EDGE program – where an industry consortium demonstrated their ability to deliver a secure tactical battlefield communications system – showed that Australian industry was more than capable of stepping up.
Rob Doughty, assistant secretary for ICT architecture within CIOG said the threat landscape was ever evolving and the risk continued to escalate.
“How we protect against exploitation by adversaries and nefarious actors is a real risk and therefore should be at the heart of everything we do,” he said.
He added all that provided a foundation for moving to a zero-trust network, which takes the approach of ‘never trust, always verify’. All networks, no matter the location, are always assumed to be hostile and monitored continuously.
“This is a fundamental change in approach to security,” he said.
With global tensions rising as Russia prepared to launch its invasion of Ukraine at MilCIS 2021, online activity and espionage by state-based actors had soared, said Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw.
Ms Bradshaw told the conference that ACSC had observed a sharp rise in cyber-criminal activity with the onset of the COVID pandemic.
In the same period, ACSC had observed state-based actors targeting all levels of government, private organisations and industry.
“There is a general trend which we observe and that is when global tensions rise, when there is power conflict, when there is scepticism or uncertainty about what will happen next, state-based actors and espionage all increase,” she said.
Ms Bradshaw said that was because state-based actors were trying to obtain as much information as possible to reduce the uncertainty about what is happening next.