In this country’s somewhat belated approach to cyber warfare - it was mentioned for the first time in the 2009 Defence White Paper – the casual observer could be forgiven for thinking that most effort appears to be focussed on the defensive aspects of cyber warfare rather than on its employment for offensive operations.
Indeed, in his comments on the coverage of cyber warfare by that White Paper, ASPI’s Dr Andrew Davies found the description as not particularly illuminating, noting that many of the capabilities would necessarily be highly classified. While he found no explicit mention of offensive operations in cyberspace, he thought it reasonable to assume that cyber operations would work both ways, and that the paper hinted as much when it noted that the new capabilities will ‘maximise Australia’s strategic capacity and reach in this field’.
Davies also made the point that one Defence initiative announced after the launch of the White Paper, the Defence Information Environment (DIE) - the decision to have all security levels on the one (wireless) network - was an interesting one, given the concerns about cyber security and recognition of cyber exploitation opportunities that seem to underpin the cyber warfare initiatives. In the past, he said, networks carrying the most sensitive classified information were kept physically separate from other networks and/or secured by high-level encryption.
That Davies himself will be involved in the development of the 2014 Defence White Paper may see some of his concerns resolved. However we doubt that we will learn more about this country’s approach to offensive cyber warfare operations, as discussion of such concepts in the public domain tends to be limited due to the high security classifications involved.
It seems that the best guide might be the US Government’s Cyberspace Policy Review, which discusses many of the issues that will also be relevant to Australia. It is also more forthcoming on what is involved in the US cyberspace initiatives.
Australia’s stance
The 2013 Defence White Paper did not have much more to say on cyber’s military role other than that cyber capabilities had continued their evolution toward being military capabilities of real value to states, noting that there had been considerable investment in new technology and analytical capabilities ‘to protect Australia against cyber threats and preserve our edge in cyberspace.’
That Australia, the US and the UK, had committed to developing a comprehensive cyber partnership to address mutual threats and challenges emerging in and from cyberspace, was welcome news, as was the previously announced establishment of the Australian Cyber Security Centre. But why it was necessary to identify every agency whose cyber security experts’ skills would be harnessed by the Centre, appears baffling in the circumstances.
More to the point, it did note that the potential impact of malicious cyber activity had grown with Defence’s increasing reliance on networked operations (Davies’ earlier comment re the DIO is highly relevant).
Reducing Defence’s vulnerability to cyber-attacks or intrusions, in a crisis or con?ict, would remain a high priority including the protection of deployed networks and information systems. In a future con?ict or escalation towards con?ict, an adversary could use a cyber-attack to deter, delay or prevent Australia’s response or the ADF’s deployment of forces.
This would probably include the targeting of information systems, networks and broader support infrastructure perceived to be integral to the ADF’s decision-making and war?ghting capabilities. Once deployed, our forces will need to operate as a networked force in a contested environment.
Defence capability would be seriously undermined by compromised sensitive information on command and control, operational planning, platform design or weapon system performance. Additionally, without effective mitigation and protection measures in place, the costs to Defence of addressing cyber intrusions could far outweigh the effort expended by an adversary.
Offensive cyber warfare
In an excellent article on offensive cyber warfare, Major Nicholas Rose, then studying at the USMC School of Advanced Warfighting and currently serving with the Deployable Joint Force HQ, drew on US cyberspace concepts, noting that while US military perspectives consider both defensive and offensive aspects, Australia generally provides only a defensive view.
In his study Rose found that the conceptual understanding of cyberspace was progressing along two broad lines — defensive and offensive cyber. Defensive cyber was aimed at disrupting cyber-attacks focused on gaining access to information and friendly systems and receives considerable attention. The employment of defensive cyber had been the impetus for establishing organisations such as the US Cyber Command and the Australian Cyber Security Centre.
While less developed, he saw offensive cyber as having two broad aims: response to cyber-attacks, and the conduct of proactive virtual activities to enable military operations. This suggested that offensive cyber operations could be ‘active defence’ and/or ‘enabling and attack effects’.
‘Active defence’ is already well developed he says, given its close alignment to defensive cyber. The same could not be said for ‘enabling and attack effects’ in offensive cyber. Details of this aspect of offensive cyber were closely guarded in terms of classification, sensitivity and authorisation for use.
In the article he describes three tools, applicable to offensive cyber operations, should the ADF move from purely defensive concepts of cyber warfare to the use of offensive cyber capabilities along the lines of those concepts under consideration by the Marine Corps. His tools for defence planners include cyber-reconnaissance, cyber-isolation and cyber-strike.
Cyber-reconnaissance: Whereas the conduct of general reconnaissance is necessary to understand an adversary, the conduct of cyber-reconnaissance is necessary to assess an adversary’s network or system, the system’s weaknesses, its defence mechanism and who is operating in the system. For the operational planner, knowing what is occurring inside the enemy’s computer systems is a vital enabler that should be exploited.
Cyber-isolation: The first step may comprise the isolation in cyberspace of a military objective or operating area as a preliminary to land operations. Such isolation can include the denial of official internet services, disruption of cyber systems in an adversary network, and the denial of internet communication to outside third parties. Cyber-isolation would be particularly useful during the decisive phases of an operation in which limiting or disrupting enemy communication networks domestically and internationally may contribute to achieving military objectives.
Cyber-strike: According to some analysts the Stuxnet attack of 2010 was a game-changer in the realm of cyber operations. Stuxnet was a sophisticated computer virus allegedly created by the US or Israel to attack Iranian nuclear facilities. Specifically the worm was designed to survey and then subvert very specific industrial controls relating to supervisory control and data acquisition systems that monitored industrial nuclear processes. A cyber-strike was conducted through the precise insertion of the virus.
Rose noted that the US Navy was reportedly developing airborne electronic warfare systems that will be able to ‘fire’ malicious codes into closed adversary networks from up to 200 miles away. In a similar fashion the US Army was reportedly experimenting with techniques to insert and extract data from sealed or wired networks from a stand-off distance.
Such technology has been termed ‘electronic warfare-enabled cyber’ and attempts to transmit code via radio signals into targeted computer systems. The potential for such weapon systems to be used in future conflict, with the capacity to enable stand-off disruption to enemy networks, is significant.
In conclusion Major Rose says the demonstrated characteristics of cyberspace operations will provide military planners with unique battlespace-shaping tools, including cyber-reconnaissance, isolation and strike that can significantly enhance the future conduct of warfighting.
Australian offensive cyber
While the two previous Defence White papers have been less than forthcoming on this country’s approach to offensive cyber warfare, this was by no means the case with the publication of ‘Australia and Cyber-warfare’, by Gary Waters, Desmond Ball and Ian Dudgeon.
Published in July 2008 it explores Australia’s prospective cyber-warfare requirements and challenges and describes the (then) current state of planning and thinking within the Australian Defence Force with respect to Network Centric Warfare.
It also proposed the establishment of an Australian Cyber-warfare Centre responsible for the planning and conduct of both the defensive and offensive dimensions of cyber-warfare, for developing doctrine and operational concepts, and for identifying new capability requirements. It argues that the matter is urgent in order to ensure that Australia will have the necessary capabilities for conducting technically and strategically sophisticated cyber-warfare activities by the 2020s.
The authors say that a core research function of any Australian Cyber-warfare Centre would be the study of telecommunications architectures—the terrestrial microwave relay networks, SATCOM, and fibre-optic cables—both across the region and in particular countries.
SATCOM and microwave relays are seen as reasonably accessible, allowing IPs and pro-formas for computer-to-computer data exchanges to be identified, and providing opportunities for hacking into command chains, combat information systems, air defence systems and databases. This research activity would also involve the identification of the mobile phone numbers and email addresses of foreign political and military leaders.
Another core research function would be the study of the electronic sub-systems in major weapons systems, such as the avionics of particular combat and support aircraft. This would include, for example, finding ways of penetrating the ‘firewalls’ protecting avionics systems and of using wireless application protocols (WAPs) to insert ‘Trojan horses’.
This would conceivably allow Australian cyber-specialists to effectively hijack adversary aircraft (and to choose between hard or soft landings for them). In other cases, it would allow electronic components to be disabled or deceived—essentially conducting ECM and ECCM operations through cyber-space.
A Cyber-warfare Centre would be centrally concerned with studying the vulnerabilities in both Australian and foreign networks and developments in viruses, worms, ‘Trojan horses’ and other threats to computer-based systems. Publicly acknowledged vulnerabilities in servers indicate promising routes for exploitation.
The study of viruses and worms would be not merely for remedial or longer-term protective purposes, but even more importantly would inform the R&D of superior viruses and ‘Trojan horses’—making them more malicious, or more selective, or more difficult to trace and diagnose, or less able to be fixed.
The authors saw destructiveness as not necessarily the objective. Although there is a place for relatively crude cyber-operations, such as defacement of websites and Denial of Service (DS) attacks, the most effective and successful cyber-warfare activities are those in which control of computer-related systems is taken without detection by the hosts. Covert corruption of databases, deception of sensor systems, and manipulation of situational awareness is much more likely to produce favourable strategic and tactical outcomes.
While many of the suggested functions of a Cyber-warfare Centre were already being performed, to a greater or less extent and with unsatisfactory coordination, by one or more of the organisations operating in the Defence intelligence or cyber-security areas, none had any mandate for the planning and preparation of offensive cyber-warfare activities.
