Australian Army Journal Cyber-warfare Edition · Australian Army Journal Cyber-Warfare Edition Army Serving our Nation • The Utility of Offensive Cyber-Operations in Conventional

Army

Serving our Nation

Australian Army JournalCyber-warfare Edition

Cyber-warfare Edition Volume XIV, Number 2

The Utility of Offensive Cyber-Operations in Conventional •Military Engagements

Examining the Australian Army Adaptation to Cyber-enabled Warfare•

Transforming Army’s Logistics Capabilities through Emerging Big •Data Analytics

Cyber-resilient Supply Chains: Mission Assurance in the Future •Operating Environment

Australia’s Readiness for a Complex Cyber Catastrophe•

Asymmetric Advantage in the Information Age•

Australian Army JournalCyber-Warfare Edition

Army

Serving our Nation

The Utility of Offensive Cyber-Operations in Conventional • Military Engagements

Examining the Australian Army Adaptation to Cyber-Enabled Warfare•

Transforming Army’s Logistics Capabilities through Emerging Big Data • Analytics

Cyber-resilient Supply Chains: Mission Assurance in the Future • Operating Environment

Australia’s Readiness for a Complex Cyber-Catastrophe•

Asymmetric Advantage in the Information Age•

Cyber-Warfare edition Volume XIV, Number 2

ii

The Australian Army Journal is published by authority of the Chief of Army.The Australian Army Journal is sponsored by Head Land Capability.

© Commonwealth of Australia 2018.

This journal is copyright. Apart from any fair dealing for the purposes of study, research, criticism or review (as permitted under the Copyright Act 1968), and with standard source credits included, no part may be reproduced by any process without written permission.

Contributors are urged to ensure the accuracy of the information contained in their articles; the Editorial Advisory Board accepts no responsibility for errors of fact.

Permission to reprint Australian Army Journal articles will generally be given by the Managing Editor after consultation with the author(s). Any articles reproduced must bear an acknowledgement of the source.

The views expressed in the Australian Army Journal are those of the contributors and not necessarily those of the Australian Army or the Department of Defence. The Commonwealth of Australia will not be legally responsible in contract, tort or otherwise for any statement made in this journal.

ISSN: 1448-2843 (print)

Website: www.army.gov.au/our-future Twitter: @AARCAusArmy Contact: [email protected]

TheAustralianArmyJournalCyber-WarfareEditionStaff

Publications Manager/Editor/Designer: Major Conway Bown Senior Editor: Major Cate Carter Editor: Mr Thomas Rose

Editorial Advisory Board

Colonel Peter Connolly DSC, CSC Major General Craig Orme (Ret’d) DSC, AM, CSC Prof John Blaxland Prof Peter Dean Mr Tim Gellel

Australian Army Journal Cyber-Warfare Edition 2018

Volume XIV, Number 2

iii

Contents

Foreword ...................................................................................................1

Major General Marcus Thompson, AM

The Utility of Offensive Cyber Operations in Conventional Military Engagements ..........................................................5

Captain Lachlan Abbott

Examining the Australian Army adaptation to Cyber-enabled Warfare—Organisational and Cultural Challenges ..................................15

Captain J

Transforming Army’s Logistics Capabilities through Emerging

Big Data Analytics—Challenges and Opportunities ................................29

Major Keyurkumar Patel

Cyber-resilient Supply Chains: Mission Assurance

in the Future Operating Environment ......................................................41

Dr Benjamin Turnbull

Australia’s Readiness for a Complex Cyber Catastrophe .......................57

Lieutenant Jonathon C Ladewig

Asymmetric Advantage in the Information Age: An Australian Concept for Cyber-Enabled ‘Special Information Warfare’ .....................79

Captain Ben Johanson

iv

Australian Army Journal Cyber-Warfare Edition 2018 Volume XIV, Number 2



1

ForewordMajor General Marcus Thompson, AM Deputy Chief Information Warfare

A new type of war has emerged, in which armed warfare has given up its decisive place in the achievement of the military and political objectives of war to another kind of warfare – information warfare.

Kvachkov, V, Russia’s Special Purpose Forces, Voyennaya Literatura

This special edition of the Australian Army Journal is about cyber-warfare. Everywhere we look, whether at work or at home, the cyber-threat is trending upwards and the risk is increasing. Developing defensive and offensive cyber capabilities in Army will demand focussed attention on information warfare operations and cyber-security as a necessary function of network operations. Army is actively pursuing a path to cyber- readiness, but many questions remain unanswered. This collection of articles explores the challenges and opportunities that lie within developing such a capability.

In his article, The Utility of Offensive Cyber-operations in Conventional Military Engagements, Captain Lachlan Abbott critically analyses the current and potential uses of cyber-operations in support of conventional military activity. This analysis considers whether cyber-operations are the latest

Foreword

2


2

fad of militaries attracted to technological solutions, or if cyberspace truly is another domain of warfare providing a measurable advantage to the stakeholder who can control it.

In Asymmetric Advantage in the Information Age: An Australian Concept for Cyber-Enabled ‘Special Information Warfare’, Captain Ben Johanson then considers the future operating environment. He suggests that a technologically-enabled Special Operations Task Group deployed against a hybrid threat could demonstrate the utility of developing a unified strategy of ‘Special Information Warfare’.

Cyber-attack is not just about theft of information but also the risk of data corruption through the insertion or modification of information and data to impact the operational or logistic decision cycles. Major Keyurkumar Patel’s engaging article, Transforming Army’s Logistics Capabilities through Emerging Big Data Analytics – Challenges and Opportunities, explores the challenges to logistic systems posed by such cyber-attacks, impacting on operations through delays and loss of services.

Captain J demonstrates that the path to cyber-readiness and self-defence is through the individual member’s preparation in the cyber-environment. Examining the Australian Army Adaptation to Cyber-enabled Warfare – Organisational and Cultural Challenges identifies that Army lags behind other developed countries’ national land forces in cyber-technology and identifies organisational changes that could speed up effective adaptation to a cyber mindset.

If amateurs talk tactics and professionals talk logistics, then Dr Benjamin Turnbull’s excellent piece Cyber-resilient Supply Chains: Mission Assurance in the Future Operating Environment brings home the importance of a military’s operational viability being threatened by cyber- attack on its logistics lines of communication. In his description of the ‘assume breach and fight through’ resilience required of mission-oriented digital – and even human – systems provides significant food for thought for where our Army needs to progress in its cyber-future.

Finally, in Australia’s Readiness for a Complex Cyber Catastrophe Lieutenant Jonathan Ladewig explores Australia’s readiness and disaster resilience, identifying Australia’s preparedness requirements to withstand a complex cyber-attack.

Foreword

3



Major General Marcus Thompson, AM. Deputy Chief Information Warfare addresses a gathering of key stakeholders involved in Information Warfare. (Image: DoD)

These writers, many of whom are undertaking graduate studies in new cyber-warfare programs, are the emerging experts in cyber technology for Army, and potential future leaders. Army needs champions of this new capability, but cannot do it alone. The ADF’s new Information Warfare Division along with Defence and other government departments, science and technology organisations, Defence industry and security partners, is embracing this new domain and allowing us to become masters of the information environment. I commend this special edition of the Australian Army Journal – Cyber-Warfare to you.

Marcus Thompson, AM Major General Deputy Chief Information Warfare

Foreword

4




5

TheUtilityofOffensiveCyber-Operations in Conventional Military Engagements

Captain Lachlan Abbott

Abstract

Several high profile cyber-attacks have suggested that cyber-weapons are as important a force multiplier today as airpower was in 1939. This concept requires further analysis to place the utility of cyber-weapons in context, particularly within the tactical level of conflict. To determine the potential uses of cyber-weapons, this paper examines the recent evidence of cyber-operations in conflict and extrapolates potential utility within a conventional military scenario. From this analysis, the evidence demonstrated that for deliberate attacks with commensurate planning and lead time, cyber effects can have a significant impact on the outcome of the conflict but, outside this scenario, the use of cyber-weapons is likely to have minimal impact Background

Over the past quarter-century, governments have increasingly looked to the use of cyber-operations as a means of supporting conventional military engagements. This increase in cyber-activity has, understandably,correlated

The Utility of Offensive Cyber-operations in Conventional Military Engagements

6


with the proliferation in advanced, technical weaponry and has become an active topic in military academia. Proponents of cyber-operations such as Bonner have argued aggressively the merits of cyber-operations, defining it as a new domain of warfare alongside land, sea, air and space.1 Other academics, such as Feakin, have argued a more conservative opinion, presenting that cyber-activity does not fundamentally change conventional military operations.2 This essay will critically analyse the current and potential uses of cyber-operations in support of conventional military activity. This analysis will determine if cyber-operations are the latest fad of militaries attracted to technological solutions or if cyberspace truly is another domain of warfare providing a measurable advantage to the stakeholder that can control it.

War’s conventional military operations are actions that use force, or the threat of force, to compel an adversary towards a particular course of action. War, in the words of Clausewitz, is ‘the continuation of politics through other means’.3 This definition of military operations focuses on kinetic activity and, consequently, this analysis will not include what can be defined as cyber-espionage or cyber-activity that does not directly support a kinetic military operation. Cyber-espionage has already been demonstrated through the 2015 Mandiant report on China,4 as well as the US-China Cyber Agreement,5 as having great utility in gathering intelligence. Intelligence does indirectly support a military operation by establishing favourable conditions for a military action, however this analysis will focus on the utility of cyber-operations after an engagement has begun. This will establish the broader utility of cyber-operations and put into perspective the arguments comparing modern cyber-operations with the genesis of air operations at the turn of the 20th Century. Paramount in this analysis will be determining if activities in cyberspace provide a measurable advantage within the context of a military engagement. Contemporary Cases Complicating any analysis of cyber-operations supporting a military engagement is the lack of historical evidence and the trend for modern actors to hide their true cyber capability. The only contemporary case of cyber activity supporting a military operation is the 2009 Russian-Georgian conflict. This conflict saw the coordination of a conventional Russian attack, spearheaded by mechanised divisions, with a significant denial-of-services


7



cyber-attack on Georgia. The military attack quickly routed the Georgian forces, who never seriously countered with subsequent operations until the Georgian submission to Russian demands five days later. At first glance this appears to indicate a clear example of cyber-activity enabling a decisive military victory but under closer examination the Russian-Georgian example is not as conclusive as it appears. The cyber-attack did prevent Georgians from using the internet and slowed international response to the conflict 6 but, as the US Cyber Consequences Unit 7 makes quite clear, the cyber-attack had little to no impact on the outcome of the military conflict. This analysis makes sense when we consider the conventional military disparities between the Russians and the Georgians as well as the small number of Georgians who used the internet at this time. As this contemporary example of cyber-warfare is inconclusive at best, other evidence is required to determine the utility of cyber-operations.

The Russian-Georgian conflict may not clearly demonstrate the utility of cyber-operations but the concept of a denial-of-services attack to deny the situational awareness of an adversary’s headquarters is not unsound. This idea is the same as conventional jamming of military communications, which has been used with considerable effect since the First World War. The denial-of-services attack did force the Georgians at the political level onto alternate communications networks,8 which could also occur if a military force was to use comparable communication technology at its operational headquarters. Modern militaries are doing just this under a new concept of networked warfare.9 These military organisations are integrating traditional radio communications with TCP/IP technologies to create a local network for military communications that is not unlike the internet. As such, a denial-of-services attack could be used to deny a headquarters’ its situational awareness, providing a measurable advantage to the aggressor. However, it must be noted that part of the success of the Russian denial-of-services attack was due to the Georgian internet architecture. This network architecture was not dynamic or adaptable as it had all of its international connections routing through Russian switches, providing single geographic points of failure for the overall network. Ever since the 2007 Estonian cyber-attack,10 the international community has been developing robust network architectures and practices aimed at handling similar denial-of-service attacks. It would be a fair assessment that modern militaries are aware of the risk of poorly designed networks and would be practised on the actions


8


to take if the network is attacked. If this assessment is accurate, a denial-of-services attack may not provide the anticipated measurable advantage and would be of questionable utility to an engaged military force.

Access Another theoretical use of cyber-operations to influence the land campaign is to remotely access modern weapon systems and either deactivate or gain control of the system. If this was to be applied reliably, the attacking force would be able to turn its opponent’s weapons against them and thus gain a significant advantage in the conventional battle. One such weapon system that is commonly assessed to be vulnerable is the UAV, or drone, which has been used in modern conflicts to conduct remote strikes. Compromising a military’s UAVs is not quite as unbelievable as it first appears. This technology has some inherent design flaws enabling them to be hacked, as demonstrated by Petrovsky.11 This problem does not have a straightforward solution due to the challenges of securing control systems.12 Thus, it can be reasonably assumed that a more advanced weapon system could be vulnerable to a sophisticated attacker who has the requisite knowledge and technology. If this were to be successfully applied against an opposing military force, the cyber-attack would provide a significant military advantage, reducing the opponent’s firepower and potentially gaining firepower in the trade. This idea of exploiting weaknesses in a control system is suspected to have been used by Israel in 2007 when it conducted an airstrike on a Syrian nuclear facility, allegedly deactivating Syria’s radar defence network using a cyber-attack.13 The truth of this is impossible to ascertain but, as research laboratories are demonstrating, new system vulnerabilities are continually being identified. Thus, it is reasonable to assume that some military technology may have similar vulnerabilities waiting to be exploited. This assumption is based on the precondition that the adversary is able to identify the vulnerability and develop an exploitation for it; a process that is likely to take considerable time.

As the contemporary example of cyberpower supporting a military force is inconclusive, theoretical examples of the potency of cyber-operations have been examined. These examples have demonstrated the potential of cyber to be of use to a military force, provided the military is using a modern doctrine of networked warfare and has unknown vulnerabilities in its system. However, this is only half the story, because for a capability to be truly useful to a military force it must not only be able to generate a desired effect but


9



must also be able to be used in a timely and responsive manner. That is to say, unless a capability can be used when and where a commander wants, it has minimal utility supporting a military force.

One factor that undermines the useability of cyber-operations is the ability for the attacker to gain access to the opposing military force’s network and be able to utilise its chosen cyber technique. All the examples mentioned have relied on the universal connectivity of the internet to gain access to the target network in order to exploit it. This is not the case with military networks as the outcomes of the ‘Conficker’ virus on French naval jets in 2009 highlighted. Following the discovery of the virus, the French government re-designed its networks, preventing them from connecting to civilian networks.14 This trend has been repeated by several modern militaries, suggesting that for offensive cyber-techniques to have utility they must be able to first gain access to their target network. This could theoretically be achieved by connecting a re-transmitter or repeater to the military network; an activity that could be achieved by a Special Forces unit. This may be successful but still carries risk in sending highly trained soldiers in close proximity to an area that is likely to be closely guarded. Another technique that could be employed to bridge the air gap is copying the malware onto a USB and leaving it to be connected to the network by some feat of deception or human nature. This technique is what was likely to have been employed to bridge the air gap by the ‘Stuxnet’ virus in 2010.15 However, as the ‘Stuxnet’ virus demonstrated, using this technique has a large signature, increasing the likelihood of detection, and takes considerable time to attack the intended target.16 Access to the target network is a significant challenge for the attacker to overcome in order to employ offensive cyber techniques. However, given enough time or acceptance of risk, this can be overcome and should be a significant consideration, not an obstacle, to the utility of cyber-operations.

The question of access to a military system highlights another limiting factor of cyber-operations that directly impact their utility: the idea of responsiveness. Conventional military operations are dynamic in that they are constantly changing, the successful commander being the one who can change and adapt quicker than his or her opponent.17 This is difficult to achieve with cyber-operations due to the time a successful operation takes to conduct. Cyber-operations require a large amount of intelligence of the target network, as well as time to program attacks and find vulnerabilities


10


in the target system.18 This was demonstrated in the Russian-Georgian case in which some of its code was developed years before the actual attack.19 This is an extreme example but it does highlight the amount of time required to execute a successful attack. The lack of responsiveness is made even harder if there is no continuous physical connection to the target network, as would be the situation if the USB technique is used as in the ‘Stuxnet’ case. This is because the entire code will need to be written prior to injecting it into the target system. This limitation does not lend itself to a constantly changing battlespace, particularly one that is contested with trained operators looking for malicious code as they defend and maintain the operability of their military equipment. Cost

Another consideration for the utility of a military capability is the ability for stakeholders to gain access to that capability. This concept is best demonstrated by the recent conflicts in Afghanistan and Iraq where relatively cheap improvised mines were used with great effect on the battlespace. In this regard, cyber-operations can be seen to be a clear winner as they have a relatively low cost of entry as many lone actors utilise offensive cyber techniques. This has been demonstrated by the attack on the Australian sewage network in 2001 where a lone actor, using no more than a laptop and wi-fi connection, was able to conduct an act of cyber-terrorism.20 This attack was conducted on a civilian system which did not have the security precautions a military network would have likely had but it did illustrate that for its cost, the cyber-operation could have a significantly greater effect. Even when we upscale this to a military example, such as ‘Stuxnet’ which is estimated to have cost around $10 million,21 a cyber-operation is still quite inexpensive compared to the conventional military alternative. The low entry cost level of cyber-operations is a significantly positive consideration when considering its utility, as it has the potential to enable small state, and possibly even non-state, actors to compete with global powers.

As mentioned, the overall objective in a military operation is to convince or coerce an opponent towards a particular course of action. The ability for a capability to generate a coercive effect is another consideration for cyber- operations’ overall military utility. Cyber-operations have several distinct limiting factors when used as a coercive tool. First, for coercion to work, the threat must be credible. This is not easy to achieve with cyber-tools, as once


11



a tool is demonstrated it is likely that a defence or copycat weapon will be produced.22 Consequently, the very act of demonstrating a cyber-weapon may prevent that cyber-weapon from being utilised again, undermining any coercive affect. Additionally, once damage is inflicted, it may take a couple of weeks to repair the damage, which further undermines cyber-tools being used to coerce an adversary. The inability of cyber techniques to be the defining weapon in a military operation is underlined by the consideration that it was not the denial-of-services attack which convinced Georgia to cede to Russia, nor did ‘Stuxnet’ convince Iran to cease its nuclear program. However, another aspect of coercion is not the threat of the action but how that action influences an opponent. The threat of cyber-operations could generate a response of militaries not following the modern techniques of networked operations. If this were to occur, cyber-operations would have generated a measurable supporting effect on the battlefield as they would have compelled the adversary to fight using less than optimal tactics. Cyber-operations may not be able to generate a measurable effect through traditional coercion but they could be useful as a form of psychological warfare, which is another positive consideration when assessing the overall utility of cyber-operations.

A final consideration of a capability’s utility is the cost of using that capability. This can be illustrated by nuclear weapons, which could be considered to have no utility at the operational level of warfare because of the collateral and moral damage of using the weapons. Similarly, cyber-operations can be considered to have an intrinsic cost in their use. This can be seen in the collateral damage they cause, as demonstrated by ‘Stuxnet’, which is considered to have infected over 30,000 computers.23 However, it should be considered that if a military is operating a closed network, there is a reduced likelihood of collateral damage. Another hidden cost of using cyber-weapons is, once utilised, there is the potential for them to be reverse-engineered and used against the attacker. This threat illustrates the potential for collateral damage to limit the usability of cyber-operations, at least while the military operation is relatively balanced, as desperate commanders commonly accept greater risk. Conclusion

This analysis has shown that militaries are increasingly taking up technologies that, in civilian use, have demonstrated vulnerabilities to cyber-


12


attacks. It was further safely assumed that similar techniques demonstrated on civilian infrastructure could be used in a military setting to generate a measurable advantage to the attacking force. However, for this utility to be realised, limiting factors will need to be overcome, such as the ability to access the target network; the ability of cyber soldiers to rapidly respond to a changing battlespace; and the potential for cyber weapons to be turned on their users. These limiting factors were then balanced with the potential psychological effects of cyber-operations as well as their availability to all sizes of military forces. Overall, cyber-operations have the potential to significantly alter the balance within a military operation, if the commander is willing to take on the risk of their use. This risk, compared to the reward, is likely to increase as the trend to more technology continues. The overall utility of cyber-operations is neatly surmised by former FBI chief Jim Settle, when he stated: ‘You bring me 10 hackers and within 90 days I will bring this country to its knees’.24


13



About the AuthorCaptain Lachlan Abbott is undertaking a Masters degree in Cyber Security at the University of New South Wales. He has experience within the military with deploying and managing digital networks.

Endnotes1. EL Bonner, 2014, ‘Cyber Power in the 21st Century Joint Warfare’, Joint Force

Quarterly, Vol. 74, 1 July

2. T Feakin and B Schreer, 2014, ‘Australia and ‘Cyberwar: Time for a measured debate’, The Strategist, 11 March

3. C Clausewitz, On War, Howard, Michael; Paret, Peter, Princeton University Press, p 87

4. Mandiant, 2013, APT1: Exposing One of China’s Cyber Espionage Units, Mandiant, p 25, at: https://www.fireeye.com/content/dam/fireeye- www/services/pdfs/mandiant-apt1-report.pdf

5. A Segal, 2016, ‘The Top Five Cyber Policy Developments of 2015: United States-China Cyber Agreement’, Council on Foreign Relations, 4 Jan, at: https://www.cfr.org/blog/top-five-cyber-policy-developments-2015-united-states- china-cyber-agreement

6. J Bumgarner and S Borg, 2009, ‘Overview by the US-CCU of the Cyber Campaign Against Georgia in August of 2008’, Project CyW-D, University of Utah, at: http://www.projectcyw-d.org/resources/items/show/138

7. Bumgarner and Borg, 2009


9. National Research Council, 2005, ‘Networks and the Military’ in Network Science. Washington, DC, The National Academies Press, p 19, at: https://doi.org/10.17226/11516

10. European Parliament, 2014, ‘Cyber defence in the EU: Preparing for Cyber warfare’, Briefing, Oct 2014, p 2

11. K Jain, 2015, ‘Design Flaws Make Drones Vulnerable to Cyber-Attacks’, The Hacker News, 3 Oct, at: https://thehackernews.com/2015/10/drone-hacking.html

12. D Kuipers and M Fabro, 2006, ‘Control Systems Cyber Security: Defense in Depth Strategies’, Idaho National Laboratory, May, p 8 at: https://inldigitallibrary.inl.gov/sites/sti/sti/3375141.pdf

13. R Flemming, 2010, ‘Bits Before Bombs: How Stuxnet Crippled Iran’s Nuclear Dreams’, Digital Trends, 2 Dec, at: https://www.digitaltrends.com/computing/bits- before-bombs-how-stuxnet-crippled-irans-nuclear-dreams/

14. K Willsher, 2009, ‘French fighter planes grounded by computer virus’, The Telegraph,

13


7 Feb, at: https://www.telegraph.co.uk/news/worldnews/europe/france/4547649/French- fighter-planes-grounded-by-computer-virus.html

15. Flemming, 2010

16. F Schreier, 2015, On Cyberwarfare, DCAF Horizon Working Paper No 7, pp 88- 89

17. J Boyd, 1987, A Discourse on winning and losing, Unpublished brief, at: https://danford.net/boyd/

18. Schreier, 2015, p 89


20. J Hayes, 2003, ‘Australia’s National Information Infrastructure Vulnerabilities to Cyberterrorism’, Signalman, Autumn/Winter

21. Flemming, 2010

22. Libicki, M, 2009, Cyberdeterrence and Cyberwar, RAND: Project Airforce, p 141

23. Flemming, 2010

24. Hayes, 2003

14



15

Examining the Australian Army Adaptation to Cyber-enabled Warfare – Organisational and Cultural Challenges

Captain J

Abstract The Australian Army has lagged behind the best armies in the world when it comes to the uptake of cyber-technology. This paper aims to fill a gap in the discussion on the topic by examining why this is the case, in the context of organisational culture and the dilemmas of emerging technologies throughout history. Militaries, as a subset of organisational cultures, carry a unique set of considerations and attitudes towards innovation, born from the nature of their duties. Where there are no fundamental reasons for rejection of a technology or technique by a military force, then other factors such as organisational leadership and change management practices must be considered.

The Australian Defence Force (ADF), like dozens of other militaries across the world, has been profoundly affected by the so called Revolution in Military Affairs (RMA). Adaptation to the effects of the information revolution has varied across the ADF. The Royal Australian Air Force and Navy both have histories rich with experience in Information Operations (IO)—ranging from early cryptographic endeavours to Electro-Magnetic Spectrum operations—and have been on the frontier of Computer Network Operations



Examining the Australian Army Adaptation to Cyber-enabled Warfare - Organisational and Cultural Challenges

(CNO). Embracing widespread information-age capabilities has been a small and natural leap for these services whereas the Australian Army has faced a steeper learning curve. This article contributes to the discussion around the Australian Army’s adaptation to the information revolution. It will first outline the key indicators of performance by a service in pursuit of being functional and potent on the cyber-enabled battlefield and second, examine what organisational barriers exist for fundamental and useful adaptation to the modern operational environment. The State of Play

The Australian Army has grappled with the complexities of the digital information environment for the last seventeen years.1 The Army has been a low priority for the ADF to engage at a low level with cyber capabilities, possibly due to the lack of platforms at its disposal for dedicated cyber-operations. The adoption of cyber capabilities can be measured through proxies such as dedication to training, cyber-readiness of future platforms and the human resourcing schemes of the force.

The Australian Army does not dedicate any meaningful portion of its training resources to studying information on cyber-related activities. An Army officer attending the mandatory training continuum from Staff Cadet to Major undergoes 10,927 periods of professional instruction of which only two periods are solely dedicated to the study of information activities and dominance (All Corps Majors Course).2 There are some components of this continuum which may incidentally include mention of information activities, such as the targeting process, but those topics are unlikely to provide a deep understanding of the growing importance of the information environment in tactical warfare. The procurement efforts of the Army are similarly sparse in detail about cyber-readiness. Armoured vehicles form the backbone of much of the land power that Australia can project. The user requirements for the development of Army’s future fleet of armoured vehicles (LAND 400) makes mention of being ‘networked at the lowest level’ for the purposes of coordinating fires and linking the Battle Management System.3 However, there is no stipulation about the platform’s ability to defend itself from cyber-attack or support Australian information operations. Finally, the Australian Army lacks a cogent plan for the workforce required to render effective cyber-enabled war. It is the author’s opinion that the Army currently views and treats cyber-operators as a ‘niche capability’. The personnel

16


Examining the Australian Army Adaptation to Cyber-enabled Warfare - Organisational

and Cultural Challenges


involved have little opportunity to demonstrate their abilities to the wider Army, a factor which will be discussed in more depth later in this paper. All of this amounts to an Army that relegates its informational power to a small group of technically skilled people, and the benefits of the information era have not penetrated the wider organisation with any great depth.

By contrast, the US Army appears more developed against the same measurements. Detailed information regarding the quantity of training time allocated to the topic is not readily available in the public domain however the US Military Academy (West Point) has a pronounced sentiment regarding integration of cyber capabilities; namely that there is an enunciated need for ‘understanding by every soldier’.4 Additionally, the establishment of numerous centres for cyber-education and training such as the Army Cyber Institute as part of West Point and the Army Cyber Center of Excellence represent a specific interest in the capabilities by the land force. The US Tank Automotive Research Development and Engineering Centre (TARDEC) is the standing body responsible for armoured vehicle development. One of its component teams, the Tactical Cybersecurity Engineering Team (TCET), is specifically dedicated to ‘directing and coordinating cybersecurity activities for tactical system development’.5 The US Army also has a well-established stream for recruiting and managing its cyber operations personnel, with streamed trades and structures integrated at the tactical level.6 7 The net result of these initiatives is a cyber-savvy and well enabled force across the spectrum of trades and operations, positioning it as a force that is well prepared for land combat in the information era.

The Australian Army is behind the trend in its ability to fight into the cyber- enabled wars of the post-information revolution world when compared with other developed countries’ national land forces. While elements of the Australian Army (Special Forces, for example) can be assumed to be already using relatively advanced cyber capabilities as part of their joint and interagency roles, the wider Army currently lags behind the pace of the training, procurement and human resourcing that can be observed in the US Army. Information on other prominent militaries such as China, Russia and the United Kingdom is less forthcoming than that of the United States, but it could be expected that they are equal to, or at least on the heels of, the United States.8 Given that Australian operations doctrine emphasises the requirement of the Army to generate momentum through superior decision making tempo, the Army has a vested interest in capitalising on the digital

17



information environment at all levels.

Comparison with Allied forces serves as a useful tool in evaluating not only the degrees of uptake (as the above section has) but the inherent characteristics of the organisations that effectively allow, or disallow, innovation to occur. Military Innovation and the Concept of Honourable War

One possible explanation for the Army’s lag in keeping pace with cyber- enabled warfare trends is that the key tenets of the information revolution (as the driving force behind cyber-enabled war) do not integrate well with the values of the Army and therefore the concept has been rejected on cultural grounds. One of the key determining factors in the success of a military undergoing innovative change is the independent culture of the target organisation.9 ‘Culture’ can be defined as:

A pattern of basic assumptions—invented, discovered, or developed by a given group as it learns to cope with its problems of external adaptation and internal integration—that has worked well enough to be considered valid and, therefore, to be taught to new members as the correct way to perceive, think, and feel in relation to these problems.10

One observer—Andrew Hill, in his paper ‘Military Innovation and Military Culture’—neatly sums up the underlying principle of the definition as ‘culture is a theory of what works’.11 Shared and individual experiences are of primary importance in the shape of culture to specific organisations. For the current Australian Army, this is influenced heavily by operations in the Middle East since 2001, Timor-Leste, Humanitarian Aid and Disaster Relief (HADR) tasks and, to a lesser extent, the Vietnam War. The culture of a military and a transformative change can clash in a number of ways.

Hill posits that the notion of ‘honourable warfare’ is an ‘inextricable component of the military profession’ and that the cultural component of honourable warfare can be described by the dimensions of three beliefs: courage, justice and the prevention of violence against civilians.12 Militaries are unlikely to adopt a change that sees the notions of the nature and use of physical courage change. There is a key link in this idea with the

18





necessity of danger. Hill observes that altering the sense of courage derived from the danger of combat can be a basis for militaries to reject innovative concepts. One example in the modern era can be found in the segregation of Unmanned Aerial Systems (UAS) operators from the traditional pilot community. For example, UAS pilots are not eligible for the many awards and decorations available to traditional pilots in Australia. In the United States, the UAS pilots are paid less than traditional pilots and their flight hours are not credited for career advancement purposes.13 While the battlefield effect of both roles is comparable, if not equal, UAS pilots conduct their duties from a position of relative safety and as such have not been readily accepted into the pilot fraternity.14

Hill also observes that modern militaries believe that a sense of justice should be maintained in battle, a concept that is antithetical to the common conception of the Army’s ‘ruthless will to win’.15 He notes that militaries deem unjust the innovations that see them or their opposing combatants placed in positions where they are completely unable to fight back or defend themselves against the new technologies and/or techniques. The development and emergence of submarines in naval warfare is a demonstration of this idea. In 1930, the act of a submarine attacking a surface vessel was deemed to be so unjust, due to the latter’s inability to defend itself against the threat, that the London Naval Treaty was struck which attempted to regulate the use of submarines in war. The agreement saw that the signatory nations (of which there were five) were required to ensure that the crews of merchant vessels were delivered to safety before their vessels were sunk by submarine.16 This requirement essentially rendered null the stealth advantage afforded by submarines in the first place. Hill notes that submarine warfare became less restricted as submarine countermeasures were developed, such as sonar, depth charges and aerial surveillance; the combatants had a better ability to defend themselves against the threat.17 Finally, Hill discusses the effects of an innovation in terms of the unintended effects against civilians.

Technologies or techniques that increase the probability of violence against civilians are likely to be rejected by military forces.18 The beliefs of courage, justice and preservation of civilian safety in war, as a part of the military values of honourable war, are directly relevant to critical analysis of the Army’s uptake of fundamental cyber-technology.

19



20


Consider some plausible scenarios from a cyber-enabled land battle of the future. The way in which armoured vehicles will engage in combat is likely to change dramatically. For example, the engagement will commence well before the vehicles can see each other through attacking one another’s information environment. This could happen in a number of ways. For example, at the operational level, cyber-warriors could be acting upon the enemy’s command and control and intelligence, surveillance and reconnaissance systems. This could see the enemy communications disrupted, or even altered, to the Australian advantage. Such actions may be a part of a bold plan to change the actions of the enemy through manipulation (say, amending grid references in a distributed set of orders) or a more subtle effect of selecting key information to withhold from certain personnel in order to impose friction or reduce trust in their systems. Furthermore, key pieces of infrastructure could be targeted, such as flight radar systems, power grids or fuel delivery to impose further friction on enemy operations. These types of effects will be at the behest of the operational commander, probably a commanding officer of a unit or the brigade commander, to nest within the overall manoeuvre plan to undermine the enemy’s centre of gravity.

At the tactical level, armoured vehicle units will employ cyber-capabilities differently. Experts in cyber-based techniques will accompany commanders at the combat team level and below, with the skills and basic equipment to detect, disrupt and disable critical systems in enemy armoured vehicles. In much the same way that observation posts and sniper teams are used, the soldiers will be able to provide commentary on their observations and some precise targeting effects. For example, such a team could assist an Australian attack through isolating a forward vehicle from its support by disrupting its communications, reporting its location and manipulating key systems (eg engine electronics, gunnery or crew systems such as hatch locks/climate control) precisely at H-hour.

Well-trained and well-equipped teams could conduct these actions on groups of vehicles simultaneously, effectively meaning that the Australian assault is a matter of fighting through a series of neutralised vehicles without a shot being fired. Naturally, these teams would likely be engaged in defence against the same techniques as well. Scenarios such as those outlined above are some small demonstrations of a broad and flexible set of technologies and techniques involved in the cyber-enabled land battle. The



21



cases outlined here are not a concoction of fiction as there are documented cases of the same techniques being used, albeit in different circumstances. The suspected Russian testing of GPS-spoofing techniques in the Black Sea demonstrates the immediacy of this reality, as an entire fleet of merchant ships was misled by disrupted GPS readings.19 The full extent of the capabilities are not widely understood across the Army, as discussed in the first part of this paper.

Evaluating the above scenario, and the adaptation of the same principles to war fighting activities of a lower intensity (eg counter insurgency and hybrid warfare), against the three beliefs of honourable warfare allows analysis of the Army’s cultural acceptance of cyber capabilities. First, the nature and use of physical courage remains largely unchanged; that is to say that battles will still be won and lost in the close fight. Although the operational focus has shifted to forms of war that are low intensity, such as counter insurgency, the character of physical courage has not. While the specific acts undertaken by soldiers on the counter insurgency battlefield are different to those during the Second World War, the need for daring and decisive actions in the face of adversity remains. The link between the courage of combat to the identity of Australian Army units has not been diminished by the advent of cyber-enabled war, and consequently it is not likely that the Army has or will find reason to reject the innovation on those grounds.

The justice of war however, is possibly a concern for Army. The Army has often been engaged in missions where the adversary is technologically inferior; for example, in the Timor and Afghanistan campaigns. While consideration of combat against near-peer enemies should be the highest concern for a military force, the culture of the Australian Army (that is ‘the theory of what works’) is imbued with lessons from the aforementioned campaigns. The perceived injustice of utilising advanced cyber-capabilities against actors with very rudimentary abilities to protect themselves may be a source of friction in the Army’s uptake. However, any resistance of this kind is not likely to be insurmountable. The Army has a well-honed sense of the need to remain prepared for the full spectrum of threat scenarios, including high intensity war against a near- peer enemy. This has been demonstrated systematically over the last decade of force generation cycles and major exercises such as ‘Exercise Hamel’ and ‘Talisman Sabre’ with campaign-specific training usually only being introduced as a part of Mission Readiness


22


Exercises. Furthermore, the perceived injustice of using cyber-technologies and techniques against non-advanced adversaries is likely to be offset by the reciprocal injustices of technologies such as Improvised Explosive Devices and techniques such as insider attacks. Because of these reasons, the generalised uptake of cyber-enabled warfare is not likely to be inhibited by a lack of ‘justness’ in the technologies and techniques involved.

The ‘effect on civilians’ component of Hill’s model may be of the most concern in this discussion. With wars increasingly likely to be fought in urban areas, civilian infrastructure is likely to be used for military purposes.20 Cyber-based effects on that infrastructure are highly unlikely to be able to determine the difference between civilian and military use for exclusive military disruption, therefore having unintended or undesirable effects on the local population. Such effects have been shown to be dramatic and dangerous for urban populations, having been linked, for example, to civilian suffering in countries such as Georgia, Estonia and the Ukraine during Russian military actions.21 At the lower end of the intensity spectrum, civilians are affected by the use of cyber-operations primarily in the use of the technologies and techniques of the targeting process.22 In a counterinsurgency campaign where adversaries live and operate under the guise of being members of the general population, it is impossible to collect only against legitimate targets due to the difficulty in determining the identity of those targets in the first place and their probable attempts to counter the techniques used. This means that collection against key family members and friends may be necessary, or incidental, to the gathering of important information on insurgents. This part of the discussion ties in closely with the justice argument, as a non-participant (say, an insurgent’s cousin) may be unaware of the need or process for proper security and may inadvertently compromise his or her relative. A scenario like this removes the individual’s choice in participation in the fight; an unintended effect on the civilian population that Hill says can be a serious barrier to innovation in militaries.23 Furthermore, the nature of collection technologies is such that even if an individual is specifically collected against, the capture of unrelated data from key nodes is necessary to ensure that the intended information is not corrupted. This means that entirely unrelated people may have their information collected and stored without their knowledge or consent. This practice may clash with standing legal and ethical practices of the Army depending on the circumstance, which may in itself, prevent resistance to the change.



23



Many of the unintended effects against civilians brought about by the revolution of cyber-enabled war are manageable although sensitive. In high-end conflicts, the use of military force to disrupt the use of civilian installations by Australia’s enemies has been tolerated, in some cases (such as Second World War area bombing) in very extensive ways with a great deal of suffering by civilian populations.24 Cyber-warriors provide land force planners greater fidelity in pursuing these effects and allow for far more flexibility in the recovery of the infrastructure after the military need to disrupt its use has concluded. On these grounds, a limited resistance to the concept would be expected. In lower intensity war activities, the effects of cyber-operations on unintended civilians are likely to be tolerated due to the non-lethal effects of the actions. Provided that data capture is conducted on a responsible/necessary scale, it is likely that the Australian Army would support the methodology, much as the Australian community supports the online collection of information to solve major crime.25

The degradation of the concept of honourable war has been a strong, historical reason for a military to reject innovation. The cultural dimensions of honourable war are the nature and use of physical courage, the sense of justness in combat and the consideration of the prevention of violence against civilians. The Australian Army does not face a dramatically negative shift from its history or conceptualisation of honourable war by the introduction of cyber-enabled warfare technologies and techniques.

Therefore, under this model, it can be said that the Australian Army’s lag behind the trend of cyber-enabled land power is not due to some fundamental or cultural disagreement with the principles and realities of the capabilities. Certain inhibitors do exist, particularly around the most recent individual and collective experiences of the force on operations, but in general there is no discernible, deep-seated reason for its rejection Organisational Leadership and Implementing Change

Given that there is no compelling argument for the cultural rejection of cyber-enabled warfare techniques within the Australian Army, the reason for the lag in uptake must lie elsewhere. One alternative explanation could be that there is a lack of understanding of the need for change or that such change has not been implemented effectively. Transformation efforts within organisations can fail for a wide variety of reasons, most principally through


24


inadequate or inappropriate implementation measures. Dr. John Kotter’s seminal work, Leading Change: Why Transformation Efforts Fail, offers a distilled list of poor change implementation practices by leaders.26 The list serves as a useful tool in analysing the Australian Army’s lag in cyber uptake.

Dr. Kotter outlines the need for leadership to establish a ‘great sense of urgency’ in the transformation. He notes the need for honest discussion about performance relative to that of competitors.27 Recent weak performances are useful talking points here but recent strong performances can make the proposed change seem unnecessary. The Army suffers from this effect as it has enjoyed significant operational success recently without the use of the proposed capabilities. As such, there is no strong impetus for the change and the purveyance of cyber-capabilities is viewed as the so called ‘solution without a problem’.

Dr. Kotter goes on to explain the importance of a ‘guiding coalition’ which creates a critical mass of support to develop a shared commitment to the renewal.28 He notes that such a group needs to draw from a broad slice of the organisation’s demographic and be permitted to be active outside usual hierarchal rigidity and protocol. Such a group has not clearly emerged within the Australian Army senior leadership to champion cyber technology and direct the Fundamental Inputs to Capability. Building constituencies of users to engage in the development process is a key component of a coalition and the collective should include members of all ranks and trades.29

The small core of cyber-trained personnel the Army does have are often (if not, always) posted into positions within organisations external to the conventional Army. The resultant message to the wider Army audience is that cyber-operations are not within the remit of the Army and the key people in the guiding coalition have very little contact or influence.

Furthermore, because the Army, as with most militaries, is reliant on its rigid structures, the precedent for activity outside of these bounds is limited by the nature of the organisation.

The need for a clear, simple and bold vision is the third component of Dr. Kotter’s list.30 He makes note of the distinction between a vision and a strategy, and that an inappropriate vision will often devolve into a series of incompatible projects and directives that achieve short term gains but do not progress the organisation towards the desired end state.31 The Army is guided by numerous political and strategic concepts at ADF HQ and higher.



25



The Defence White Papers are an amalgamation of the government’s vision and strategy for the future of the ADF. The 2013 Defence White Paper made vague statements about the generation of cyber-power for our forces generally but showed little appreciation of the transformational nature of the information era.32 This paper is crucial in shaping the ADF’s, and therefore the Army’s, efforts towards being ready for cyber-enabled war. Interestingly, the Future Land Warfare Report 2014,33 as a single-service document, demonstrates a relatively advanced appreciation of cyber-enabled war.34 This may suggest that there is a lack of appropriate vision at a level higher than Army which is hindering the successful integration of the capabilities in question. In this case, the ADF runs the risk of producing multiple parallel, but incoherent, plans by its component Services, which will require significant rework and restructure in the future.

A continued lack of clear vision for the cyber-enabled land force will result in Army remaining behind the pace. Recent developments inside the ADF, such as the raising of the Information Warfare Division and Joint Cyber Unit, may represent some progress that will remedy the issues raised in this article. However, without a decisive and broad leadership effort the Australian Army will continue to fall further behind the best armies in the world, and eventually, its adversaries too. Conclusion

The Australian Army’s lag in the adoption of cyber-enabled warfare capabilities is a critical detriment to the ability of the Army to win the land battle. The small but agile force relies on its superior decision-making abilities to generate tempo and defeat its enemies, yet has not taken full advantage of information age technologies to preserve that advantage on the battlefield. There are limited cultural barriers to effective integration of the capabilities—for example, the recent experiences of troops on operations—but none are fundamentally insurmountable. The nature of possible cyber-technologies and techniques are such that they should be expected to be supported by a modern and innovative Army like the Australian Army. Organisational leadership functions at many levels are a key area for improvement by both the government and the ADF, particularly in the need for a clear, simple and bold vision for the future; the effects of which are exacerbated by a lack of champions and constituencies in favour of the component parts of the capability. A strong focus on the vision and change management elements of the problem will allow commanders across the


26




Army to align their education, human resourcing and procurement efforts, promoting an effective adaptation to cyber-enabled war.

About the AuthorCaptain J is currently undertaking study in the field of Cyber Security with University of New South Wales/Australian Defence Force Academy.

Captain J’s service background is in Combat Engineering.

Endnotes1. Parliament of Australia, 2000, Defence 2000: Our Future Defence Force (2000

Defence White Paper), at: https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentar y_Library/pubs/rp/rp1516/DefendAust/2000

2. Figures are the result of data analysis from the Learning Management Packages (FOUO or lower): General Service Officer Commissioning Course, All Corps Captains Course, All Corps Majors Course, Available on DRN

3. Department of Defence, 2011, Army User Requirement - Land 400 Land Combat Vehicle System (Version 1), p 4

4. K Curthoys, 2017, ‘Two-star: Every soldier must be a cyber defender’, ArmyTimes, 22 Oct 17, at: https://www.armytimes.com/news/your-army/2017/10/22/two-star- every-soldier-must-be-a-cyber-defender/

5. TARDEC, 2014, TARDEC Capabilities, at: https://www.army.mil/e2/c/downloads/359119.pdf

6. US Go Army, 2017, Can You Make the Cut?: US Army Cyber Warrior, 27 Mar 17, at: https://www.goarmy.com/videos/play/can-you-make-the-cut-us-army-cyber- warrior.html

7. S Gallagher, 2017, ‘DOD needs cyberwarriors so badly it may let skilled recruits skip boot camp’, ARSTechnica, 5 Oct 17, at: https://arstechnica.com/information- technology/2017/05/dod-needs-cyberwarriors-so-bad-it-may-let-skilled-recruits-skip- boot-camp/

8. As a general overview of Russian uptake, see Connell and Vogler, 2017, Russia’s Approach to Cyber Warfare, Center for Naval Analyses, March

9. A Hill, 2015, ‘Military innovation and military culture’, Parameters, Vol 45, Issue 1, p 85

10. E Schein, 2010, Organizational Culture and Leadership, 4th edition, John Wiley & Sons, p 17

11. Hill, 2015

12. Hill, 2015

13. P Singer, 2009, Wired for war: The robotics revolution and conflict in the 21st century, Penguin, pp 363-364

14. Hill, 2015

27




28


Transforming Army’s Logistics Capabilities through Emerging Big Data Analytics -

Challenges and Opportunities

15. Hill, 2015

16. International Committee of the Red Cross, 1930, Treaty for the Limitation and Reduction of Naval Armaments, (Part IV, Art. 22, relating to submarine warfare), 22 April 1930

17. Hill, 2015

18. Hill, 2015

19. D Hambling, 2017, ‘Ships fooled in GPS Spoofing Attack Suggest Russian Cyberweapon’, New Scientist, 10 Aug , at: https://www.newscientist.com/article/2143499-ships-fooled-in-gps-spoofing-attack- suggest-russian-cyberweapon/

20. The Australian Army, 2014, Future Land Warfare Report 2014, April 2014, p 9

21. S Shackelford and R Andres, 2010, ‘State Responsibility for Cyber Attacks: Competing Standards for a Growing Problem’, GeoJournal International (L), Vol 42, p 971

22. This reference refers to artillery. The targeting process is similar across many functions. See Australian Army, LWD 3-4-1 Employment of Artillery, Section 3-4

23. Hill, 2015

24. R Schaffer, 1980, ‘American Military Ethics in World War II: The Bombing of German Civilians’, The Journal of American History, Vol 67, Issue 2, pp 318–334

25. Office of the Australian Information Commissioner, 2017, Australian Community Attitudes to Privacy Survey 2017, May, p ii

26. J Kotter, 1995, Leading change: Why transformation efforts fail, p 59-67

27. Kotter, 1995

28. Kotter, 1995

29. B Berkowitz, 2014, ‘Sea Power in the Robotic Age’, Issues in Science and Technology, Vol 30, Issue 2, pp 33-40

30. Kotter, 1995

31. Kotter, 1995

32. G Austin, 2014, ‘Australian Defence Policy in the Information Age’, Submission for the 2015 Australian Defence White Paper, 22 Sep, p 3

33. The Australian Army, 2014, Future Land Warfare Report, April, p 9

34. Austin, 2014

29

Transforming Army’s Logistics Capabilities through Emerging Big Data Analytics – Challenges and Opportunities

Major Keyurkumar Patel

‘The problem has never been that the issues relevant to logistics transformation have remained unknown. Rather the problem has been the manner and means by which change is implemented.’

Lieutenant Colonel David Beaumont

Abstract

The key to a strong military organisation lies not only in its combat power, but also in its ability to generate logistic and battlefield intelligence, and effectively use it to make timely decisions. In the event of a war, soldiers with different equipment, vehicles, and communication systems are deployed and the battlefield situation is monitored using several information systems. The faster a military can analyse, interpret, and make decisions from the information, the faster it will be able to respond to the threats it faces. Big Data Analytics, commonly known as Big Data, has a potential to transform



Transforming Army’s Logistics Capabilities through Emerging Big Data Analytics - Challenges and Opportunities

30


Army’s business, and Army needs to harness its benefits in order to bolster its Combat Service Support (CSS) capability. Introduction Big Data 1 is defined as a large, complicated volume of data, whether structured or unstructured, that inundates business operations on a daily basis. Big Data consists of data sets that are so huge and complex that the customary data processing applications would not adequately handle them. The concept of Big Data can be understood through the description of the ‘Four Vs.’ 2 First, Volume – whereby organisations collect large data from a variety of sources such as financial transactions, business dealings, and social media platforms. Second, Velocity – where data streams in at an unknown speed, which has to be handled in a timely fashion. Third, Variety – where data can be structured or unstructured, and come in many forms, such as numeric, audio, video, and even mail. Finally, Veracity – where data extracted from several sources needs its veracity to be verified.

The contemporary age of budget austerity exerts unrelenting pressures on key Defence decision makers. 3 One of the crucial elements to a successful military operation is the provision of superior logistics capability. Military logistics relies strongly on the flow of information, materiel management, and finance. This article will posit that the adoption of Big Data in conjunction with emerging and secure technologies is crucial for military logistics operations, but that in order to do so numerous challenges must be dealt with. This article will first describe Big Data analytics and its generic military applications. It will then identify and enumerate the major opportunities that could be used for military logistics operations including its use in contemporary Defence initiatives. Finally, it will identify major challenges associated with Big Data and the use of Big Data analytics within Defence and suggest potential solutions to overcome challenges.

Big Data Techniques

Exploration and exploitation (ie analytics) of Big Data involves acquisition, cleaning, and transformation of data, the extraction of understanding of the relationships that exist in the data, and finally delivery of value from the data.4 The first Big Data technique is ‘Association Rule Learning’ which



31



is used for the discovery of interesting correlations between variables in large databases. The second technique is ‘Classification Tree Analysis’ which is used to identify the categories in which a new observation fits. The third technique is ‘Genetic Algorithms’ which are evolution functions and are used for the identification of inheritance, mutation, and natural selection data. The fourth technique is ‘Machine Learning’ which is used to differentiate between the spam and non-spam emails while determining the best content for dealing with potential customers.5 Big Data encompasses the use of predictive analysis, user behaviour analytics, and other complex data analytics techniques for the extraction of value from data.6 Several commercial organisations utilise Big Data for consumer intelligence by using predictive analytics.7 The first type of Big Data that resides in military logistics is the structured type that is stored in the databases in an orderly manner. In military logistics, machines and humans are the two sources of structured data, and examples include global positioning system (GPS) data, usage statistics of vehicles, ships and aircraft, and health care data. The second type is unstructured data that resides in traditional column databases and which have no clear format in storage. Examples include mobile communication and geospatial data.8 Applications

Big Data can be applied to bring together data from multi-domain military capabilities, for example, data from logistics, health informatics, intelligence, information warfare, financial management, human resources, and geospatial system and space management; however, Big Data cannot be used to generate new plans for predicting the future with a higher level of certainty.9 Big Data could enable military planners to use data subjects that revolve around equipment usage and inventory, maintenance of aircraft, ships and vehicles, configuration baseline management, technical directives, and supply cost to come up with a trend analysis for recurring exercises. Furthermore, for Army, enterprise- wide visibility such as where their assets are, the resources expended, the number of hours the resources were used per day, and the number of resources used per day is pertinent. Big Data can be used to uncover improper maintenance of equipment, issues in the training sessions of soldiers or any component issue. Additionally, daily readiness reporting that involves a process for messages going out daily from aircraft, vehicles, ships, or unmanned aerial vehicles can be done using Big Data.


32


When a military organisation’s applications reside on its premises, it is responsible for satisfying the regulatory compliance requirements. The military organisation may move the applications and data to a cloud- storage capability but it cannot move the regulatory compliance and duty of care to protect privacy. The first major opportunity is to use cloud computing for Big Data analytics that allows military organisations to leverage the off-premises information communication technology (ICT) function and reduce the efforts required in fulfilling regulatory compliance requirements. Cloud computing helps in de-siloing quality and compliance management across production, which leads to effective supplier audit reliability and minimised compliance reporting costs.10 Cloud computing has also helped to reduce tooling costs. Using Big Data in cloud-based systems helps to minimise tooling time and costs considerably by saving previous configurations (eg for 3D printing of spare parts). Usually, military logistics management systems analyse the information offered by the supplier database when receiving a supply mission and then proceed to evaluate the probable support capacity provided by the suppliers to the military depots by use of cloud computing systems.

The second opportunity is to use Blockchain 11 as a less mature but secure system that can be embedded within contemporary logistics information systems.12 Maersk and IBM piloted the first Blockchain program which was focused on the creation of a single digitaldistributed ledger where numerous documents related to a shipment could be stored.13 Globally, Blockchain is being piloted by several companies. For example, T-Mining piloted Blockchain to provide clearance for personnel to pick up a load in order to avoid fabricated pickups. Kouvala Innovation is trialling carrier ‘mining’ applications that would bid for the right to move a shipment using a radio frequency identification tag. This involves awarding a contract to a carrier that is the best value for money, potentially using Ethereum.14 15 However, I argue the manifold increase in the power requirement and safeguarding infrastructure to run Blockchain data warehouses without interruption would require substantial investment. But the real value would only be realised if it is implemented.16

The third opportunity is the management of a real-time health usage and monitoring system (HUMS) for soldiers. Sensors have become ubiquitous in our daily lives and they generate a high rate and scale of data. For example, Equivital created a military training system called ‘Black Ghost’ that can be



33



used to track a soldier’s location in real-time.17 Black Ghost is used with EQ02 LifeMonitor, which is a body sensor system incorporated with auxiliary data management software and a visualisation tool. It comprises a body-worn sensor device that monitors health conditions such as heart rate, respiration, activity, body temperature, and GPS data. The system can allow a commander to see if a soldier has violated a convoy or patrol order and warns the commander if any soldier shows signs of fatigue. The system also provides an alert feed which highlights incidents as they occur in the field. Commanders can log into a soldier’s activity feed and view event information linked to a specific type of order. This could be used to detect and analyse any deterioration in a soldier’s performance over a certain period. In a unit, each soldier is continually assessed to monitor contributions to the overall performance of the unit, as demonstrated by the US Army’s use of the system on soldiers operating in Iraq.18 However, I suggest that collection of real-time raw data only is insufficient to reduce levels of injuries in the field. If data from Black Ghost and LifeMonitor could also be analysed in real-time as part of the Army’s health information system, it may prevent heat injury or illness and be crucial to Army’s operations.19

The fourth opportunity is HUMS for land vehicle platforms, which promises increased vehicle usage, readiness and reliability, and reduced sustainment cost. This data is used to provide maximum vehicle availability and optimum rate of effort to allow for fleet management. In a bid to prove that the HUMS concept was viable, in early 2011,20 the Land Engineering Agency (LEA) instructed original equipment manufacturers (OEMs) to design and incorporate HUMS into four combat service platforms, namely M1A1, ASLAV, M113, and PMV. The trial was conducted on M113 and the result was promising. The trial report recommended enhancements in fleet management via automated data entry, improved operational statistics, and greater understanding of a mission. Aviation industry uses HUMS to generate diagnostic information that is required for optimum performance of aircraft. HUMS senses, monitors, and communicates maintenance needs of the critical aircraft components.21 LEA’s contemporary vehicle HUMS systems, known as ‘VHUMS’, present several benefits. I suggest, however, that if effective data management is not implemented (including automatic data collection and analytics) then the sustainment cost of land materiel remains a major challenge. Furthermore, VHUMS in its present form is perceived as a maintenance enhancement initiative under Plan Centaur.


34


If Big Data is incorporated then there is potential to gain insight on terrain analysis and operator behaviour, but if Big Data is not incorporated then the concern will remain as to whether Defence uses its vehicles safely 22 and to their best availability. Therefore, Big Data analytics could be crucial for an optimised and safe operation of Defence vehicles.

The fifth opportunity is in the lean supply-chain management. This involves a set of organisations, for instance Defence and Defence Industries, which are directly linked with upstream and downstream production flows, services, finances, and information that collaborates to minimise costs and eliminate waste in order to add value.23 I would argue that to meet military logistics’ demands requires substantial information management capability and it has to be flexible enough to be readily deployed in order to complete a mission. However, a lean supply chain needs to be designed in such a way that it responds by effectively extracting knowledge from collected data to meet the fluctuations in operational demands effectively. If the lean supply chain is implemented then OEMs will be required to implement a ‘pull system’ for raw materials to support manufacturing processes.24 The key is to have all supply chain partners implement lean principles to truly squeeze all logistics costs out of the system.25 Consequently, principles of Big Data analytics could contribute to the secure management of information flow between Defence and Defence Industry in support of military operations. Contemporary Defence initiatives could also harness the power of Big Data. For example, in the terrestrial communications project JP2047, within the scope of the project, Big Data could be used to form intelligence on a trusted insider,26 members’ social media behaviour pattern,27 and so on. Another example is the use of Big Data for the Enterprise Resource Planning (ERP) implementation based on SAP – the German software company that specialises in data processing applications and software – where all current systems are planned to be combined into a single system (excluding the human resource system that is based on Oracle). If incorporated, it could result in a substantial collection of data. If Big Data is not incorporated then the risk to the fundamental inputs to capability (FIC) will substantially increase.28 Big Data could be used for projects Land 121 and Land 400 to realise a logistic common operating picture (LCOP) for the logistic control network (LCN) using real-time data extraction from a vehicle communication system. This could be accomplished by employing sense and respond



35



logistics on all land vehicles, thus weaving multiple CSS networks into a single capability.29 This has the potential to result in the elimination of the second and third line support that could create an end-to-end distribution network.30 Any possible savings from this elimination can be redirected towards acquiring superior materiel in order to reduce capability gaps.

ChallengesThe opportunities presented above are crucial and significant to a military operation, however, benefits from these opportunities are not easy to achieve and several challenges remain which require careful consideration. First, a fundamental challenge is that people have difficulties in understanding the concept of Big Data 31 and then making a decision from collected data.32 There are few people with the required qualifications, skills, and experience to effectively work with Big Data. This is due to its complexity and intricacies presenting a challenge to new trainees as Big Data educators are scarce. Military personnel who would handle the Big Data require individual and customised training, a set of essential skills in order to handle the Big Data, and resources for continuous professional development. For example, one MQ-9 Reaper sortie collects the data equivalent of up to twenty laptops. Therefore, it is not surprising that much of this information can only be analysed retrospectively, rather than fully exploited in real-time. In the past few years, the number of intelligence analysts in the US military has soared in order to manage the information deluge. Moreover, one US Army retired intelligence officer claimed that ninety five percent of battlefield video data is never viewed by analysts, let alone assessed.33 The training exercises are intensive and the trainees are often put in situations where they need to simulate analysis and management of huge spreadsheets that involve hundreds of columns and tens of thousands of rows; a task that is even difficult for the trainers due to the complexity of the material. This leads to a talent gap.34 However, to overcome this challenge, stronger partnerships are required among educational institutions, Defence Industry, Research and Development organisations, and government agencies.

The second challenge is the risk of data corruption or theft through cyber-attacks which may present a devastating problem for military operations. Cyber-attacks are intended to control weapons and infrastructure to


36


adversely influence daily operations. Cyber-attacks can be sudden, unforeseen, and their probability of occurrence can build up over time in the absence of applicable policy technology or management responses to contain an attack. Cyber-attacks on the military logistics infrastructure or ecosystem can lead to major delays, breakdowns, disruptions, and losses in the services and operations, threatening the security of a whole nation. For example, the Iranian authorities carried out a successful cyber-attack on the US Defence system (in particular, the RQ-170 Drone), and managed to control it.35 The use of Big Data for military logistics thus presents the risk of a cyber-attack that can damage military infrastructure leading to denial, or in the worst case, loss of infrastructure and/or corruption of data. However, if Blockchain technology is not incorporated in the logistical systems, even embedded within the Advanced Data Communications Units that make up the interface between human and machine, then the damage from cyber-attacks would be far more devastating.36

The third challenge involves the operational management of a contracted data warehouse and manual data extraction. A real-time ground surveillance system developed by DARPA – the US’ Defense Advanced Research Program Agency – known as ‘ARGUS’ collects up to 40 GB of information per second. 37 Therefore, hardware infrastructure and energy consumption that hosts Big Data is very costly, even with the availability of cloud computing.38 Recently, incidents of security breaches and fraudulent conduct by government 39 40 and Defence 41 contractors have been on the rise. If we are not conscientious about who can be trusted and with whom we do business, then it would seriously jeopardise military operations.42 In addition, contracted cloud computing warehouses come with their own challenges like operational transparency, lock-in contracts, higher bandwidth cost, multi-vendor systems integration, and loss of operational control.

The fourth challenge is the data processing system.43 In conventional systems, at least some degree of human intervention is required to extract valuable information to present to decision makers. This leads to the dependency on the manual collection and extraction of data, resulting in the potential introduction of human error and inefficiency,44 but an automated system with intensive computing helps to ensure conformity of data while allowing the data managers to focus more on data management rather than research and evaluation. For example, Defence’s use of several commonly used and trusted logistics applications such as, ROMAN, ACMS, SPMS,



37



VIPA, MILIS, MEMS, and MUIR are developed by Defence Industries which do not incorporate Big Data. As such, their accuracy, interoperability, and reliability are often challenged. Lessons learned from Linfox’s 45 Big Data implementation suggested that if data extraction and integration is carried out properly (adhering to a single coding standard) then the problems which have occurred can be explained and future issues can be predicted and avoided. Therefore, the use of Big Data combined with emerging technologies could provide Army with a centralised and streamlined way of managing Army’s resources.

ConclusionsWe live in a digital era and military operations increasingly benefit from digitisation with an ever-greater dependence on accurate intelligence. Big Data analytics provides actionable insights that would enable Army planners to address the problems proactively before they happen, an initiative for which traditional reporting systems do not allow. Big Data can enable logistics systems to get smarter, faster, more secure, and more agile in order to support accurate and timely decisions. Also, the real-time management and monitoring of health data from soldiers could potentially prevent injury and illness. The combination of HUMS and Big Data analytics can facilitate the optimal and safe use of Defence and military vehicles. Big Data has a potential to optimise supply chain management by creating Army’s multiple CSS networks into a single capability that has a potential to eliminate the second and third line support, resulting in an effective use of the Army’s budget. This presents opportunities to accelerate, but also requires greater emphasis on the effective lean management of a huge volume of data and its security. Once these few challenges have been mitigated as suggested, I have no doubt that the use of Big Data in military operations is imminent. Therefore, I strongly argue that the use of Big Data with secure technologies is crucial for military logistics operations and critical for Army’s sustainment budget.

Big Data is the new oil and its breach is the new oil spill.

Anonymous


About the AuthorMajor Keyurkumar Patel has qualifications in Engineering from Bangalore University, India, as well as a Master of Engineering from Swinburne University of Technology and a Doctorate of Engineering from the University of Southern Queensland. He is a published author of more than 50 research studies and four books. A Chartered Professional Engineer and member of the Royal Aeronautical Society he is also a senior member of the Australian Computer Society and the IEEE. Since 2008 he has served in the Australian Army’s corps of Royal Australian Electrical and Mechanical Engineers.

Endnotes1. Statistical Analysis System, 2018, ‘Big Data: What it is and why it matters’, at: http://

www.sas.com, accessed 20 Oct 2017

2. Ernst and Young, 2014, ‘Big Data – Changing the way businesses compete and operate’, Insights on governance, risks and compliance, at: https://www.ey.com/gl/en/services/advisory/ey-big-data-big-opportunities-big- challenges, p 2

3. D Woolner, 2000, ‘Pressures on Defence Policy: The Defence Budget Crisis, Research Paper 20’, Foreign Affairs, Defence and Trade Group, Commonwealth of Australia, at: https://www.aph.gov.au/About_Parliament/Parliamentary_Departments/Parliamentar y_Library/pubs/rp/rp9900/2000RP20, accessed 3 Nov 2017

4. MA Waller AND SE Fawcett, 2013, ‘Click here for a data scientist: Big Data, predictive analytics, and theory development in the ear of a maker movement supply chain’, Journal of Business Logistics, Vol 34, Issue 4, pp 249-252

5. TH Davenport and J Dyché, 2013, ‘Big data in big companies’, International Institute for Analytics, p 3

6. Waller, 2013

7. Y Wang and VJ Wiebe, 2014, ‘Big Data Analytics on the characteristic equilibrium of collective opinions in social networks’, International Journal of Cognitive Informatics and Natural Intelligence (IJCINI), Vol 8, Issue 3, pp 29-44

8. S Sagiroglu and D Sinanc, 2013, ‘Big data: A review’, 2013 International Conference on Collaboration Technologies and Systems (CTS), IEEE, USA, pp 42-47

9. Sagiroglu, 2013

10. E Qi, J Shen and R Dou, 2013, The 19th International Conference on Industrial Engineering and Engineering Management, Springer

11. Blockchain is a single, universally accessible digital ledger completed by the transformation of Bitcoin since 2009. It’s called a chain due to changes can be made

38




39



12. ME Peak and SK Moore, 2017, Blossoming of the blockchain, IEEE Spectrum, Vol 54, Issue 10, p 25

13. S Banker, 2017, ‘Blockchain In The Supply Chain: Too Much Hype’, Forbes, at: https://www.forbes.com/sites/stevebanker/2017/09/01/blockchain-in-the-supply- chain-too-much-hype/#1a19c5e1198c, accessed 30 Oct 2017

14. A public blockchain designed to store and execute smart contracts and other complex software applications. The first version was released in 2014

15. IEEE, 2017, ‘Blockchain Lingo’, IEEE Spectrum, Vol 54, Issue 10, p 41

16. G Nott, 2017, ‘ASX to make decision on Blockchain system in December’, Computer World, at: https://www.computerworld.com.au/article/626130/asx-make-decision- blockchain-system-december/, accessed 9 Nov 2017

17. O Solon, 2013, ‘Black Ghost military training system uses big data to improve soldiers’ performance’ at: http://www.wired.co.uk/article/equivital-black-ghost, accessed 28 Oct 2017

18. Solon, 2013

19. CA’s first safety concern is “Heat injury and illness”, Army Safety Day, presented on 31 Oct 2017

20. D Ludovici, M Bray and V Wickramanayake, 2013, ‘Health and usage monitoring proof of concept study using army land vehicles’, 8th DSTO International Conference on Health and Usage Monitoring (HUMS2013), Australia

21. A Draper, 2002, ‘The operational benefits of health and usage monitoring systems in UK military helicopters’, Third International Conference on Health and Usage Monitoring-HUMS2003, p 71

22. CA’s third safety concern is “Use of Defence and Military Vehicles”, Army Safety Day, presented on 31 Oct 2017

23. AM Brewer, KJ Button and DA Hensher, (Eds), 2008, Handbook of logistics and supply-chain management, Emerald Group Publishing Limited

24. M George, 2002, Lean Six Sigma – Combining Six Sigma Quality with Lean Speed, McGraw Hill, New York, p 281

25. George, p 289

26. B Ware, 2017, ‘Knowing when a trusted insider becomes a threat: Why organizations need to focus more on the ‘continuous trustworthiness’ of their key personnel’, at: https://www.csoonline.com/article/3186658/analytics/knowing-when- a-trusted-insider-becomes-a-threat.html, accessed 3 Nov 2017

27. A Ahmad, 2016, ‘Defining human behaviours using big data analytics in social internet of things’, IEEE 30th International Conference on Advanced Information Networking and Applications (AINA), IEEE

28. Discussions with COL Brick, LTCOL Cambridge and LTCOL Freeman, 2017

29. P Cambridge, 2016, Sense and respond logistics (S&RL), Army Capability Needs Document (ACND) 141 – R26341424, Department of Defence

30. Discussions with COL Brick, LTCOL Cambridge and LTCOL Freeman, 2017

31. E Hargittai, 2015, ‘Is bigger always better? Potential biases of big data derived from social network sites’, The ANNALS of the American Academy of Political and Social Science, Vol 659, Issue 1, pp 63-76

32. K Crawford, 2013, ‘The hidden biases of big data’, Harvard Business Review Blog


40


33. N Couch and B Robins, Big Data for Defence and Security, Royal United Services Institute, at: https://uk.emc.com/campaign/bigdata/rusi/big-data-for-defence-and- security-report-final.pdf, accessed 8 Nov 2017

34. M Chen, S Mao, Y Zhang & VCM Leung, 2014, Big data: related technologies, challenges and future prospects, Heidelberg: Springer, pp 2-9

35. M Essig, M Hülsmann, EM Kern, & S Klein-Schmeink, 2012, Supply chain safety management, Springer

36. Peak, 2017

37. W Matthews, 2012, ‘Data surge and automated analysis: the latest ISR challenge, industry insights’, Government Business Council

38. Wang, 2014

39. D Dingwall, F O’Mallon and T McIllroy, 2017, ‘Data breach sees records of 50,000 Australian workers exposed’, Canberra Times, 2 Nov 2017, at: http://www.canberratimes.com.au/national/public-service/data-breach-sees-records- of-50000-australian-workers-exposed-20171102-gzdef3.html, accessed on 3 Nov 2017

40. P Farrell, 2015, ‘Personal details of world leaders accidentally revealed by G20 organisers’, The Guardian, 30 Mar 2015, at: https://www.theguardian.com/world/2015/mar/30/personal-details-of-world-leaders- accidentally-revealed-by-g20-organisers, accessed 3 Nov 2017

41. Sky News, 2017, ‘Defence Contractor’s Cyber Security Security Breached’, at: http://www.skynews.com.au/news/top-stories/2017/10/12/defence-contractor-s- cyber-security-breached.html, accessed 3 Nov 2017

42. D Boyd and K Crawford, 2012, ‘Critical questions for big data: Provocations for a cultural, technological, and scholarly phenomenon’, Information, communication & society, Vol 15, Issue 5, pp 662-679

43. X Jin, BW Wah, X Cheng and Y Wang, 2015, ‘Significance and challenges of big data research’, Big Data Research, Vol 2, Issue 2, pp 59-64

44. Davenport, 2013

45. B Owens, 2016, ‘What Linfox learned from Big Data’, Veracity Technology, 4 Aug 2015, at: http://www.veracity.com.au/what-linfox-learned-from-big-data/, accessed 31 Oct 2017



41

Cyber-resilient Supply Chains: Mission Assurance in the Future Operating Environment

Dr Benjamin Turnbull

AbstractThe mission-oriented performance of digital systems under attack requires an understanding of threat, vulnerabilities and impacts. Australian Army systems are likely to face credible adversaries in the future, capable of attacking digital supply chain systems and degrading the resilience of the overall force. The reality of this future requires capability development efforts now to create a force able to resist cyber-attack on the Defence supply chain and in support of deployed combat forces. The purpose of this paper is to outline the challenges faced by the Australian Army in the future, as they apply to the Defence supply chain, and the threat posed by malicious actors in cyberspace. This paper describes the relationship between digitised supply chains, cyber-resilience, mission assurance and the challenges Army faces in the Future Operating Environment (FOE). Army’s FOE vulnerabilities are classified based on the following: risk management, centralised architecture and data, education and research, system and software obsolescence, IT supply chain, and supply chain design. Further research is recommended to identify mitigations to the vulnerabilities




42


described and a more detailed risk assessment process is suggested as a way forward. Introduction

Supply chains are comprised of ‘flows of materials, goods and information (including money), which pass within and between organisations, linked by a range of tangible and intangible facilitators, including relationships, processes, activities, and integrated information systems’.1 Army logistics is interlinked with supply chain management and focused on planning and executing the movement and maintenance of military capabilities.2 Strategy and logistics are intimately linked.3 The planning, management and delivery of military logistics and supply chain functions across the full range of missions and spectra of conflict requires a secure and connected logistics information system. The vulnerabilities and risks facing supply chains will continue to increase as digitisation expands and the networked force becomes more advanced. The threatcasting report developed for the US Army’s Cyber Institute describes a ‘widening attack plain’ generated by the continuously evolving and increasing attack surface created by cyber-risks combined with more people, targets and threats.4 The FOE has a large influence on capability development efforts, to align future force capabilities with resource expenditure and prioritisation in the contemporary environment. The FOE is an attempt to describe the future which the military uses to support force design and capability development decisions.

The mission-oriented performance of digital systems under attack requires an understanding of threat, vulnerabilities and impacts. Australian Army systems are likely to face credible adversaries in the future, capable of attacking digital supply chain systems and degrading the resilience of the overall force. The reality of this future requires capability development efforts now to create a force able to resist cyber-attack on the Defence supply chain and in support of deployed combat forces. The purpose of this paper is to outline the challenges faced by the Australian Army in the future, as they apply to the Defence supply chain, and the threat posed by malicious actors in cyberspace. This paper describes the relationship between digitised supply chains, cyber-resilience, mission assurance and the challenges the Australian Army faces in the FOE. The Australian Army Future Operating Environment Vulnerabilities are classified based on the following: risk management, centralised architecture and data, education

Cyber-resilient Supply Chains: Mission Assurance in the

Future Operating Environment

43



and research, system and software obsolescence, IT supply chain, and supply chain design. Cyberspace and Cyber-Resilience

Cyberspace is the ‘interdependent network of IT infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers, and the content that flows across and through these components’.5 The security of cyberspace is a critical component of business and the global economy.6 Cyber systems provide high levels of efficiency and enable the rapid exchange of data and information in ways that optimise business environments, the control of processes and resource allocation. High levels of efficiency through cyberspace can also introduce vulnerabilities from a variety of sources. This exposure to risk may be amplified by a reduction in the capacity to adapt to unforeseen circumstances.

Cyber-resilience is the ‘persistence under uncertainty of a system’s mission-oriented performance in the face of some set of disturbances that are likely to occur given some specified timeframe’.7 Cyber-resilience is also known as ‘assume breach’8 and ‘fight through’9 which seek to provide assurance through engineering and business solutions. ‘Assume breach’ and ‘fight through’ are both terms that deal with the mission-oriented performance of digital systems under attack. Performance under attack requires an understanding of threat, vulnerabilities and impacts which are dealt with as risk management problems. The risk management of digital systems requires an understanding of how each system supports the broader organisational mission.10 Mission assurance is defined as ‘operators achieve the mission, continue critical processes, and protect people and assets under internal/external attack (physical and cyber), unforeseen environmental or operational changes, or system malfunction’.11

Cyber-resilience has already been identified as an issue across the Australian Federal Government, as well as an issue in industry. In the 2018 Australian National Audit Office (ANAO) Audit Report of Cyber Resilience, three government agencies were audited including Treasury, National Archives and Geoscience Australia. The audit results aligned with previous cyber security audits which identified:


44


… relatively low levels of effectiveness of Commonwealth entities in managing cyber risks, with only one of the three audited entities compliant with the Top Four mitigation strategies. None of the three entities had implemented the four non-mandatory strategies in the Essential Eight and were largely at early stages of consideration and implementation. These findings provide further evidence that the implementation of the current framework is not achieving compliance with cyber security requirements and needs to be strengthened.12

There is no shortage of guidance (including government assurance, regulations and strategic priorities) regarding cyber-resilience, cyber- security and cyber-threats. A key gap appears to be the level of resourcing and focus allocated to not only adhering or being compliant with the guidance, but clearly understanding the risks. The continuing digitisation of society and the military means that these risks and vulnerabilities will only continue to expand and broaden. The increased interest and resources that will progressively be applied by the Australian Government and Department of Defence to this problem will undoubtedly create a shift in vulnerabilities over time. However, the adversaries in this environment have demonstrated themselves to be agile, well-resourced and innovative in developing new approaches to undermine cyber-security efforts. As a result, this paper has adopted a forward-thinking view and applied the Australian Army FOE framework to consider the relevant vulnerabilities Army must address. The Future Operating Environment

The nature of war is enduring, as a human and societal contest of wills, a ‘form of armed politics… and politics is about influencing and controlling people and perceptions’.13 However, the increasing desire to embed digital systems within military forces and their platforms, to obtain a competitive advantage on the battlefield, potentially increases the vulnerabilities of military forces to cyber-attack. Whilst the ends remain the same, the ways and means by which future combat will be resolved is likely to significantly change over time.14

The emerging maturity of artificial intelligence and machine learning technologies combined with the Internet of Things (IoT), drones and robotics provides a broad range of potential developments in the FOE. Global supply chains offer potential for significant change, as ‘the network-based nature



45



of the industry provides a natural framework for implementing and scaling AI, amplifying the human components of highly organised global supply chains’.15 These technologies are double-edged swords, allowing attackers a host of options including hybrid and blended attacks, the use of AI to support targeting and speed up attacks, and the weaponisation of data.16

The Future Land Warfare Report 2014 describes five interlinked meta- trends termed Crowded, Connected, Lethal, Collective and Constrained.17 The following sections provide an overview of each of these meta-trends and relevance based on a global military supply chain. A Crowded Environment

Migration and shifts in global urban demographics has led to increasing urbanisation, particularly in littoral environments. Global military supply chains will need to have the capacity to support operations in high density urban terrain with amphibious capabilities. The potential for military forces to operate in large cities and within civilian populations will force the engagement with different organisations and increased interoperability.18 The scale of logistics required in modern warfare is vast. For example, logistics support is required to supply the individual weapon systems, in addition to life support functions, as well as potentially supporting displaced civilian populations in conjunction with Non-Government Organisations (NGO) and the civil sector. Civilian partners enable supply chains. However, the increased interdependencies in the environment increase risk whilst the scale of the crowded environment reduces the capacity for redundant systems to respond to network failures. A Connected Environment

The connected environment refers to the ‘propensity of global economic, social and communications systems to become increasingly interlinked. Connectivity will continue to be facilitated by global telecommunications network and ubiquitous telecommunications technology enabling near instantaneous communications’.19

Autonomous vehicles and machine intelligence of the future may fundamentally alter how supply chains operate and use their integrated data, systems and assets. The ability to implement heavily automated global supply chains is likely to further increase efficiency and lower cost.20 3D


46


printers could further enable supply chain agility, allowing equipment and spare parts to be printed locally. These technologies will change the risks associated with supply chain management and the ability for cyber-attacks to disrupt supply chains.21

The introduction of Health & Usage Monitoring System (HUMS) has been embraced by militaries around the world for many years. These efforts will increase as real-time data becomes available through Enterprise Resource Planning (ERP). Building upon these capabilities, the prevalence of IoT technologies and embedding of devices in equipment, platforms and even people is likely to continue the networked-effect of Metcalfe’s law.22

Industrial equipment and critical infrastructure will become increasingly dependent upon Supervisory Control and Data Acquisition (SCADA) systems.23 These systems provide opportunities to optimise the effectiveness and efficiency of a variety of critical systems, increasing safety and reliability while decreasing the error and cost associated with human operators. However, SCADA systems are susceptible to attack, as their design generally does not consider security as a priority, and the systems are generally poorly maintained and patched from an information security perspective. The industrial control system market is inhibited by the focus on proprietary components and systems, making upgrades technically prohibitive and costly. A classic example of a cyber-attack on SCADA is the Stuxnet virus targeting Siemens systems.24 Most SCADA systems are reliant on Demilitarised Zones (DMZs) on networks and air gaps between networks. Despite this, there are many SCADA systems on https://www.shodan.io/ that are susceptible to direct cyber-attack.

Automotive manufacturing is leading to the development of electronic control units to replace systems that were previously manually managed. The cyber-attack surface of digitally-enabled vehicles and self-driving cars is increasing significantly and with limited transparency on the long-term security risks associated with targeted cyber-attacks on vehicle systems.25 Even older vehicles with Vehicle Engine Management Systems and HUMS are potentially susceptible to simpler cyber-attacks using logic bombs to disable the vehicle. A sustained or coordinated cyber-attack on future transportation systems could result in a global supply chain impact, particularly as self-driving vehicles increase in prevalence.

Drones and robots are other systems with large attack surfaces that could



47



come under cyber-attack. The future warehouse is largely robotic, meaning that a well-timed attack could divert critical equipment from their intended location or alternatively a denial-of-service attack on supporting, connected infrastructure combined with an attack on the relevant ERP systems could result in a standstill, requiring human intervention. The lack of appropriately trained and qualified personnel to support a large-scale industrial shutdown of robotic systems, with the attendant reliance on paper-based transactions and mobile phones, would cripple a modern global supply chain until the digital systems were fixed or replaced.

A Lethal Environment The violent and chaotic nature of warfare is the antithesis of efficiency and automation sought by modern global supply chains. However, many actions that seek to degrade global supply chains to support military operations are likely to occur outside of the lethal environment. Grey zones provide an asymmetric area of operations focused on the legal ambiguity surrounding sovereignty, the rule of non-intervention, requirement for attribution and the use of force as they are defined under International Humanitarian Law.26 Grey zones are one such environment where cyber-attacks can target specific systems in ways that lethal actions cannot. The combination of kinetic and non-kinetic actions is likely to increase the lethality of military operations by degrading the overall functionality, efficiency and effectiveness of the over system of systems.

The ability to kill a system through non-kinetic means, such as a cyber- attack, combined with the increasing availability of precision weapon systems to state and non-state actors means that critical logistic systems can be targeted and neutralised in new and innovative ways. For example, fuel systems can be attacked throughout the supply chain from the refinery to the final delivery point through contamination, disruption of computer systems regulating pumps and storage systems, or by physical destruction. Although many of these supply chain systems are analogue in the contemporary environment, with the introduction of ERP systems and the push to automation, they will become increasingly connected and targetable. Even if such systems are not capable of direct interdiction through cyber-attack, their status as a component of a wider supply chain is likely to be observable as part of a common operating picture. If the


48


adversary can gain access to the data which displays the supply chain and its status, lethal fires can be directed to degrade the effectiveness of the entire supply chain, rather than simply used to target parts of the supply chain that are readily accessible or vulnerable.

Cyber-attacks on global supply chains enable a military force to gain an advantage in a lethal environment, as part of an effects-based operational approach. The cyber-attack itself is not necessarily lethal. However, if a cyber-attack can degrade the effectiveness of a military force and potentially even reduce the functionality of precision weapons and targeting systems, or reduce the availability of fuel and medical supplies, the combat and operating environment will become more lethal for the force that lacks resilience and is dependent on compromised systems. A Collective Environment According to the Future Land Warfare Report 2014, the term ‘collective’ describes ‘a security or burden sharing arrangement in which parties cooperate to form a cogent total response to common threats and breaches of the prevailing order’.27 The collective environment consists of the integration of supply chain systems. In this context, the collective environment enables ‘the synergy of intra- and inter-company business processes with the aim of optimising the overall business process of the enterprise’.28 This collective environment should be agile, lean and resilient. A Constrained Environment ‘Land force operations in the FOE will be affected by the ongoing major changes to Australia’s economic, demographic and social environment.’29 The constrained environment as it relates to global supply chains is best encapsulated by fiscal constraints and workforce pressures. Fiscal constraints will drive the desire to develop efficient global supply chains with minimal waste. Although the need for redundancy and resilience will be understood by Defence Leaders, the realities of fiscal constraints may prevent redundant systems from being developed and maintained in such a way that they are truly capable of managing a sustained and sophisticated attack.

Business cases for large investments, such as ERPs, are likely to focus



49



on efficiency and day-to-day transactional business to justify their high upfront costs. A focus on efficiency further reduces the capacity to make an effective argument for investment in redundancy and risk mitigation strategies. The focus on day-to-day transactional business may also lead to an increasing disparity between the supply chain military backbone and deployed operational forces.

Workforce pressures are likely to lead to increasing investment in automation, AI and robotics. These investments will fundamentally change the ways and means by which supply chains will operate and lead to an increased attack surface for malicious actors. Diminishing workforce capacity is likely to reduce the resilience of organisational responses if critical systems are successfully compromised. More specifically, an appropriately skilled workforce is increasingly difficult for the military to attract and retain, given the requirement for Australian citizens with appropriate security clearances coupled with the appropriate training and experience to manage complex technologies. The exponential growth in automation, AI and robotic technologies across various industries results in a small pool of resources from which to draw upon to deliver sovereign, digitally-enabled, military global supply chains.

Australian Army Future Operating Environment VulnerabilitiesThe Australian Army future operating environment vulnerabilities have been grouped into the categories and are discussed in detail below. Risk Management Vulnerabilities

Risk management can be improved by understanding the key issues and methods available to manage the links between risks, impacts and the relationship of supply chain resilience across global supply chains.30 An understanding of the system of systems, connections across the value chain, direct/indirect links to business and mission outcomes will facilitate risk assessments and transparency. However, for these activities to be meaningful there is also a requirement for skilled and experienced risk practitioners who not only understand the global supply chain but also cyber vulnerabilities.


50

Australian Army Journal Cyber-Warfare edition 2018 Volume XIV, Number 2

In the event of a successful cyber-attack, an organisation needs to be able to clearly identify what its mission critical functions are and how operations can continue despite the cyber-attack. For each mission critical function, the organisation needs to define minimum acceptable service levels and how to sustain functions during a cyber-attack. Centralised Architecture and Data Vulnerabilities

Security architectural decisions have long-term implications for the Australian military supply chain and how it works with global supply chains. For example, the decision to implement an ERP seeks to centralise the control of supply chain data, moving from a variety of different technology solutions to one single system that optimises integration with a single system provider. ERP has been highlighted as one of two of the most significant hazards that could potentially compromise a military supply chain, along with the introduction of sabotaged or counterfeit components into supply chain inventory.31

The alternative to an ERP implementation is a blockchain implementation, which has an entirely different philosophical paradigm. Whilst an ERP centralises, a blockchain decentralises. Hybrid approaches are possible but at their core the two alternatives – ERP or blockchain – have practical and philosophical limitations which should be considered during a supply chain’s architectural design.

Blockchain enables a peer-to-peer network to manage a transactional ledger through synchronised states, using cryptographic hash functions and digital signatures. Blockchains provide a degree of trust across a network, based on the principle of consensus and either proof-of-work or byzantine fault tolerance. The sort of implementation relevant to a military global supply chain is not a magic bullet to cyber-attack. Permissioned blockchain ‘requires careful planning and governance to establish the parties participating in the consensus process. Without proper governance, there may be a possibility of politically centralising some of the key functionality of the blockchain, limiting its capabilities, and providing a false sense of security’.32

The difference between the centralised and decentralised approaches depends on the use case and view of the organisation. For an organisation such as the Department of Defence, with a focus on efficiency and



51



management of Commonwealth funds, an ERP is a logical solution. However, for a deployed force against an adversary targeting data centres and seeking to break communication systems, a blockchain-like solution with best-of-breed and stove-piped systems may be more survivable and offer greater utility. Therefore, a hybrid approach could be viable to secure deployed forces and extended supply and value chains globally, creating trust between members of the supply chain network who otherwise may not have a mechanism for establishing the same degree of trust. However, blockchain implementations rely on a distributed model which does not heavily favour one party or provide one member of the chain too much control. The use of a blockchain solution in conjunction with an ERP across a military supply chain is an unresolved proposition. Education and Research Vulnerabilities

The development of well-trained and experienced cyber-security professionals is one part of the challenge. Finding supply chain experts who also understand and can contribute to cyber-security and resilience is another critical part of addressing the problem. The conduct of exercises and collective training events is a critical part of building a trained and capable military workforce, ready to respond to a global supply chain system under cyber-attack. Simulations that provide a capacity to plan and potentially prevent successful cyber-attack, as well as educate cyber-defenders on mission critical functions and business imperatives, is another important part of preparing for the FOE.

Organisations should encourage targeted research and provide appropriate funding to subject matter experts and leverage leading practice approaches and techniques, and further develop detailed models for cyber-resilience.33 Rigorous statistical causal modelling is recommended to support risk management and the understanding of risk management practices across global supply chains.

Limited data is currently available to support detailed analysis of military global supply chains and the impact, or even incidents, of cyber-attacks. Without adequate data, risk assessments must be based on expertise which is difficult to develop, or through supposition based on anecdote. The development of data could occur through data collection efforts across government and in conjunction with vendors and suppliers, or through simulation modelling (although the limitations of such models would need to


52


be clearly captured). System and Software Obsolescence Vulnerabilities

The US DoD has reported:

… in typically long DoD acquisition processes, approximately 70 percent of electronics in a weapons system are obsolete or no longer in production prior to system fielding. The Department’s mechanisms for tracking inventory obsolescence and vulnerabilities in microelectronic parts are inadequate. Microelectronics components are likely to become obsolete repeatedly during the weapons system lifecycle. Efforts to track component obsolescence lack oversight at a Department-wide level.34

Obsolete systems expose organisations and their networks to a range of potential attacks as well as making easier targets for an attacker due to the volume of open source information and potential zero days available. Obsolete systems also reduce the capacity to integrate global supply chains by reducing the capacity to exchange data, reducing available functionality, increasing the reliance on custom solutions and increasing the necessity to prevent outgoing and incoming connections as a security measure.

The rapid development of new software systems and the introduction of increasingly complex and interconnected systems can create vulnerabilities. These vulnerabilities are further complicated by the customisation often required and/or prescribed by large organisations. Up-to-date and ongoing software patch management is necessary. The management of software patching is complicated by the fragility of production environments where a multitude of applications and supporting packages must interact without causing conflicts or catastrophic failure. In addition, the emergence of IoT, drones, robotics and engine management systems create a reliance on vendors and contract managers to provide mechanisms to update software systems without providing attackers an additional attack vector. IT Supply Chain Vulnerabilities The supply chain includes the procurement and provision of computers, IT equipment and their components. Concerns about supply chain



53



vulnerabilities within the IT sector have driven the Australian government to ban Huawei technologies from the National Broadband Network (NBN) and to consider similar bans for 5G networks. However, such a broad attempt to secure vulnerable supply chains only considers one part of one vector for attack, which is the reason that some other countries have avoided blanket bans on technology developers. Supply chain attacks do not need to originate with the manufacturer. Supply chain integrity can be compromised at many points. For example, the National Security Agency (NSA) has been reported to have intercepted US-made networking equipment for intelligence gathering.35

The IT Supply Chain is not restricted to hardware. ‘Participation in the software supply chain is global, and knowledge of who has touched each specific product or service may not be visible to others in the chain… each of these indirect suppliers can insert defects for future exploitation.’36 Software has its own lifecycle and supply chain which includes: the various code components developed by programmers, the development and code packages the programmers utilise, the development environment where the code is produced, the compilers, and the enterprise production environment where the code is finally deployed. Software can be compromised at any point in this value chain. ‘No amount of source-level verification or scrutiny will protect you from using untrusted code.’37 The most effective method for securing software is to provide appropriate governance and security throughout its lifecycle and value chain. Supply chain contamination and/or sabotage has been highlighted as one of two of the most significant hazards that has the potential to compromise the military supply chain.38

Supply Chain Design The introduction of an integrated supply chain information system and embedded business processes requires a detailed understanding of the implications on supply chain design. Global supply chains are complex.Integrating into a global supply chain including external partners, vendors and suppliers can have fundamental implications on supply chain design and business practices. Supply chain practices need to be agile to accommodate new technologies and new suppliers. Typically supply chain policies and processes are strictly applied and irregularly reviewed and/or updated and do not align with leading industry practices. Across the end-


54


to-end supply chain, there are constant changes in technology, partnerships and processes. Continuous review and improvement is required to keep up with the broader supply chain, ensuring that lessons learned across the organisation and external parties are included in process and policy updates.

The design of supply chain interfaces, including the mechanisms that allow information and physical items to be exchanged, can change the practices within an organisation and the risks inherent in the supply chain. Supply chains can be designed to be more resilient and capable of sustaining services whilst under cyber-attack if the design of that supply chain has incorporated the appropriate risk mitigations. Summary

This paper has described the challenges faced by the Australian Army in the future, as they apply to the Defence supply chain, and the threat posed by malicious actors in cyberspace. The relationship between digitised supply chains, cyber-resilience, mission assurance and the challenges the Australian Army faces in the FOE have been discussed. The Australian Army Future Operating Environment Vulnerabilities have been classified based on the following: risk management, centralised architecture and data, education and research, system and software obsolescence, IT supply chain, and supply chain design. This paper has adopted a forward-thinking view and applied the Australian Army FOE framework to consider the relevant vulnerabilities Army must address.

Further research is recommended to identify mitigations to the vulnerabilities described and a more detailed risk assessment process is suggested as a way forward.



55



About the Author

Dr Benjamin Turnbull is a Senior Lecturer in Cyber Security at UNSW Canberra Cyber, University of New South Wales at the Australian Defence Force Academy. His research includes investigating the nexus of cyber security and kinetic effect to understand the true impacts of cyber- attack, best-practice automated analysis and visual techniques to aid decision support.

Endnotes1. Donald Waters, Global Logistics: New Directions in Supply Chain Management, (Kogan

Page Publishers, 2010).

2. Commonwealth Government of Australia, Land Warfare Doctrine 4-0 Logistics 2018, (Department of Defence, 2018), 9.

3. Nathan Brodsky, Logistics in the National Defense, (US Marine Corps), 315.

4. Brian David Johnson, A Widening Attack Plain – Threatcasting Report for the Army Cyber Institute, (Army Cyber Institute, 2017), 6.

5. Department of Defense, US Army Doctrine JP3-12, (Department of Defense, 2013).

6. Commonwealth Government of Australia, Australia’s Cyber Security Strategy 2016, (Prime Minister and Cabinet, 2016).

7. Scott Musman and Seli Agbolosu-Amison, A Measurable Definition of Resilience Using “Mission Risk” as a Metric, (MITRE Corporation, 2014), 9.

8. Microsoft Corporation, The cloud security mindset, (Microsoft IT Showcase, 2016) https://www.microsoft.com/en-us/download/details.aspx?id=51673

9. US Department of Defense, US Air Force Blueprint for Cyberspace 2009, (US Department of Defense, 2009), 4.

10. Michael Nieles et al, An Introduction to Information Security, (NIST, 2017), 7.

11. MITRE, Systems Engineering Guide – MITRE CORPORATION

12. Commonwealth Government of Australia, Cyber Resilience, (ANAO, 2017)

13. Commonwealth of Australia, Adaptive Campaigning 09 – Army’s Future Land Operating Concept, (Department of Defence, 2009)

14. Commonwealth Government of Australia, Future Land Warfare Report 2014. (Department of Defence, 2014), 12.

15. Ben Gesing et al, Artificial Intelligence in Logistics, (DHL and IBM, 2018), 14.

16. Johnson, 6-7.

17. Commonwealth Government of Australia, Future Land Warfare Report 2014, (Department of Defence, 2014).


56

Australian Army Journal Cyber-Warfare edition 2018 Volume XIV, Number 2

18. Commonwealth Government of Australia, Future Land Warfare Report 2014, (Department of Defence, 2014).

19. Commonwealth Government of Australia, Future Land Warfare Report 2014, (Department of Defence, 2014), 11.

20. Commonwealth Government of Australia, Future Operating Environment 2035, (Department of Defence, 2016), 24.

21. J Augustyn, Emerging Science and Technology Trends: 2017-2047. (Future Scout, 2017), 8.

22. Bob Metcalfe, Metcalfe’s Law after 40 Years of Ethernet, (IEEE Computer Society, 2013).

23. D Barr et al, Technical Information Bulletin 04-1. Supervisory Control and Data Acquisition (SCADA) Systems, (National Communications System, 2004).

24. Symantec, W32.Stuxnet. (Symantec, 2010), https://www.symantec.com/security- center/writeup/2010-071400-3123-99

25. Guardknox, Automotive Cyber Security. (Guardknox, 2018), https://www.guardknox.com/automotive-cyber-security/

26. Michael N Schmitt, Grey Zones in the International Law of Cyberspace, (2017).

27. Commonwealth Government of Australia, Future Land Warfare Report 2014. (Department of Defence, 2014), 16.

28. Luis Rocha-Mier et al, Global Supply Chain Management based on Collective Intelligence, (World Conference on Pom, 2004).

29. Commonwealth Government of Australia, Future Land Warfare Report 2014.

(Department of Defence, 2014), 18.

30. Serhiy Y. et al, Understanding the concept of supply chain resilience, (The International Journal of Logistics Management, 2009)

31. LTG Larry Wyche, Securing the Army’s Weapon Systems and Supply Chain against Cyber Attack, (Institute of Land Warfare, 2017)

32. Dave Bryson et al, Blockchain Technology for Government, (MITRE Corporation, 2018).

33. Omera Khan et al, Supply Chain Cyber-Resilience: Creating an Agenda for Future Research, (Technology Innovation Management Review, 2015).

34. Paul Hoeper and John Manferdelli, Report of the Defense Science Board Task Force on Cyber Supply Chain, (Defense Science Board, 2017), 4.

35. Glenn Greenwald, How the NSA tampers with US-made internet routers, (The Guardian, 2014), https://www.theguardian.com/books/2014/may/12/glenn- greenwald-nsa-tampers-us-internet-routers-snowden

36. Robert Ellison et al, Evaluating and Mitigating Software Supply Chain Security Risks, (Carnegie Mellon, 2010).

37. Ken Thompson, Trusting trust, (Communications of the ACM, 1984).

38. LTG Larry Wyche, Securing the Army’s Weapon Systems and Supply Chain against Cyber Attack, (Institute of Land Warfare, 2017).



57

Australia’s Readiness for a Complex Cyber-catastrophe

Lieutenant Jonathon C Ladewig

Abstract

This article analyses Australia’s readiness to manage a complex cyber- catastrophe. It contains an analysis of both military and civilian publicly available documentation pertinent to Australia’s cyber capability and disaster resilience. The findings suggest that Australia is ill-prepared to respond adequately to the kind of complex cyber-attack that may trigger cascading consequences. This article seeks to evaluate the scope of Australian documents in the public domain that address cyber-security and disaster resilience. The article compares the way in which Australia and the United States have developed strategic and military cyber policies in order to determine the implications for Australia’s readiness to manage a multi-vector, complex cyber-catastrophe. The results highlight distinct vulnerabilities in Australia’s current position and evidence reveals inconsistencies in policy development and the use of cyber terminology. Analysis of existing policies and strategic documentation additionally demonstrates elements of non-compliance with both current Australian strategies and recommendations for national resilience espoused by the United Nations.




58


Introduction This article is a public policy analysis prepared in the Australian Centre for Cyber Security. It seeks to deliver a multi-disciplinary approach to the discovery of Australia’s readiness if confronted with a complex cyber-catastrophe involving multiple and/or simultaneous attacks against civilian and military systems. This article explores the extent to which the language of cyber is codified across Australian agencies and internationally. Furthermore, it examines the hierarchical response structure of the United States and of Australia, reflecting upon the advantages of each country’s strategic planning.

Fred Kaplan1 documents the history of US approaches to cyber warfare in his book Dark Territory. Clarke and Knake 2 highlight future threats in their book Cyberwar with reference to a coordinated response to a zero-day broad spectrum cyber-attack on the US. Macdonald et al,3 warn us that coordinated or sustained cyber-attacks upon aspects of everyday life (in a hyperconnected world) might result in far more damage to our social order than any spectacular ‘one-off’ style attack. All three texts focus on the vulnerabilities and disruptive, destructive powers of cyber-attacks, raising questions about the nature and extent of any country’s military and civilian capacity to secure its cyberspace.

These three books raise the spectre of a complex cyber-catastrophe, which is understood by the US Department of Defense as the ‘cascading failures of multiple, interdependent, critical, life-sustaining infrastructure sectors’4 and the consequential large-scale destruction and devastation. The definition of a complex cyber-catastrophe is informed by the work of Austin 5 and security experts Clarke and Knake 6 and takes into account current definitions in the US Dictionary of Military and Associated Terms.7 Also considered is Australia’s former Cyber Minister Dan Tehan’s reference to ‘A Cyber Storm’.8 On this basis, this article defines a complex cyber-catastrophe as ‘a multi-vector, multi-threat cyber-attack that triggers cascading effects’.

At the time of writing, there had been little public discussion of Australia’s cyber-security and strategies for defence against such a multi-vector threat. This is despite the scale and increasing frequency of attacks on Australia and the accepted practice of Australia’s closest allies to address the topic coherently and comprehensively in the public domain. Austin asserts that


59



Australia ‘does not … possess such capabilities [systems of decision-making for a complex cyber-catastrophe] nor is it close to achieving them. It has not even begun planning for most of them’.9

While the Australian government, the Australian Defence Force and the commercial sectors have their own unique ways in which they identify and manage cyber problems, there is little evidence in the public domain of policy, research and training that are directly relevant to all three as a whole-of-nation defence strategy in a complex cyber emergency. In 2013, Jennings and Feakin argued that ‘significantly more needs to be done to ensure that Australia has the right policies in place to manage cybersecurity risk’.10 In 2016, Austin highlighted the ‘need for … a comprehensive, public domain study, advocating that “no government … can afford to undertake policy analysis of military cyber needs largely behind the veil and without clear benchmarks”’.11 Finally, in 2017, the G7 called for nations to strengthen their critical infrastructure against ICT threats.12 To further Austin’s argument surrounding clear benchmarks, the NATO National Cyber Security Framework Manual stipulates the rarity of explicit definitions in many common cyber terms such as ‘national cyber security’.13 Even the spelling of key words such as ‘cyber security’ is inconsistent at national levels, Australia included.

Keliiaa and Hamlet identify seven security problems within the cyber domain,14 all of which are rarely canvassed publicly in Australia.

1. disjointed response to wide-area and multi-target attack

2. widely dispersed and fragmented detection and notification capabilities

3. ill-defined government, commercial, and academic roles and responsibilities

4. divided and rigid wide-area cyber protection posture

5. unresolved wide-area common and shared risks

6. fragile interdependent wide-area critical access and operations

7. unresolved attribution of attack and compromise.

While this article has not been structured around these problems, their application to complex cyber-catastrophes will become apparent in


60


discussion that follows.

Analysis of the ‘Cyber’ Discourse While the details of Australia’s cyber capabilities remain classified, it is possible to examine Australian policy and planning in relation to the nation’s preparation for a complex cyber-catastrophe. This study entails a meta-analysis of the available academic, government and private sector documents seeking to understand the inter-relationships between actors and preparedness in the event of a cyber-enabled attack. In the first instance this involves an analysis of the cyber discourse. This involves a close examination of the frequency, variations in meaning and mode of the cyber language—comparing the cyber discourse of international documents with that of Australia’s—and is underpinned by critical theory. The novelty of the cyber discourse focuses attention on the basic set of concepts reflecting Australia’s preparedness for a complex cyber- catastrophe.

For the purposes of this article, the term ‘discourse’ relates to the ‘formal treatment of a subject in speech or writing’15 and assumes that the speaker/author seeks to influence the audience in a particular way.16 Discursive analysis offers a method of ‘analysing stretches of interaction, rather than isolated phrases’17 and is concerned with ‘understanding and interpreting socially produced meanings’.18 In this instance, the analysis draws upon both quantitative and qualitative methods. It focuses on the language, meanings and usage (including frequency and mode) and any variations thereof found within the cyber discourse. Key terms as defined in the NATO National Cyber Security Framework Manual: Cyber, Information Security, ICT Security, Cyber Security, Cyber Crime, Cyber Espionage and Cyber Warfare19 have been identified, along with terms commonly used in Australian documents.20

Karabacak et al argue that:

‘… little, if any, research is dedicated to maturity assessments of national critical infrastructure protection efforts. Instead, the vast majority of studies merely examine diverse national-level security best practices ranging from cyber-crime response to privacy protection.’ 21

During the analysis, government and military dictionaries and glossaries were accessed 22 to discern the extent that the cyber discourse is standardised


61



and codified across the stakeholder communities and whether the language of the community has become both explicitly and implicitly normative.23 The definitional analysis aims to highlight the standards set down by particular knowledge systems24,be they governments, departments, agencies or authorities. This is significant because unless meaning is clear and connotes authority25, consistent communication will remain elusive and, at best, unreliable. The entry of ‘cyber’ into the civilian and military discourses is also ‘inextricably linked to questions of authority’.26 Therefore, a discursive analysis can reveal the nature of connoted institutional power 27 and the way in which the cyber discourse signifies political and ideological bases.28

Government Policy The NATO National Cyber Security Framework Manual 29 provides the foundations for cyber-security policy development. This document is not restricted in its relevance to NATO members but is pertinent to any emerging national cyber-security strategy. While other publications have sought to provide cyber-security policy makers with specific elements and direction relating to one particular view point, the NATO National Cyber Security Framework Manual offers a broader and more rounded perspective.30

At the highest level of consideration, the NATO National Cyber Security Framework Manual 31 outlines the importance of cooperation and consistency between nations when defining cyber terms. Unfortunately, global international consensus has not been reached. As such, this article compares US and Australian approaches to discern best practice. The understanding that the US is the most developed of the Five Eyes nations stems from an analysis of national cyber strategy documents and organisational structure, as represented in Figures 1 and 2, and known /suspected involvement in international cyber-operations.32

The extent of the definitional problem appears widespread according to the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which notes that while the term ‘national cyber security’ is often used in policy documentation, it is rarely defined.33 This trend continues across much of the cyber discourse where universally accepted definitions are rare and ‘as a rule, the individual national context will define the specific definitions, which in turn will define the specific approaches’.34 Key terms defined by CCDCOE are as follows: Cyber, Information Security, ICT Security, Cyber


62


Security, Cyber Crime, Cyber Espionage and Cyber Warfare.35 Within each, sub definitions are also characterised with different examples provided across nations. These terms have been cross referenced between the US and Australia using significant public documents released since 2004. Through this analysis, the trend identified by CCDCOE was confirmed with each nation and even individual agencies within each nation are defining and spelling cyber terms differently.

Current Government Structure and Cyber-Security

Stallard asserts that ‘the [Australian] government has designated the Department of Defence to be the operational lead on governmental cybersecurity operations’.36 Despite this argument, the organisational responsibilities and overarching command authority remain ambiguous in the public domain. Despite this designation, Australia still lacks either a public strategic or policy document that ‘guides the department’s and the ADF’s approach to cyber threats’.37 It is possible, but unclear, that with the development of the ACSC (Australian Cyber Security Centre), the Defence Department will assume the overarching role, with the ADF limited to securing and combatting military capabilities. This confusion is diagrammatically represented in Figure 1. Although the Prime Minister appears to have ultimate control through the Department of Prime Minister and Cabinet, various organisations and sectors receive multiple inputs with no clearly designated authority. Clarke and Knake highlight the folly of this situation when they hypothesise a complex catastrophe.38

Figure 1 indicates that the Department of Prime Minister and Cabinet dictates to the Department of Defence in terms of cyber-strategy, while the Attorney-General’s Department controls National Security and Emergency Management. This contrasts with the devolution of responsibility in the US, where the Department of Homeland Security oversees all critical infrastructure and government networks minus the .mil domain which is overseen by defence specialists (see Figure 2). Figure 2 clearly illustrates the linear devolution of authority and responsibilities in the US, whereas Figure 1 highlights an Australian model that is more convoluted and potentially ineffective in the event of a complex catastrophe given its apparent lack of dedicated command.


63




Figu

re 1

. Aus

tral

ian

Cyb

er H

ighe

r G

over

nmen

t O

rgan

isat

iona

l Str

uctu

re 39

64



Figu

re 2

. Uni

ted

Sta

tes

Cyb

er H

ighe

r G

over

nmen

t Org

anis

atio

nal S

truc

ture

40

65



Australia’s emergency response plans are managed by the Attorney- General’s Department, which parallels the US Department of Homeland Security. These plans comprise the Australian Government Disaster Response Plan, Australian Government Overseas Assistance Plan, the Australian Government Plan for the Reception of Australian Citizens and Approved Foreign Nationals Evacuated from Overseas, Australian Government Aviation Disaster Response Plan, Australian Government Space Re-entry debris plan and the National Catastrophic Natural Disaster Plan.41 It should be noted that not one of these plans mentions cyber, nor do they provide guidelines for Australia’s response in the event of a complex cyber-catastrophe.

Australia’s capacity to respond to a complex catastrophe is limited by the scope and scale of Australia’s emergency response planning. Based on information in the public domain, Australia has not planned specifically for a cyber incident. Defence policy, which highly classifies cyber capability,42 may include a response mechanism for government; however, this does not aid public organisations such as critical infrastructure to prepare for, or adequately respond to, the cascading nature of a complex catastrophe.

In contrast, the US has a nested framework of incident management and response, which allows the government to plan for many previously considered disasters while maintaining flexibility to adapt well to unforeseen events. This is not apparent in Australia’s documentation; however, if the Australian Government received a request from a State or Territory Government for assistance, the Australian Government Disaster Response Plan offers a framework response. Australia’s official response to a complex cyber catastrophe is unknown and the lack of a public emergency response plan that deals with this scenario is of concern.

The most detailed and cyber-specific US response framework is the National Cyber Incident Response Plan,43 which is an updated version of a 2004 document and can be considered an operational planning document that has four focused priorities: threat response, asset response, intelligence response and affected entity response.

The National Incident Cyber Response plan highlights fourteen core capabilities vital to the lines of effort and response to a cyber incident.44 These are:


66



• Access control and identity verification

• Cyber-security

• Forensics and attribution

• Infrastructure systems

• Intelligence and information sharing

• Interdiction and disruption

• Logistics and supply chain management

• Operational communications

• Operational coordination

• Planning

• Public information and warning

• Screening, search, and detection

• Situational assessment

• Threats and hazards identification

In addition to this understanding, the comprehensive nature of the National Cyber Incident Response Plan and the capacity to rapidly mobilise the National Cyber Response Coordination Group (NCRCG), which is directly responsible to the President (See Figure 2), epitomises the scope and scale of an effective readiness framework in the event of a complex cyber-catastrophe. The Inter-Agency Incident Management Group is subordinate to the NCRCG and is tasked with ensuring effective communication and oversight between sectors. This is made possible by the group’s dynamic nature, tailored to the specific incident. This flexibility and forward planning in alignment with the National Cyber Response Plan gives the United States a profound advantage in command and control in the event of a cyber-emergency.

Along with a comprehensive emergency management framework, the US information sharing program is of importance45 and is exemplified by the comprehensive nature of the Department of Homeland Security’s information sharing network, which contains analysis, automated

67




indicator sharing and a 24/7 situational awareness incident response and management centre.46

The owners and operators of critical infrastructure in the US and Australia voluntarily participate in information sharing, as the respective governments have the expectation that the owners and operators are responsible for network security. By comparison, the Government of the United Kingdom takes this a step further by mandating that the ongoing testing for cyber-security in critical infrastructure must be conducted in partnership with government bodies and regulators and, where it is found lacking or derelict, Her Majesty’s Government will ‘intervene in the interests of national security’.47 While both the US and Australia are working on similar legislation,48 none is currently active.

In Australia, mutual exchange of information occurs in part between the ACSC, the Computer Emergency Response Team (CERT) Australia and critical infrastructure. The Trusted Information Sharing Network (TISN)— encompassing State, Territorial and Federal Governments and the owners and operators of critical infrastructure—provides a secure environment for the communication of sensitive information. The Critical Infrastructure Advisory Council, located within the auspices of the Attorney-General’s Department, provides governance and strategic direction for the TISN.49 Australia’s Critical Infrastructure Resilience Strategy adopts a non-regulatory approach, in that it assumes that ‘owners and operators of critical infrastructure are best placed to assess the risks to their operations and determine the most appropriate mitigation strategies’.50

Although the civilian sector remains uncontrolled—which poses a problem given that around eighty percent of critical infrastructure in Australia is privately owned—the Australian Signals Directorate (ASD) has produced the Australian Government Information Security Manual (ISM), which governs the security of government ICT systems.51 The ISM is a three-part document that outlines requirements at the executive, user and administrator-specific level in a bid to secure government networks. In 2014, the Australian National Audit Office (ANAO) conducted an audit of seven government entities regarding their compliance with the top four strategies within the ISM.52 These are, in turn: application whitelisting, patch applications, patch operating systems and restrict administrative privileges. These seven departments comprised: the Australian Bureau of Statistics, Australian Customs and Border Protection Service, the Australian Financial Security

68



Authority, the Australian Taxation Office, the Department of Foreign Affairs and Trade, Department of Human Services and IP Australia (Patent Office).53

Of these seven departments, none were compliant. This resulted in the re-investigation of three of these entities over 2015-2016, namely the Australian Taxation Office, the Department of Human Services and the Department of Immigration and Border Protection. It was noted that ‘all entities made efforts to achieve compliance’,54 however,

‘…only the Department of Human Services was assessed as having effectively implemented application whitelisting. The Department of Immigration and Border Protection had an application whitelisting strategy but deviated from it. The Australian Taxation Office only developed an application whitelisting strategy during the course of this audit.’ 55

Furthermore, only the Department of Human Services was deemed cyber-resilient.56 While there is at least legislation mandating the security requirements of government networks, the challenge clearly lies in the application. This lack of compliance is perhaps understandable, given the limited budgetary allocations to ICT and cyber-security. Also, it should be acknowledged the many different departments within government coordinate their own ICT infrastructure making it difficult to achieve consistency across government. On 24 February 2017, the Joint Cyber Security Centre was launched as a pilot program based in Brisbane, Queensland.57 The organisations participating in the first instance are as follows: Australian Criminal Intelligence Commission, the Australian Federal Police, Brisbane Airport Corporation, CERT Australia, Commonwealth Bank, Credit Union Australia, Origin Energy, Powerlink, Qantas, Queensland Government Chief Information Officer, Queensland Rail, Queensland Urban Utilities, Rio Tinto and Telstra.58

A non-exhaustive example of those missing from this list are: the Queensland Emergency Services, Regional Airports, Maritime Port Authorities, Queensland Health and representatives from the agriculture, scientific and education sectors. The 2017 Cybersecurity Report promotes Australia as being ‘at the forefront of developments in safety and security in the online environment with robust legislation, advanced law enforcement capability, rigorous policy development and strong technical defences’.59

69




None of the educational or research bodies identified in this document are based in Queensland, nor are they participants in the pilot Joint Cyber Security Centre program. In addition, the Statement of Intent for the program incorporates that solutions to cyber-security risks are to be developed through collaboration and without commercial bias, as a strategic objective.60 The pilot program includes only two banks, one telecommunications company, one airline and one mining company.61 Together with the aforementioned omissions, the location and scope of the pilot program are moot.

National Security

In 2016, the UK published its National Cybersecurity Strategy, which signified that the government’s policy was an ‘unprecedented exercise in transparency’,62 openly acknowledging that discussions about national cyber-security could ‘no longer … [remain] behind closed doors’.63 That same year, Austin problematised the fact that, to date, there had been

‘…no effort in public by the government to benchmark Australian national security needs in cyberspace in the same way as we benchmark naval, air and ground capability against strategic needs (strengths & weaknesses of potential enemies and their intentions).’ 64

The 2009 Defence White Paper acknowledges the ‘growing importance of operations in cyberspace’65 due to the way in which national security could potentially be ‘compromised by cyber-attacks on our defence, wider governmental, commercial or infrastructure-related information networks’.66 However, there is no mention of making the discussion public. In fact, this paper states explicitly that ‘many of these capabilities remain highly classified, but in outline they consist of a much-enhanced cyber situational awareness and incident response capability’.67 Similarly, the 2016 Defence White Paper prioritises ‘investment in modern space and cyber capabilities and the infrastructure, information and communications systems that support defence capability’.68 This White Paper was ostensibly the result of ‘a comprehensive consultation process’,69 incorporating input from ‘Government, the Australian defence industry and the Australian public’,70 but there is no acknowledgement of the need for, or advantages of, public transparency.

70



The 2016 US National Cyber Incident Response Plan is authored by representatives from both government agencies and the private sector and emphasises the plan as a ‘whole-of-Nation concept’.71 It does so by acknowledging that Government resources and expertise alone cannot adequately respond to the needs of those targeted by cyber-attacks and that responsibility must be borne collectively by individuals, the government and the private sector.72 In this way, all elements of the community ‘must be activated, engaged, and integrated to respond to a significant cyber incident’.73

From an Australian perspective, the paper Australia Rearmed! Future Needs for Cyber-Enabled Warfare recommends that Australia builds ‘a much more visible community of interest around the concept of cyber- enabled warfare’.74 Austin also concurs with US NSA Chief, Admiral Rogers’ assessment of the value of providing common language.75 The proposition of scenario development to aid in cyber-security development is also foregrounded by Austin.76 He suggests a series of events77 not dissimilar to Tehan,78 which would enable planning for such a complex cyber-catastrophe, reducing the likelihood of strategic surprise.79 The US is the only Five Eyes nation to announce the conduct of such an exercise which meets the definitional requirements for a complex cyber-catastrophe.80 This raises the question as to the preparedness of Australia in similar circumstances.

There is also a disparity between nations as to how much effort and capital is dedicated to cyber-security. The United States committed $26 billion over the 2017 Fiscal Year alone and has run a biennial state-sponsored cyber exercise called Cyber Storm since 2006. Each exercise has specific goals, however, the intent is to strengthen national critical infrastructure resilience in the US and partner countries. While participation is voluntary among privately-owned organisations, many still choose to participate and it offers them a means to identify cyber-security shortfalls.81 Despite this, as recently as 2012, Newmeyer took issue with ‘a hodgepodge of initiatives and good ideas, but no unifying focus’82 implemented across sectors in the US.

In the UK, the CERT UK team supports, on average, three cyber exercises per month to test cyber resilience and response83 and provisions £1.9 billion over five years based on a similar plan to the US.84 In the same time period, Australia has committed just $100 million over one year85 and has decreased its involvement in the Cyber Storm exercises,86 relying on industry to make

71




its own decisions based on the TISN and their own assessments.87

Disaster Resilience Former Director of the FBI, Robert Mueller warns that ‘There are two types of companies: those that will be hacked and those that have been hacked and will be hacked again’;88 a concept that has failed to generate traction in Australia. According to Jaeger,89 cyber-attacks are inevitable. Due to the dynamic and agile nature of cyber-weaponry, joint exercises thus become an imperative; not to eradicate the possibility of cyber-attack, as is arguably impossible, but to mitigate the effects and to learn how to respond in an emergency.90 The Australian Centre for Cyber Security highlights the shortfalls in Australia’s preparedness in the event of a cyber-enabled attack in a series of papers published through the University of New South Wales, Canberra.91 The primacy of a cyber- threat to national security is highlighted by the budgetary commitments of the US and UK above.

In terms of disaster resilience and management, communication and public discussion are manifestly important for assessing and effectively managing disasters.92 The International Strategy for Disaster Reduction, Hyogo Framework for Action 2005-2015 highlights the ‘increasing vulnerabilities related to changing … technologies’, ‘technological hazards’93 and the need for the sustainability of infrastructure,94 although the term ‘cyber’ is silenced. While cyber-security has been identified as a key area of risk for Australia’s security, the broad parameters and specific nature of threats are not well understood by the general population. This is evidenced by the ‘critical shortage of suitably trained and qualified cyber professionals, and current [Science and Technology] S&T investment [that] does not match the magnitude of the problem space’.95

Public education and communication entails open discussion of risk and is advocated by the Australian Disaster Resilience Strategy as a means of effectively anticipating risk.96 This document emphasises the fundamental nature of knowledge and the communication of ‘all relevant and available information’97 not only in disaster management but in preparation and risk mitigation, thereby building a culture of resilience across all levels of the community. This is further endorsed in the National Strategy for Disaster Resilience: Companion Booklet, which advocates ‘a partnership approach with key stakeholders to convey the disaster resilience message’.98 On

72



the surface, this community-wide ‘culture’ provides a firm foundation for a whole-of-nation approach to national security that includes cyber.

Mayfield’s Paradox offers a mathematical proof that an infinite amount of money would need to be spent to completely eradicate a cyber-threat,99 thus implying that systems’ administrators and programmers will never be able to entirely secure their systems. This makes Australia’s Disaster Resilience Plan relevant to Australia’s cyber-security. A key concern is that official documents fail to outline cyber-specific policy and protocols. Turnbull and Ormrod100 suggest a Military Cyber Maturity Model (MCMM). The MCMM recognises the likelihood of an enemy using a zero-day exploit to attack a system. As such, instead of attempting to completely reduce all vulnerabilities, the model plans to combat the consequences.101 This is an effective methodology, however the threat must first be understood and this requires a sharing of information.

Effective national and regional management of a disaster relies upon national and local risk assessments and the regular dissemination of up-to-date data and risk maps to enable decision makers and the public to effectively assess the impact of a disaster.102 Thus the advocacy for public discussion and access to information for disaster mitigation and management is noteworthy

Conclusion

This article began by recognising the importance of standardised cyber discourse and identifying that, for any communication to be effective, a singular definitive point of reference that codifies the normative use of terminology needs to be in place. This is broadly the case within US documents, through the US Department of Defense’s Dictionary of Military Terms. In contrast, Australian cyber security policy and defence capability is stunted and incomplete. The meaning and use of cyber terminology is unstable and varied. These policy inconsistencies have implications for Australia’s national security and identify some of the vulnerabilities in Australia’s whole-of-nation national security outlook, raising concerns over the preparedness of Australia’s policy if confronted with a complex cyber-catastrophe.

Across Australia’s emergency response plans for specific major incidents, there is no mention of ‘cyber’. Neither the National Catastrophic Natural Disaster Plan nor Australian Government Disaster Response Plan deal

73




specifically with the nuances of a complex cyber-catastrophe and it is unlikely that these plans provide an adequate framework or coherent understanding of such an event. A country with ill-defined responsibilities and chain of command and without a response plan for a complex cyber- catastrophe becomes what Austin calls the ‘kingdom of the blind’.103 Cyber-capability in Australia remains classified but what is clearly evident is Australia’s vulnerability and lack of preparedness in the event of a complex cyber-catastrophe. Thus, there is a clear imperative for Australia to continue to develop its cyber strategy and resilience.

Further research opportunities exist with regard to a detailed analysis of cascading effects in the Australian cyber environment and the impact of changes implemented, due to recommendations made in the 2017 Independent Intelligence Review and the future development of the Department of Home Affairs.

74


About the Author

Lieutenant Jonathon Ladewig enlisted into the Australian Army in 2009 as an Infantry soldier. He served four years at the 8th/9th Royal Australian Regiment which included a deployment on Mentoring Taskforce 4 as a PMV Crew Commander. In 2013, he sought a commission through ADFA where he received prizes for best in Information Technology. He graduated RMC in 2016 into the Royal Australian Corps of Signals before returning to ADFA under the Chief of Army Scholarship Program where he completed Honours in Cyber Security. Lieutenant Ladewig is currently posted to the Electronic Warfare Wing as part of the Defence Force School of Signals.

Endnotes1. F Kaplan, 2016, Dark Territory, New York: Simon & Schuster

2. RA Clarke and RK Knake, 2012, Cyberwar: The next threat to national security and what to do about it, New York: Ecco

3. S Macdonald, L Jarvis and TM Chen, 2014, Putting the ‘Cyber’ into Cyberterrorism: Re-Reading Technological Risk in a Hyperconnected World in: Cyberterrorism : Understanding, Assessment, and Response, New York: Springer, pp 43-83

4. US Department of Defense, 2017, DoD Dictionary of Military and Associated Terms, US Department of Defense

5. G Austin, 2016, ‘Australia Rearmed! Future Needs for Cyber-Enabled Warfare’, Canberra: University of New South Wales, Canberra

6. Clarke & Knake, 2012

7. US DoD, 2017

8. D Tehan, 2016, Address to the National Press Club, ‘A Cyber Storm’, Canberra: Department of the Prime Minister and Cabinet

9. G Austin, 2017, ‘Are Australia’s responses to cyber security adequate?’, in: M Cilento, ed. Australia’s place in the world, Melbourne: Committee for Economic Development of Australia, pp 50-60, p 55

10. P Jennings and T Feakin, 2013, Special Report: ‘The Emerging Agenda for Cybersecurity’, Canberra: Australian Strategic Policy Institute, p 1

11. Austin, 2016, p4

12. G7 Foreign Ministers, 2017, G7 Declaration on Responsible States Behaviour in Cyberspace, Lucca: G7

13. NATO CCDCOE, 2017, About Cyber Defence Centre, at: https://www.ccdcoe.org/about-us.html accessed 3 Aug 2017

14. CM Keliiaa and JR Hamlet, 2010, ‘National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap’, Albuquerque: Sandia


National Laboratories, p8

15. S Mills, 2004, Discourse: The New Critical Idiom, 2nd ed Abingdon (Oxfordshire): Routledge, p 1

16. Mills, 2004, p 4

17. Mills, 2014, p 126

18. D Howarth, 2000, Discourse, Buckingham, UK: Open University Press, p128 19. NATO, 2017, pp 9-19

20. Australian Army, 2008, Australian Army Land Warfare Doctrine LWD 6-0 Signals, Canberra: Australian Army; Department of Defence, 2009 Defence White Paper - Defending Australia in the Asia Pacific Century: Force 2030, Canberra: Australian Department of Defence; S Day, 2011, Future Joint Operating Concept 2030, Canberra: Australian Defence Force; Australian Air Force, 2011, The Airforce Approach to ISR, Canberra: Australian Air Force; Attorney-General’s Department, 2012, National Strategy for Disaster Resilience: Companion Booklet, Canberra: Commonwealth of Australia; A Hawke and R Smith, 2012, Australian Defence Force Posture Review, Canberra: Australian Government; Australian Defence Doctrine Publication, 2013, Operations Series: ADDP 3.13 Information Activities, Canberra: Australian Defence Force; Australian Cyber Security Centre, 2015, ACSC 2015 Threat Report, Canberra: Australian Cyber Security Centre; Australian Cyber Security Centre, 2016, ACSC 2016 Threat Report, Canberra: Australian Cyber Security Centre; Australian Air Force, ND, Air Force Strategy 2017-2027, Canberra: Australian Air Force

21. B Karabacak, SO Yildirim and N Baykal, 2016 ‘A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness’, International Journal of Critical Infrastructure Protection, Vol 15, pp 47-59

22. US DoD, 2017, Dictionary of Military and Associated Terms; US Department of Homeland Security 2016, National Cyber Incident Response Plan, US Department of Homeland Security; US Department of Defense, 2015, The DoD Cyber Strategy, Washington: US Department of Defense; Center for Strategic Leadership, 2016, Strategic Cyberspace Operations Guide, United States Army War College, Carlisle; Australian Defence Doctrine Publication, 2013, Operations Series: ADDP 3.13 Information Activities; Australian Army, 2008, LWD 6-0 Signals; ACSC, 2015, Threat Report

23. N Fairclough, 1992, Discourse and Social Change, Cambridge: Polity Press, p 190

24. R Visker, 1992, ‘Habermas on Heidegger and Foucult: meaning and validity in Philosophical Discourse on Modernity’, in Radical Philosophy, Vol 61, pp 15-22

25. Attorney-General’s Department, 2012, National Strategy for Disaster Resilience: Companion Booklet, p 14

26. Mills, 2004, p 46

27. TA Van-Dijk, 2008, Discourse and Power, Basingstoke (Hampshire): Palgrave MacMillan, p37

28. Fairclough, 1992, p 77

29. NATO Cooperative Cyber Defence Centre of Excellence, 2012, National Cyber Security Framework Manual, Tallinn: NATO CCDCOE

30. NATO, 2012, p 191

31. NATO, 2012, p 191

32. Kaspersky, 2015, Targeted Cyberattacks Logbook, at: https://apt.securelist.com/#secondPage, accessed 30 Jun 2017

75




33. NATO, 2012, pXV

34. NATO, 2012, pXV

35. NATO, 2012, pp 9-19

36. C Stallard, 2011, ‘At the Crossroads of Cyberwarfare: Signposts for the Royal Australian Air Force’, Montgomery(Alabama): School of Advanced Air and Space Studies

37. T Feakin, J Woodall and L Nevill, 2015, Cyber Maturity in the Asia-Pacific Region 2015, Canberra: Australian Strategic Policy Institute, p 20

38. Clarke and Knake, 2012

39. Attorney-General’s Department, 2015, Critical Infrastructure Resilience Strategy: Policy Statement, Canberra: Commonwealth of Australia; Attorney-General’s Department, 2009, Cyber Security Strategy, Canberra: Commonwealth of Australia; Attorney-General’s Department, 2017, CERT Australia, at: https://www.cert.gov.au/, accessed 1 Oct 2017; Attorney-General’s Department, 2017, Critical Infrastructure Resilience, at: https://www.ag.gov.au/NationalSecurity/InfrastructureResilience/Pages/default.aspx, accessed 5 Sep 2017; Attorney-General’s Department, 2017, Joint Cyber Security Centre: Partner Organisations, Canberra: Commonwealth of Australia; Australian Cyber Security Centre, 2017, ACSC 2017, Threat Report, Canberra: Australian Cyber Security Centre; Australian National Audit Office, 2017, Cybersecurity Follow- up Audit: Across Entities (Report Number: 42 of 2016-2017), Canberra: Commonwealth of Australia; Department of the Prime Minister and Cabinet, 2016. Australia’s Cyber Security Strategy, Canberra: Commonwealth of Australia; Jennings & Feakin, 2013

40. Kaplan, 2016; P Piret, W Jesse and VK Alexander, 2016, National Cyber Security Organisation: United States, Tallinn: NATO CCDCOE; US Department of Defense, 2015, The DoD Cyber Strategy, Washington: US Department of Defense; DHS, 2016; US Department of Homeland Security, 2017, National Incident Management System, at: https://www.fema.gov/national-incident-management-system, accessed 27 Jul 2017

41. Attorney-General’s Department, Emergency response plans, at: https://www.ag.gov.au/EmergencyManagement/Emergency-response- plans/Pages/default.aspx, accessed 22 Jun 2017

42. Department of Defence, 2009

43. DHS, 2016

44. DHS, 2016

45. Department of Homeland Security, 2016, Cyber Information Sharing and Collaboration Program, at: www.dhs.gov/cisp , accessed 12 Sep 2017

46. DHS, 2016

47. Government of the United Kingdom, 2016, National Cyber Security Strategy 2016- 2021, London: HM Government, p 41

48. Clarke and Knake, 2012; Kaplan, 2016; Attorney-General, 2017

49. Attorney-General’s Department, 2015, ‘Trusted Information Sharing Network: For Critical Infrastructure Resilience’, Canberra: Commonwealth of Australia

50. Attorney-General’s Department, 2015, p 5

51. Australian Signals Directorate, 2017, ‘Australian Government Information Security Manual’, at: https://www.asd.gov.au/infosec/ism/, accessed 22 Jun 2017

52. Australian National Audit Office, 2016, ANAO Report No.37, 2015–16, Cyber

76



77



Resilience, Canberra: Commonwealth of Australia

53. Australian National Audit Office, 2016

54. Australian National Audit Office, 2016

55. Australian National Audit Office, 2017, Cybersecurity Follow-up Audit: Across Entities (Report Number: 42 of 2016-2017), Canberra: Commonwealth of Australia, p 10

56. Australian National Audit Office, 2017, p 8

57. Attorney-General’s Department, 2017, Joint Cyber Security Centre, at: https://www.jcsc.gov.au/, accessed 12 Sep 2017

58. Attorney-General’s Department, 2017

59. Australian Trade and Investment Commission, 2017, ‘Cyber Security’, Sydney: Commonwealth of Australia, p 4

60. Attorney-General’s Department, 2017, Joint Cyber Security Centre: Statement of Intent, Canberra: Commonwealth of Australia

61. Attorney-General’s Department, 2017

62. Government of the United Kingdom, 2016, p 6

63. Government of the United Kingdom, p 6

64. Austin, 2016, p 2

65. Department of Defence, 2009, p 83









74. Austin, 2016, p i

75. Austin, 2016, p 27

76. Austin, 2016, p 27; NATO, 2007, ‘The Use of Scenarios in Long Term Defence Planning’, at: https://plausiblefutures.wordpress.com/2007/04/10/the-use-of- scenarios-in-long-term-defence-planning/, accessed 16 Nov 2017

77. Austin, 2016, p 28

78. Tehan, 2016

79. Austin, 2016, p 27

80. Austin, 2016, p 27

81. US Department of Homeland Security, 2011, ‘Cyber Storm III Final Report’, Washington: July; US Department of Homeland Security, 2016, ‘Cyber Storm V Final


78


Report’, Washington: Department of Homeland Security; US Department of Homeland Security, 2016, ‘Cyber Storm: Securing Cyber Space’, at: https://www.dhs.gov/cyber-storm, accessed 23 May 2017

82. KP Newmeyer, 2012, Who Should Lead US Cybersecurity Efforts?, Prism, Vol 3, Issue 2, pp 115-126

83. UK Cabinet Office, 2016, ‘The UK Cyber Security Strategy 2011-2016 Annual Report’, London: Cabinet Office

84. TRHG Osborne, 2015, ‘Chancellor’s speech to GCHQ on cyber security’, London: HM Treasury Government Communications Headquarters

85. G Austin and J Slay, J, 2016, ‘The Australian government must take cyber security more seriously’, The Conversation, 1 Jun

86. DHS, 2011; DHS, 2016

87. Department of the Prime Minister and Cabinet, 2016; Attorney-General’s Department, 2016

88. Jaeger, J, 2012, Preparing for the inevitable Cyber-attack, Compliance Week, Apr, p 12

89. Jaeger, 2012

90. Jaeger, 2012

91. UNSW Canberra, 2017, Australian Centre for Cyber Security, at: https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/, accessed 15 Dec 2017

92. United Nations, 2005, ‘Hyogo Framework for Action 2005-2015: Building the Resilience of Nations’, United Nations

93. United Nations, 2005, p 1

94. United Nations, 2005, p 8

95. Defence Science and Technology Organisation, 2014, ‘Cyber 2020 Vision: DSTO cyber science and technology plan’, Canberra: Commonwealth of Australia, p 8

96. Council of Australian Governments, 2011, National Strategy for Disaster Resilience, Canberra: Commonwealth of Australia

97. Council of Australian Governments, 2011, p 8

98. Attorney-General’s Department, 2012, p 14

99. Mayfield and ND Cvitanic, ‘Mathematical Proofs of Mayfield’s Paradox: A Fundamental Principle of Information Security’, at: https://hackerfall.com/story/mayfields-paradox-a-fundamental-principle-of-infor, accessed 6 Sep 2017

100.Ormrod, D & Turnbull, B, 2015, ‘Toward a Military Cyber Maturity Model’, Canberra: University of New South Wales Canberra

101.Ormrod & Turnbull, 2015

102.United Nations, 2005, p 7

103.Austin, 2016


79

Asymmetric Advantage in the Information Age: An Australian Concept for Cyber-Enabled ‘Special Information Warfare’

Captain Ben Johanson

AbstractThe announcement of a new ‘Information Warfare Division’1 within the Australian Defence Force acknowledges the need for cyber-enabled warfare strategies to address the challenges of the information age.

Implementing such force modernisation demonstrates a positive, albeit belated, approach to address the disruptive nature information technology is having on the character of modern warfare. This announcement presents an opportunity for Australia’s Special Operations Command (SOCOMD) to maintain its position as the Government’s military-strategic vanguard by developing a cyber-enabled ‘Special Information Warfare’ concept. This concept will call for bottom-up action that senior Government and Defence decision makers can support through policy and doctrinal debate.

The paper frames the future operating environment and hypothesises a technologically-enabled Special Operations Task Group (SOTG) deployed against a hybrid threat, demonstrating the utility in developing a unified strategy of ‘Special Information Warfare’. Outlining Australia’s current state



Asymmetric Advantage in the Information Age: An Australian Concept for Cyber-enabled ‘Special Information Warfare’

80


of play will highlight the current gaps in policy and doctrine, demonstrating the need for a novel, asymmetric strategy. Analysis of Russia’s New Generation Warfare, Chinese Distributed Warfare and Integrated Network Electronic Warfare, and the Islamic State’s use of mass media will illuminate why Australia needs to adapt rapidly towards a strategy that can achieve ‘information dominance’ in future conflict. US cyber-enabled warfare strategies and doctrine provide an excellent point of reference to further support a unique Australian SOCOMD strategy. By benchmarking against Russia, China and the US, the political and military pressure for change can be realised, instigating debate and action aimed at implementing an innovative solution to maintain military relevance in the information age.2 Cyber-enabled ‘Special Information Warfare’ seeks to weaponise information, operationalise cyberspace effects and normalise an offensive adoption of Information Warfare within SOCOMD that spans the strategic to tactical level.

Characterising Future War & the Need for a Cyber-Enabled Asymmetric Approach

‘The evolving character of conflict that we currently face is best characterized by convergence.3 This includes the convergence of the physical and psychological, the kinetic and non-kinetic, and combatants and non-combatants.’

Frank Hoffman 4

The character of war is developing towards an increasingly lethal battlefield fought amongst population centres in both a contested and congested environment.5 The proliferation of connected devices is expected to reach fifty billion by 2020, highlighting cyberspace as a critical operational medium.6 An increased level of parity is emerging where military-technological advantage previously enjoyed by Western forces may not be so decisive in future conflict.7 Russia, China and the Islamic State have identified the importance of ‘information’ for strategic success and continue to pursue strategies to affect success in cyberspace—a realisation that has yet to reach full maturity within the Australian context. Future conflict will consist of contested norms and persistent disorder, permeating through

Asymmetric Advantage in the Information Age: An Australian Concept for Cyber-enabled

‘Special Information Warfare’

81



physical and virtual realms, necessitating an approach that combines the full suite of cyberspace capabilities with traditional physical military actions.8 These elements are explored in the following vignette.

Set no more than ten years into the future, a SOTG has been deployed at short notice against a hybrid threat consisting of military-strategic conventional forces and a surrogate proxy. The operating environment is dense and distinguishing threat actors amongst the civilian population is near impossible. This is a multi-vector, multi-front and multi-theatre battlespace where effects are generated in milliseconds across the physical, informational and human domains.9 The Commander is determined to provide niche Special Operations (SO) effects, as requested by Government, which encompass indirect10 and direct11 effects. Special Forces (SF) teams project into the operating environment, employing cyber-enabled strategies in an environment where military communications have been denied.12 Cyber-enabled SF relay voice and data in real-time across mobile, ad-hoc and wireless mesh networks that have been encrypted.13 The multi-protocol mesh networks enable communications with a surrogate partner force and will be solar powered, enabling the facilitation of lethal effects through joint enablers.14 Manoeuvring through hyper-connected dense urban populations, the SF teams employ rolling cyber-enabled ‘Movement to Contact’ tactics, like rolling penetration tests to probe local networks, and exploitation of ‘Internet of Things’ devices.15 Another technically savvy SF team infiltrates an enemy’s rear administrative area, utilising close-access waveforms, delivering a payload to spread malware throughout the adversary’s air defence systems. Disruption of the enemy’s cognitive capacity occurs in real-time as a neighbouring SF team initiates a critical influence campaign, utilising strategic reach-back capabilities to deliver cyberspace effects aimed at degenerating trust in the adversary’s C2 and logistics nodes through cyberspace. Combat advisors working with cyber-enabled partner forces utilise cyberspace tools to generate disproportionate ‘human domain’ effects, influencing a large proxy force and shaping support among the civilian populace. Meanwhile, specialists within the Operations Centre are monitoring opportunities to deliver effects in, through and external to cyberspace to disable the adversary’s ability to provide effective command and control. The combination of effects required a unified strategy that adopted an ‘information dominance’ approach. This strategy was ‘Special Information Warfare’.


82


DefiningtheProblem–Australia’s‘StateofPlay’inthe Information AgeAustralia’s establishment of an ‘Information Warfare Division’ within the Australia Defence Force (ADF) demonstrates serious consideration of cyber-enabled warfare and acknowledgement of the challenges imposed by the information age as it relates to modern warfare. The announcement indicates a workforce that will grow from 100 to 900 personnel, presenting an opportunity to spark action and debate about force design, structure, training and doctrine.16 This is a chance for the ADF to define its strategic identity regarding a cyber-enabled warfare strategy, one that can incorporate the full spectrum of information-centric capabilities across all warfighting domains. The gaps in the latest Defence White Paper’s strategic direction regarding cyber-enabled capabilities, dated Information Operations and Network-Centric Warfare doctrine, assessed task-saturation for the Australian Signals Directorate (ASD) in meeting Australia’s cyberspace capability needs, and recent announcements from the Senior Leadership Group within the ADF all merge to suggest the need for a bottom-up plan of action for an asymmetric strategy to fight future, information-centric conflict where strategic risk is at its greatest. By unpacking the current state of play in the Australian context, it will highlight how pursuing an SO concept can contribute to the ADF’s effort to maintain relevance in the information age.

The Australian Prime Minister’s announcement that an offensive cyber capability exists within the Australian Signals Directorate indicates a growing capability to produce effects in and through cyberspace.17 Liam Nevill argues that this announcement also imbues a responsibility for Defence to formulate its thinking on how such a capability will be used and how it can be employed in support of military operations.18 This carries a degree of risk whereby the whole-of-government responsibilities entrusted in ASD may lead to task-saturation and an inability to employ cyberspace effects effectively in support of full-spectrum military operations during future conflict. Ormrod and Turnbull’s Military Cyber Maturity Model (MCMM) highlights a capability progression and field of employment model for ASD into the future, indicating the potential for task-saturation in support of future military operations.

The announcement of an ‘Information Warfare Division’ lead by Major General Marcus Thompson could not have come at a more critical time



83



in the ADF’s force modernisation and will warrant innovative solutions in adopting asymmetric advantage with a relatively modest defence force.20 Since 2003, Australia’s military capability development has been geared towards the concept of Network Centric Warfare (NCW).21 This approach is likely to be surpassed as Australian senior leadership seeks to align modern strategy against the newly-defined US Multi-Domain Battle (MDB) concept.

Senior military figures within the ADF have commented on the challenges posed by the information age and the need to include cyber-enabled effects, yet have been unable to clearly define a unified strategy. Brigadier David Wainwright, Director General Land Warfare, during a panel discussion at the Williams Foundation seminar on integrated force design, commented:

…future land forces will face unprecedented levels of complexity in cluttered, congested, hyper-connected and lethal future operating environments… where the additional layers of informational and


Figure 1. ASD Military Cyber Maturity Model (variation by Major Conway Bown).

See the Endnotes for the various stages of the model. 19

84


human complexity further complicate traditional geo-physical challenges.22

A slide from the presentation captures the key challenges presented to the land force, which provides a foundation for discussion on the need for a novel Australian SO concept. ‘Information Activities’ is the traditional Australian doctrinal approach to operations in the Information Environment (IE),24 documented in ADDP 3-13 Information Activities, 2013. It does not include cyberspace effects in great detail, as should be expected given the highly compartmented and relatively under-developed cyberspace capabilities within the ADF, particularly in comparison to the US, Russia and China. This doctrine presents an opportunity for concept development given the recent announcement for organisational change within the ADF towards a cyber-enabled warfare capability. It also serves as a reminder that Australia currently sits well below the base-line in comparison to the



Figure 2. A slide from Brigadier Wainwright’s presentation at the Williams Foundation

seminar 2017 (Image recreated by Major Conway Bown) 23

85



expanse of open-source US doctrine and strategy documents, highlighting the need for more open engagement and discussion to harness lessons learned by our principal partners.

Australia’s reaction to the challenges imposed by technological proliferation in the information age can be summarised as slow at best. A number of challenges face the ADF as it attempts to identify a pathway to success for a new ‘Information Warfare’ workforce. It has become apparent through open debate by ADF’s senior leadership that cyber- enabled, information-centric strategies that achieve supremacy across the physical, informational and human dimensions will be critical to future military advantage. As the Australian Army’s former Commander-Forces Command, Major General Gus Gilmore commented at an address to the Royal United Services Institute:

‘Cyber opportunities and risks must be an ongoing discussion. We have only scraped the surface of what this disruptive technology offers to us, and what combat vulnerabilities it exposes. The value and availability of information is changing, and through the modernisation process we must ensure that we are structured to maximise the benefits and mitigate the risks of the cyber and digital revolution.’ 25

Additionally, as former Chief of Army, Lieutenant General Angus Campbell stated in his address at the Lowy Institute:

‘…the Australian Army is aware of the need for a change in approach. The Defence White Paper sets us a challenge well beyond the continental force of today. Some things we can see now. The linear progression of typical military practice is an uncertain path; our security interests in the 21st Century Indo- Pacific will require ‘multiple domain’ thought and action. We also know that we cannot rely on technology alone. Technology works best when enabling or partnering human endeavour.’ 26

Statements from ADF’s senior leaders highlight an appetite for ground-up action within Defence, invoking greater debate around a strategy capable of spearheading a complementary asymmetric approach in support of


86


the newly established ‘Information Warfare Division’. Such a strategy is suggested for the Australian SO community, which can serve as a test- bed for a concept of ‘Special Information Warfare’, where the importance and centrality of the IE in executing technologically-enabled direct and indirect special operations in support of a Joint Force Commander can be realised. Such a concept acknowledges that future warfare will remain a human endeavour and as such requires an approach where cyber-enabled effects in the IE are nested with operations in the physical dimension. As Australia is in its preliminary phase of capability development, several lessons can be gleaned by understanding adversary and potential adversary capabilities being employed and developed by Russia, China and the Islamic State, among others.

The Rise of the Hybrid Threat and Information- Centric ChallengesRussian and Chinese military doctrine continues to evolve with a clear appreciation of ‘information dominance’ as key for modern military success. Russian synchronised political, diplomatic, military kinetic, cyberspace, SO, surrogates and mass information operations characterise a contemporary hybrid threat worth studying and presents an indication of how Australia may have to fight in future conflicts.27 The Ukraine conflict demonstrates a contemporary example where Russia employed an asymmetric strategy that successfully synergised cyberspace effects with traditional physical actions.28 A battle in cyberspace raged on, with secure communications being hacked, telecommunication lines severed, Distributed Denial of Service (DDoS) attacks targeting government websites, offensive cyberspace effects penetrating financial and military institutions contributing to large-scale civil unrest.29 The strategy of New Generation Warfare, or ‘hybrid warfare’ as it is defined by the West, was adapted by General Valery Gerasimov, the Russian Chief of General Staff, and employs ‘indirect action, informational campaign, private military organisations, SO Forces, and internal protest, backed by the sophisticated conventional and nuclear military capabilities’.30 This strategy combines a 1980s reconnaissance-strike approach aimed at disrupting Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR [or C4ISTAR when Target Acquisition is added to the capability]) systems with non-kinetic Electronic Warfare and maskirovka - Russian military deception



87



doctrine which focuses on denial, deception, disinformation, propaganda, camouflage and concealment.31 Figure 3 represents the synergy between technological and psychological effects which underpins the New Generation Warfare approach.

Advancements in Chinese ‘distributed warfare’ acknowledge the benefit of cyber-enabled strategies at lower level formations, widely dispersed to achieve strategic effects in distant theatres.32 This strategy should resonate with any modern military, whereby the application of cyberspace effects in support of disaggregated land forces, aimed at achieving superiority in the IE, give cause for new thinking. China has also nested cyberspace and electromagnetic spectrum capabilities at the strategic level, under the concept of Integrated Network Electronic Warfare (INEW) and aimed at disrupting an adversary’s ability to process and use information.33 While the Chinese People’s Liberation Army (PLA) has moved slowly to adapt to the opportunities presented during the information age, it has studied the US war machine and is developing inter-service capabilities that encompass advanced command and control systems and technologically advanced C4ISTAR capabilities able to ‘fight and win localised wars under informatised conditions’.34 The Chinese approach to cyberspace operations, and


Figure 3. Russian ‘New Generation Warfare’ Strategy (Image derivative by Major Conway Bown)

CYBER/EW

RECON/STRIKE MASKIROVKA

PSYOPS/DECEPTION

TECHNICAL EFFECTS

PSYCHOLOGICAL EFFECTS

88


information warfare more broadly, is likely to reach maturity within the next ten years. While this may seem like a distant future, it presents a case-study of high importance for any middle power where flashpoint conflicts involving cyberspace, human and physical domain battle may eventuate at short notice.

State-based capability development is also coupled with the Islamic State’s employment of cyberspace, particularly social media platforms, to spread violent extremist propaganda. The ability to shape and influence a global audience, mobilise willing Islamic fundamentalists across international borders, facilitate lethal aid and exercise command and control by issuing orders through cyberspace presents an international problem that spans the political, strategic, operational and tactical levels of conflict. A key lesson is the use of mass media and social media platforms to influence a global audience towards a common cause, demonstrating superiority in the ‘contest of wills’. Former Prime Minister Malcolm Turnbull commented in an address in Washington DC that the Coalition was losing the battle of the narrative in cyberspace.35 This statement alone indicates the need for novel, asymmetric strategies that employ cyberspace capabilities nested with standing military options to shape and influence through cyberspace against potential state and non- state adversaries.

The future operating environment will include a hybrid threat landscape in which the physical and virtual environments will converge. Among others, Russia, China and the Islamic State offer timely lessons from which Australia can learn in the development of organic information-centric strategies. The lessons combine to form a foundation of understanding, which is further reinforced by acknowledging the pace-setting contribution of the United States.

A Comprehensive Approach – The US and Multi Domain Battle, Cyberspace Superiority and Special Operations

Throughout the history of warfare, militaries have sought advantage through actions intended to affect the perception and behaviour of adversaries. Information is such a powerful tool, it is recognized as an



89



element of U.S. national power – and as such, the Department must be prepared to synchronize information programs, plans, messages, and products as part of a whole-of-government effort.

Former US Secretary of Defense, Ash Carter 36

A combination of open-source US strategic direction and doctrinal documents provides a sound foundation that supports the development of an Australian concept of ‘Special Information Warfare’. The US has realised that technological parity in the information age is increasing, leading to the introduction of the Third Offset Strategy. Multi Domain Battle has emerged in response to the Third Offset Strategy, addressing a cross-domain, holistic approach to fight and win future conflict against a peer adversary. US Special Operations Command’s (USSOCOMD) involvement includes an increase in Special Warfare, operating in the Grey Zone short of traditional armed conflict. The conventional and SO strategies are both underpinned with an increased integration of cyberspace effect operations.

The MDB concept defines an approach for combat operations targeted against a peer adversary in the 2025-2040 timeframe.37 The MDB concept acknowledges the overlapping and interconnected nature of the land, sea, air and space domains with the human and cyber domains.

This operational approach acknowledges the centrality and importance of achieving ‘information dominance’ both in and through cyberspace. The characterisation of a future involving contested norms and persistent disorder places significant emphasis on cyberspace, the IE more broadly, and the cognitive components of warfare.38

In understanding the MDB concept, future strategic direction can be understood as it applies to the ADF. Lieutenant General Angus Campbell recently addressed the Lowy Institute, presenting a clear indication that future Australian joint operations in the littoral would resemble the characteristics of US MDB:

Innovation in today’s non-geographically bound domains – air, space and cyber – is driving connectivity and complexity across the Indo-Pacific region. It’s bringing the region closer and more tightly networked. And I think it means the idea of ‘an army for a multiple-


90


domain strategy’ rather than only for a ‘maritime strategy’ might be a more useful holistic concept… We need to generate, coordinate and anticipate multiple cross-domain actions and reactions… Perhaps future conflict in the Indo-Pacific will require greater thought about the development and use of indirect approaches. Our security interests in the 21st Century Indo-Pacific will require ‘multiple domain’ thought and action. We also know that we cannot rely on technology alone. Technology works best when enabling or partnering human endeavour. 39

The last two decades have instigated transformation within the US Army in its application of Information Operations doctrine, simply because the nature of information and its availability has evolved so rapidly.40 The US Department of Defense (DoD) defines Information Operations as the ‘integrated employment, during military operations, of Information-Related Capabilities (IRCs)41 in concert with other lines of operations to influence, disrupt, corrupt, or usurp the decision-making of adversaries and potential adversaries while protecting our own’.42 Highlighting cyberspace operations as a sub-component within information operations further exemplifies the importance of an over-arching ‘Information Warfare’ concept that unifies the effects generated in and through cyberspace.

A newly released publication is the US Army’s FM 3-12 Cyberspace and Electronic Warfare Operations 2017. It states that the US Army conducts cyberspace and EW operations in the IE, which includes the physical, informational and cognitive dimensions.43 FM 3-12 highlights the relationship cyberspace has with the IE by describing the cyberspace layers, which includes the physical network layer, logical network layer and cyber-persona layer.44 This relationship proves important when understanding the connection between cyberspace and the human domain, and between physical and virtual effects which continue to converge. Figure 4 highlights the level of connectedness a soldier has on today’s modern battlefield through the cyber-persona layer, which in turn provides an opportunity to provide effects in and through cyberspace in support of a higher ‘information dominance’ strategy.The US DoD Strategic Cyberspace Operations Guide 2016 stresses how complementary cyberspace operations enhance physical domain effects as well as supporting other IRCs.46 This publication highlights the relationship of cyberspace operations when supporting information operations, which focuses on the denial or manipulation of enemy and



91



potential adversary decision making.47 Further detail highlights effects which may include targeting an information medium (such as a wireless access point in the physical domain), the message itself or a cyber- persona (an online identity co-ordinating C2 decision making and the dissemination of propaganda).48

Another powerful capability is the strategic reach-back support offered by organisations such as United States Cyber Command (USCYBERCOM) and its sister organisation, the National Security Agency (NSA), which can be compared to the Australian Signals Directorate. The recent release of USCYBERCOM’s ‘Beyond the Build’ envisions a Joint Force of 2020 where Cyberspace Operations are fully integrated and are a natural precursor for any future land, maritime, air and space-based operations.49 US Army Cyber Command’s (ARCYBER) Land Cyber White Paper 2018 - 2030 presents a foundational argument where innovative integration of land and cyberspace operations at all levels of conflict is a necessity for future success in war. The convergence of land and cyberspace operations continues to inform a model applicable in the Australian context, where a complex operating environment requires increased interdependence, disaggregation and an ability to operate over strategic distance in disrupted and denied environments.50


Figure 4. Layers of Cyberspace in the US context 45

92


The establishment of US ARCYBER in 2010 has provided a significant amount of time to develop cyberspace operations in support of joint land forces. Australia can benefit from a slow start and the application of lessons learned can be applied modestly in support of a holistic strategy with ‘information dominance’ at its core. US cyberspace operations highlight effects in, through and external to cyberspace that can be synchronised to achieve desired operational objectives against an adversary’s decision-making process. These actions ‘in’ cyberspace can be used to disrupt an adversary’s information, information systems or networks.51 Operations ‘through’ cyberspace can include standard joint functions to maintain operational functionality such as command and control, intelligence, fires, manoeuvre and sustainment functions.52 Figure 5 illustrates how effects can be generated in, through and external to cyberspace.

The deeper dimension of US cyber-warfare that extends beyond information

operations or cyber-effect operations can be seen in the expansive amount of information-centric doctrine, publications and public debate which places a premium on prompt ‘information dominance’.53 Cyberspace operations continue to serve as a subordinate component to a broader Information Warfare strategy, yet are fundamental when considering a unique ‘Special



Figure 5. Example of Cyber Effects in the US context 54

93



Information Warfare’ concept. A truly powerful combination is Cyberspace Operations, as part of a broader Information Warfare strategy, mixed with the potent direct and indirect capabilities of Special Operations Forces.

Figure 6. USASOC mission sets 58

A history of cyberspace effects in support of US special operations can be traced back to 2007, where a Computer Network Operations Squadron was raised to support SF operators during the Iraq War.55 United States Army Special Operations Command (USASOC) Army Special Operations Forces (ARSOF) 2022 White Paper provides a key point of reference to support the development of a ‘Special Information Warfare’ concept that suites the modest size of Australia’s Army and especially Australia’s SO community. USASOC’s delineation between Special Warfare56 and Surgical Strike57


94


presents an opportunity to develop a synchronised ‘Special Information Warfare’ concept that bridges the gap between the two mission sets. The figure above provides an insight into USASOC’s two forms of special operations and their mutually supporting relationship.

ARSOF 2022 stresses the importance of identifying innovative ways to execute Find, Fix, Finish, Exploit, Analyse and Disseminate (F3EAD) targeting operations59 as part of its surgical strike capability, as well as building and fostering relationships in the human domain as part of its Special Warfare capability. ARSOF 2022 highlights how both concepts require a mastery of the cyber domain for future success, where Army SF personnel will be trained in cyber operations and have an ability to utilise cyberspace to enable operations.60 ARSOF 2022 covers potential solutions which include the formalisation of cyberspace synchronisation, manning, training and capability development across USASOC. Lastly, not only are offensive and defensive cyberspace capabilities included, but the increasing emergence of smart phones, mobile devices and social media and the capabilities they provide to influence campaigns.61

Given Australia’s comparatively small SO community, a concept of ‘Special Information Warfare’ that can blend cyberspace operations with human domain operations is worth investigating. This would enable Australian SOCOMD to spearhead an ‘information-centric’ warfighting strategy that takes advantage of the lessons learned from the US example, the opportunities presented by the information age and better align to the trends of future warfare.

‘Special Information Warfare’ – A Cyber-Enabled Special Operations Strategy for the Australian Defence Force

Machines don’t fight wars. Terrain doesn’t fight wars. Humans fight wars. You must get into the mind of humans. That’s where the battles are won.



Colonel John Boyd 62

95



The Australian Government depends on the SO community to provide SO effects through direct and indirect means in politically and strategically sensitive operating environments.63 An example of the direct approach includes the Direct Action (DA) missions conducted by Australia’s SOTG to target insurgent leaders in Afghanistan.64 The indirect approach includes Australia’s strong history in training indigenous partner forces, most recently demonstrated in a SOTG’s ‘advise and assist’ mission to support the Iraqi Counter Terrorism Service during the battle to retake Mosul from Islamic State militants.65 Australia’s SO community provides an important military option for Government, which includes options that cannot be undertaken by conventional forces, such as inserting at strategic distances behind enemy lines or in a theatre where there are no lines at all.66

Traditional SO mission sets will not be exempt from the evolving nature of modern warfare caused by the information age. Contemporary applications of the direct and indirect approach require adoption of ‘best practice’ methods aimed at maintaining a capability-edge over adversaries that are actively seeking to modernise using emerging disruptive technologies.67 The announcement of an Australian ‘Information Warfare Division’ presents an opportunity to instigate debate amongst policy-makers and the senior Defence leadership as well as action through bottom-up development of capability that acknowledges the centrality of ‘information dominance’. The concept of cyber-enabled ‘Special Information Warfare’ is a potential solution. Colonel Boyd’s quote is a timely reminder that the human factor will continue to underpin actions in, through or external to cyberspace and should be considered when addressing a holistic strategy geared towards ‘information dominance’. War will continue to be fought for the people and amongst the people in a contest of wills.

The vision for ‘Special Information Warfare’ is to develop technologically- enabled, human terrain-oriented SOF tethered to strategic enablers that are capable of projecting power and influence in, through or external to cyberspace to target the cognitive decision-making of an enemy, potential adversary or designated stakeholder. Figure 7 highlights a conceptual vision, effects and desired end-state.

At a fundamental level, the concept of ‘Special Information Warfare’ can be defined as a blend between special warfare and surgical strike,


96


harnessing the capabilities of cyberspace operations with traditional notions of information operations, with a unique relationship to the human domain. The term has been chosen specifically to break the model of traditional ‘information activities or operations’ and reinforce the necessity to evolve a cyber-enabled SO concept as an offensive form of warfare that accentuates the importance of ‘information dominance’. Australian SOF represents a suitable force element for such a capability that employs small-scale, disaggregated forces over strategic distance empowered with cyber-enabled tools in contested and congested operating environments.

The USASOC ARSOF 2022 mission sets diagram provides a foundation to nest the ‘Special Information Warfare’ concept as a third SO mission set. The adapted diagram below aims to spark further debate on how policy-makers and senior leadership can harness an asymmetric strategy that compliments current Australian SO mission sets.

For any new capability to succeed, it needs two things. The first is a name and the second is a home. This could take the form of a ‘Special Information Warfare Branch’ which could reside within the newly established ‘Information



VISIONTechnologically-enabled, humanterrain orientedSOF tethered to

strategic enablersthat are capable

of projecting power and influence in,

through or external to cyberspace to

effect the cognitive decision-making

of an enemy, potential adversary

or designated stakeholder

END STATEAdversary ordesignated

stakeholder’sability to generate

effective C4ISR hasbeen defeated in,

through and external to

cyberspace. Thecognitive capacityis degraded to a

point where military effects

across alldomains cannot

be achieved.

‘IN’ CyberspaceOffensive Cyberspace Operations

Alter Adversary Data Used forDecision Making

‘THROUGH’ Cyberspace‘Weaponising Information’

Social Media Analysis and ExploitationTargeting of Adversary of Designated

Stakeholder Shape and Influence

‘EXTERNAL TO’ CyberspaceKinetic action to target Adversary C4ISR

networks

SPECIAL INFORMATION WARFARE - VISION, EFFECTS AND ENDSTATE

Figure 7. Special Information Warfare Vision, Effects and End-State

97



Warfare Division’ to support raise, train, sustain and capability development functions. Brigadier Jason Blain, Director- General Force Options and Plans, Force Design Division, recently presented the various capability programs within Defence at the Williams Foundation seminar on integrated force design. The presentation highlighted six capability streams across the core warfighting functions, presenting an opportunity to nest ‘Special Information Warfare’ under the Intelligence, Surveillance, Reconnaissance and Electronic Warfare (ISREW), space and cyber capability stream within Joint Integration. The responsibility would reside within Vice Chief of the Defence Force Group (VCDF Group) and seek to provide the link between the ‘Warfighting Innovation’ and ‘Asymmetric Response’ capability programs.69 This suggestion is coupled with an acknowledgement that the concept of ‘Special Information Warfare’ would require further ground-up action within SOCOMD’s tactical units.

To provide further detail to spark debate and inform action, the ‘Special Information Warfare’ force design would include a tailored and tethered workforce, where operational effects are provided from the strategic to tactical level. The broader cyberspace workforce debate is a largely unanswered question and the suggested ‘Special Information Warfare’ force design is aimed to complement broader workforce modernisation within the ADF. Figure 9 provides a prospective force design model as to what could constitute a ‘Special Information Warfare’ capability.

The Special Information Warfare Force Design includes the development of a Tactical Special Information Warfare Operator (SIWO). A Tactical SIWO is a Special Forces soldier who has received cyberspace awareness, influence and information operations training and is able to effectively utilise cyberspace tools to influence in, through and external to cyberspace. The cyberspace awareness training would focus on the physical layer of cyberspace, facilitating a tethered approach where proximity and access to prospective targets in denied areas can be brought into effect through coordinated reach-back. Additional training in the cyber-persona layer to shape and influence partner forces, surrogates and the populace would also occur.

A Technical SIWO is a Signals Corps soldier, who has received advanced technical training in the application of offensive cyberspace tools to provide support at the tactical level. The relationship between the Tactical SIWO and Technical SIWO is complementary as the Special Forces soldier would


98




SPECIAL WARFARE(UW / TAA / PGW)

SURGICAL STRIKE(DA / SR / CT / SRO)

SPECIAL INFORMATION

WARFARE

FORAS ADMONITIO

UW TAA PGW DA SR CT SRO

SURGICAL STRIKE

SPECIAL WARFARE

SASR 1CDO 2CDOSpecial Information Warfare across full spectrum

Figure 8. Special Information Warfare Force Design showing the seven core SF functions within surgical strke and special warfare domains. (This diagram has been derived from the author’s by Major Conway Bown)

bridge the human domain whilst the Signals Operator would specialise in technical skills.

A SIWO planner is an officer, warrant officer or senior non-commissioned officer (SNCO) position consisting of Intelligence, Signals or Arms Corps. The SIWO planners will have received an information operations and cyberspace operations-centric curriculum coupled with influence and critical thinking training. The SIWO planner position is nested at the tactical, operational and strategic operations centres where detailed planning occurs

99



and would require a headquarters staff designation.

The strategic reach-back includes a formalised relationship with the ASD and the broader Australian intelligence community. Additionally, the raising of a Military-Civilian Cyber Corps is included, which is suggested for broader discussion as an enabler to support the full suite of military cyberspace operations. The unique nature of this strategy is the generation of SO effects (both direct and indirect) in, through and external to cyberspace under a unified theory aimed at achieving ‘information dominance’.

An operational design focused on SO effects utilising the indirect approach has been recommended to further instigate debate which focuses on influencing an adversary, population and partner or surrogate force aimed at achieving cyber-enabled relative superiority.70 SOF are well suited to wage influence campaigns given their niche cultural skills and access to surrogate or partner ‘special’ forces during a conflict.71 Enablement with cyber-tools to maximise influence through social media will only enable greater influence and access. Figure 10 provides a point of reference for the concept of ‘Special Information Warfare’ utilising the indirect approach during Phase


Figure 9. Special Information Warfare Force Design (This image has been derived from the author’s and has been created by Major Conway Bown)

100




Zero operations.

As the adversary is weakened, and the partner force demonstrates increasing capability, the point of cyber-enabled relative superiority is achieved and a transition occurs to focus military effort on rebuilding the confidence and capability of the indigenous partner force, maintaining positive support from the population and degrading the remaining adversarial threat.

While future cyber-warfare and the contest for ‘information dominance’ may require more keyboard warriors, small-scale SOF operating at strategic distances in congested and contested environments will be necessary for future success. Enabling such forces with an ability to operate with a technological advantage in, through and external to cyberspace, as well as the ability to interface with strategic cyber-warfare capabilities, will provide battlespace situational understanding and effects that cannot be achieved by any other force. Conclusion

The creation of an ‘Information Warfare Division’ within the ADF highlights an evolving understanding of the importance for cyber-enabled warfare strategies. While Australia has much ground to cover in comparison to pacesetting countries like the US, Russia and China, it demonstrates much needed progression. Australia’s modest defence force warrants niche, novel and asymmetric solutions to meet the demands of the information age and calls for modernisation within its ranks. A concept of cyber-enabled ‘Special Information Warfare’ seeks to spark action and debate amongst policy makers and senior Defence leadership, presenting a technologically and socially aware SO option to address future conflict where strategic risk is at its peak. A congested, contested future operating environment riddled with persistent disorder, amongst hybrid adversary threats that have adopted information-centric strategies and hyper-connected population centres necessitates a commensurate asymmetric approach. Through indirect and direct special operations enabled with technological means at strategic distance, tethered to strategic joint enablers and capabilities, Australian SOCOMD can contribute to Australia’s Information Warfare capability, maintaining relevance in an era where technological parity continues to rise.

101




Figure 10. Special Information Warfare – Achieving cyber-enabled relative superiority. (This image is derived from the author’s and was created by Major Conway Bown)

DW

SHAPING ACTIVITIESDETERRING ACTIVITIES

SEIZING THE INITIATIVE

ACTIVITIES

DOMINATINGACTIVITIES

STABILISINGACTIVITIES

ENABLING CIVILIAN AUTHORITY ACTIVITIES

1 2 3

Phase 1Deter

Phase 0Shape

Phase 2Seize

Initiative

Phase 3Dominate

Phase 4Stabilise

Phase 5Enable

CivilAuthority

1 OPORDAPPROVED

2 OPORDACTIVATED

3 OPORDTERMINATED

ACHIEVECYBER-ENABLEDRELATIVE SUPERIORITY

102


About the AuthorCaptain Ben Johanson is an Army officer with particular interests in Special Operations strategy and application in future conflict, and the relationship between Special Operations and Cyberspace Operations. He is currently studying a masters degree in Cybersecurity, Strategy and Diplomacy.

Endnotes1. The ABC’s Ashlynne McGhee released an exclusive report highlighting ‘a major

transformation’ within the Australian Military with the announcement of a new Information Warfare unit to be established within the ADF. A McGhee, 2017, ‘Cyber Warfare Unit Set to be Launched by Australian Defence Forces’, at: http://www.abc.net.au/news/2017-06-30/cyber-warfare-unit-to-be-launched-by-australian-defence-forces/8665230. accessed 1 Jul, 2017.

2. G Austin, 2016, ‘Middle Powers and Cyber-Enabled Warfare: The Imperative of Collective Security’, at: http://www.unsw.adfa.edu.au/australian-centre-for-cyber- security/sites/accs/files/uploads/DISCUSSION%20PAPER%20Middle%20Powers% 20REARMED%2027%20Jan%202016.pdf, accessed 12 Jun, 2017

3. ‘Convergence’ relating to cyberspace is further explained in the US Army TRADOC Cyber ‘Army 2050, Report 2016’, “The consequent attribute of the cyber future will be convergence… between land and cyberspace operations. … between all the legacy domains, as cyberspace constitutes the connective ether that readily transfers effects from one domain to another … between time and space as enhanced information and communication technologies decrease the time and expand the reach of cyber actions … between electromagnetic (EMS) and cyberspace action … between defensive and offensive cyberspace operations to ensure one function informs the other … between information management (IM) and knowledge management (KM) as large data is leveraged to achieve advantage … between Army operational and institutional activities, creating an unprecedented level of interaction where operations impact institutional activities and vice-versa.” US Army TRADOC, 2016, The 2050 Cyber Army, at: https://www.google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja &uact=8&ved=0ahUKEwiitOqQpqHUAhXHjZQKHWUXAzYQFgguMAI&url=https%3 A%2F%2Fcommunity.apan.org%2Fcfs-file%2F key%2Ftelligent-evolution- components-attachments%2F01-9016-00-00-00-13-82-05, accessed 18 Jun, 2017, pp 45-46

4. F Hoffman, 2009, ‘Hybrid Warfare and Challenges’, at: http://smallwarsjournal.com/documents/jfqhoffman.pdf, accessed 17 Jun, 2017, p 34

5. M Pomerleau, 2017, ‘The Relationship Between Third Offset Strategy and Multi- Domain Battle’, at: http://www.c4isrnet.com/articles/the-relationship-between-third- offset-strategy-and-multi-domain-battle, accessed 10 Jun, 2017

6. R Brown, 2017, ‘The Indo-Asia Pacific and the Multi-Domain Battle Concept’, at: https://www.army.mil/article/184551/the_indo_asia_pacific_and_the_multi_domain_ battle_concept, accessed 9 Jun, 2017



7. J McGrath, 2016, ‘21st Century Information Warfare and the Third Offset Strategy’, at: http://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-82/jfq-82_16- 23_McGrath.pdf. Accessed Jun 12, 2017, p 17

8. US Army TRADOC, 2016, p 4

9. G Austin, 2016, Shaping the Cyber Arms Race of the Future, at: https://www.unsw.adfa.edu.au/australian-centre-for-cyber- security/sites/accs/files/uploads/Shaping%20Cyber%20Arms%20Race%20of%20th e%20Future.pdf, accessed 10 Jun, 2017

10. The indirect approach is defined as Special Warfare in the US context, referring to the “execution of activities that involve a combination of lethal and nonlethal actions taken by a specially trained and educated force that has a deep understanding of cultures and foreign language, proficiency in small-unit tactics, and the ability to build and fight alongside indigenous combat formations in a permissive, uncertain, or hostile environment”. Proxy Guerrilla Warfare, Special Support Operations (Train/Advise/Assist and Advance Force Operations including Information Operations), and Support Operations constitute the indirect approach in the Australian context. A Davies, 2014, A Versatile Force: The Future of Australia’s SO Capability, at: https://www.aspi.org.au/publications/a-versatile-force-the-future-of- australias-special-operations-capability/Special_operations_capability.pdf, accessed 16 Jun, 2017, pp 10-11

11. The direct approach is defined as surgical strike in the US context, referring to the “execution of activities in a precise manner that employ special operations in hostile, denied or politically sensitive environments to seize, destroy, capture, exploit, recover or damage designated targets, or influence adversaries or threats”. Special reconnaissance, precision strike/direct action and special recovery operations constitute direct actions in the Australian context. A Davies, 2014, pp 9-10

12. P Duggan, 2016, ‘To Operationalise Cyber, Humanize the Design’, at: http://smallwarsjournal.com/jrnl/art/to-operationalize-cyber-humanize-the-design, accessed 9 Jun, 2017, p 2

13. Duggan, 2016, p 2

14. Duggan, 2016, p 2

15. Duggan, 2016, p 2

16. McGhee, 2017

17. L Nevill, 2016, ‘Thinking Deeper About Australia’s Offensive Cyber Capability’, at: https://www.aspistrategist.org.au/thinking-deeper-about-australias-offensive-cyber- capability/, accessed 14 Jun, 2017

18. Nevill, 2016

19. D Ormrod and B Turnbull, 2015, ‘Toward a Military Cyber Maturity Model’, at: https://www.unsw.adfa.edu.au/australian-centre-for-cyber- security/sites/accs/files/uploads/Military%20Cyber%20Maturity%20Model%20v1.pdf, accessed 10 Jun, 2017.

Due to space limitations in the text, the individual constructs of each step in the Military Cyber Maturity Model could not be included. They are provided here instead.

1. Basic Awareness of Cyberspace: •ASD Top 4, •A focus on providing services to users, security as a cost of business •Patching through physical action, •Basic training in cyber-security for all personnel.

2. Information Assurance: •ASD Top 35, •Ability to detect system attacks, •Automated patching, •Cyber-systems census included in battle preparations at the unit level, including social media profiles, individual wearables, mobile phones and IoT-enabled devices, •Security audits conducted on high value supply chains and software code, •Training for all personnel.

103




3. Information Superiority: •Cyber red teaming by dedicated assets and regular attack exercises, •Ability to dynamically manage the network under attack, •Independent security audits of the supply chain, software code and active networks, •Training for all personnel in cyber-security using simulation and active learning, •CERT and forensic capabilities at the Brigade level, •Cyber integrated ino combined arms teams

4. Behavioural Defence: •Utilising honey nets and honey pots and information deception to defend networks in conjunction with active and passive toolsets, •Dedicated assets tasked with providing false networks, reports, electronic emissions and data down to company/squadron level, •Integration of cyber and physical deception plans with kinetic action, •The ability to revert to alternative services and maintain a basic level of operational capability when systems are compromised.

5. Mission Assurance: •Cultural transition from the information assurance/superiority paradigm to mission assurance, •Degeneracy provides the ability to respond to shock and catastrophic system attacks, •All personnel trained to ‘work around’ digital systems as a part of normal business, •Deception plans and counterintelligence measures are carefully integrated with the false movement of troops and the employment of networks that transmit false data, •Training on information security parallels training on deception, • Training and regular exercises in ‘actions on’.

20. McGhee, 2017

21. A Davies and M Davis, 2016, ‘ADF Capability Snapshot 2016’, at: https://www.aspi.org.au/publications/adf-capability-snapshot-2016-c4isrwinning-in- the-networked-battlespace/SI107_ADF_capability_snapshot_2016_C4ISR.pdf, accessed 6 Jun, 2017, p 3

22. R Laird, 2017, ‘Designing the Integrated Force’, at: http://www.sldinfo.com/designing-the-integrated-force-the-australian-defense-force- repositions-for-the-next-phase-of-21st-century-force-structure-development/, accessed 16 Jun, 2017

23. Laird, 2017

24. US Army Publication FM 3-12 defines the Information Environment as the aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information which is drawn from the US Joint publication, JP 3-13

25. G Gilmore, 2016, ‘Raising and Training the Australian Army’, at http://www.rusinsw.org.au/Papers/20160628.pdf, accessed 2 Jun, 2017, p 12

26. A Campbell, 2016, ‘Address to the Lowy Institute’, at: https://www.army.gov.au/sites/g/files/net1846/f/speeches/20161004_ca_address_lo wy_institute_4_oct_16_edited_1500_4_oct.pdf, accessed 7 Jun, 2017

27. USASOC, 2017, USASOC White Paper, at: http://www.soc.mil/USASOCTalks/Expandingmaneuver21Century.html, accessed 16 Jun, 2017, p 2

28. M Nordmoe, 2015, ‘The Ghost in the Machine: Defining SOF in Cyberspace’, at https://www.academia.edu/12465632/The_Ghost_in_the_Machine_Defining_Special

_Operations_Forces_in_Cyberspace, accessed 10 Jun, 2017, p 69

29. Nordmoe, 2015, p 70

30. D Adamsky, 2015, ‘Cross-Domain Coercion: The Current Russian Art and Strategy’, Institut Francais des Relations Internationales, at: http://www.ifri.org/sites/default/files/atoms/files/pp54adamsky.pdf, accessed 27 Apr 2017, pp 22-23

31. Adamsky, 2015, pp 27-28

32. Austin, 2016, p 7

33. E Lasiello, 2015, ‘Are Cyber Weapons Effective Military Tools?’, at: http://www.inss.

104




org.il/he/wp-content/uploads/sites/2/systemfiles/2_Iasiello.pdf, accessed 9 Jun, 2017, p 25

34. G Austin, 2016, Australia Rearmed! Future Needs for Cyber-Enabled Warfare, ACCS Discussion Paper No 1, at: https://www.unsw.adfa.edu.au/unsw-canberra- cyber/sites/accs/files/uploads/DISCUSSION%20PAPER%20AUSTRALIA%20REAR MED.pdf, p 10

35. M Turnbull, 2016, Australia and the United States: New Responsibilities for an Enduring Partnership, at: https://www.pm.gov.au/media/2016-01-18/australia-and- united-states-new-responsibilities-enduring-partnership, accessed 18 Jun, 2017

36. US DoD, 2016, Strategic Cyberspace Operations Guide, at: https://publicintelligence.net/usarmy-strategic-cyber-ops/, accessed 1 Jun, 2017



39. Campbell, 2016

40. US Army, 2016, FM 3-13 Information Operations, at: http://www.apd.army.mil/epubs/DR_pubs/DR_a/pdf/web/FM%203- 13%20FINAL%20WEB.pdf, accessed 14 Jun, 2017, p vi

41. An IRC is a tool, technique or activity employed within the Information Environment that can be used to create operational effects and conditions. Other IRCs include Military Deception, Military Information Support Operations (MISO), Leadership Engagement, Civil Affairs, Combat Camera, Operations Security (OPSEC), Public Affairs, Cyberspace Electromagnetic Activities, Electronic Warfare, Cyberspace Operations, Space Operations and Special Technical Operations. US Army, 2016, pp 2-3

42. US Army, 2016, p 1

43. To further describe the three dimensions that make up the Information Environment, the Physical Dimension includes the tangible network elements, communications networks, information systems and network infrastructures. The Informational Dimension consists of information itself, which acts as the link between the physical and cognitive dimensions. The Cognitive Dimension consists of the minds of those who transmit, receive, and respond to or act on information. US Army, 2017, FM 3- 12 Cyberspace and Electromagnetic Activities, at: https://fas.org/irp/doddir/army/fm3-12.pdf, accessed 18 Jun, 2017, pp 12-13

44. To further describe the layers of cyberspace, the Physical Network Layer includes the geographic component within the physical dimension, it includes the hardware, system software, and infrastructure that supports the network and the physical connectors. The Logical Network Layer consists of the components that represent the requisite data moving through the network. The Cyber-Persona Layer is the digital representation of the individual or identity in cyberspace, which are the people using the network. US Army, 2017, pp 13-14

45. US Army, 2017, pp 13-14

46. US DoD, 2016, p 17

47. US DoD, 2016, p 24

48. US DoD, 2016, p 24

49. US CYBERCOM, 2015, ‘Beyond the Build, Delivering Outcomes Through Cyberspace’, at: https://www.defense.gov/Portals/1/features/2015/0415_cyber- strategy/docs/US-Cyber-Command-Commanders-Vision.pdf, accessed 30 May, 2017

50. US ARCYBER, 2013, The US Army Land Cyber White Paper 2018-2030, at: http://dtic.mil/dtic/tr/fulltext/u2/a592724.pdf, accessed 4 Jun, 2017, p v

105




51. US DoD, 2016, p.15

52. US DoD, 2016, p 15

53. Austin, 2016, p 8

54. US DoD, 2016, p 15

55. Pomerleau, 2016

56. Special Warfare is designed to work through and with an indigenous partner force or surrogate, with soldiers being training in combat-advisory skills, military deception, sabotage, foreign languages, relationship-building skills, cultural understanding, adaptive decision making and cognitive problem solving. This may include Foreign Internal Defence (working with a Host-Nation’s security forces) or Unconventional Warfare/Proxy Guerrilla Warfare (working with surrogate, proxy forces). USASOC, 2016, ARSOF 2022, at: http://www.soc.mil/Assorted%20Pages/ARSOF2022_vFINAL.pdf, accessed 19 Jun, 2017, pp 10-11

57. Surgical strike represents mainly a unilateral, direct action capability aimed at kill/capture, hostage rescue against specialised and designated targets. USASOC, 2016, p 16

58. USASOC, 2016

59. The F3EAD targeting cycle was first developed by General Stanley McCrystal during the Iraq War in 2004. It sought to synergise kinetic kill/capture operations with intelligence and exploitation functions to target Insurgent networks. It has since been adopted as the targeting model of choice within the Special Operations community. S McChrystal, 2013, My Share of the Task: A Memoir, ed P Group, Penguin, p 152

60. USASOC, 2016, p 26

61. USASOC, 2016, pp 26-27

62. Osinga, F, 2007, Science, Strategy and War: The Strategic Theory of John Boyd, Routledge, p 44

63. Langford, I, 2014, Australian Special Operations: Principles and Considerations, at https://www.army.gov.au/sites/g/files/net1846/f/australianspecialoperations_b5_web. pdf, accessed 2 Jun, 2017, p 15

64. Davies, 2014, p 9

65. A Greene, 2016, ‘Islamic State: Australia’s Special Forces to assist Iraq Military in Battle for Mosul’, at: http://www.abc.net.au/news/2016-10-17/australian-special- forces-to-assist-military-operation-to-retak/7939556, accessed 11 Jun, 2017

66. Davies, 2014, p 8

67. Langford, 2014, p 15

68. UW – Unconventional Warfare, PGW – Proxy Guerilla Warfare, TAA – Train, Advise, Assist, PSDA – Precision Strike/ Direct Action, SR – Strategic Reconnaissance, CT

– Counter-Terrorism, SRO – Special Recovery Operations. This has been adapted from the traditional mission sets of Special Reconnaissance, Special Recovery Operations, Precision Strike/Direct Action, Special Support Operations and Support Operations

69. J Blaine, 2017, ‘Achieving an Integrated Force by Design’, at: https://www.slideshare.net/robbinlaird/brig-jason-blaine-force-design-department-of- defence-australia, accessed 12 Jun, 2017, p 9

70. Will McRaven originally defined ‘Relative Superiority’ as a condition that exists when an attacking force gains a decisive advantage over an enemy. Cyber-Enabled Relative

106




Superiority is defined as the moment in a campaign where effects in, through and external to cyberspace have successfully degraded the physical and cognitive decision-making of an adversary, reinforced support from the civilian population and enhanced the legitimacy and relationship with the partner force. The original phases of conflict graphic has been adapted from ADDP 3-13

71. Langford, 2014, p 28

107




Published by the Australian Army Research Centre

[email protected]/our-future