Home' Asia Pacific Defence Reporter : APDR November 2015 Contents FIRST PERSON
As many cyber
attacks / penetrations
still seem to be a
human error, can
threats ever be
when people are part
of the process?
Threats can be
minimised and the effects
they could cause can be mitigated, but it is a fool’s
errand to believe that anything can protect at 100%.
Therefore, attention must be paid to understanding
one’s infrastructure along with the critical elements of
the business they are involved in. Visibility, combined
with the ability to detect and respond to malicious
activity will minimise impact.
Some specialists in the field such as Eugene
Kaspersky believe that cyber security
issues will eventually cause the internet to
dis-aggregate into separate country or regional
I think there will be a push by some nations to
dis-aggregate, but I think the real motivating
rationale behind such moves will be censorship
via cybersecurity. The benefits of an open internet
in a global environment – coupled with greater
cybersecurity capabilities that take into account
the civil rights, liberties and privacy mandates – will
do battle with the desires for segmentation and
Related to the above, some very secure military
systems rely to an extent on completely
separated computers with a physical air gap to
the outside world. Is this inevitably the way to
achieve a secure future?
In today’s world, and the world of tomorrow –
where everything is connected to the internet
– air gap strategies will prove difficult to succeed.
But understanding the risks associated with an
organisation’s mission will help to prevent malicious
actors from being successful. As more military
systems become even more connected and integral to
military operations, additional security processes and
capabilities will be required.
The U.S. has been a leader in cyber warfare
expertise for around 20 years with the USAF in
particular standing up cyber warfare squadrons
in the early 1990s. While some of the functions
are defensive, is it fair to assume that offensive
cyber warfare is also under contemplation?
Cyber operations are now a core capability for the US
military. The cyberspace domain is a domain like air,
maritime, land and space that the military must operate
in and dominate when conducting military operations.
Doctrine includes the use of offensive cyber operations
Is there a role for cyber warfare to achieve a
political objective but without the kinetic and
lethal effects that might come from – say –
dropping a bomb on someone?
I see cyber operations, including offensive operations,
as another means for achieving political ends. In
today’s military, all capabilities, including the use of
cyber operations, are part of the options that political
leaders have available when trying to achieve a political
outcome – just as diplomacy, communications, and
economics are part of the options.
In the case of being on the receiving end of a
cyber attack – is it ever possible to prove that
the event is the result of another Government’s
actions, rather than the spontaneous efforts of
Attribution has been difficult, but it is getting better.
That being said, intentions, along with attribution,
can make it difficult to clearly determine if an attack
was sponsored/conducted by a nation state. For that
reason, work on deterrence has been increasing, with
particular efforts tied to nations agreeing to norms and
standards of action. The world still has lots of work to
do in this field.
The U.S. has once again delivered a stern
warning to China that economic espionage
through cyber infiltration is a major impediment
to good relations. But being the devil’s
advocate for a moment: hasn’t industrial
espionage been around for centuries?
The conversation, as in the previous question, rests
around what are normal standards of behaviour.
The US and others have stressed that espionage,
conducted via cyberspace, is a regularly understood
and expected activity. But economic espionage –
where the theft of intellectual property is used to the
advantage of another nation’s private (or public) sector
– is unacceptable. Recent discussions, including
between China and the US, are centred around those
Are you able to make any particular comments
about Australia and matters of cyber security?
Australia’s government, much like the other Five Eyes
partners, have focused for years on understanding the
threats in cyberspace and taking action. Australia’s
policy development, strategies for cyberspace, as
well as execution of policy and strategy, have been
exceptional. All Five Eyes partners need to continue
to work on cybersecurity issues as both threats and
technologies continue to expand. And key to the future
is the work that the private sector must bring to the
public sector, and vice versa. There really needs to
be an acceptable methodology for the two sectors to
work together in order for both to be more secure in
KYM BERGMANN // CANBERRA
THE U.S. PERSPECTIVE
APDR Editor Kym Bergmann had the opportunity to put some questions to Michael Brown, Rear Admiral, United States Navy
(Retired). Brown’s last position on active duty was as the Director, Cybersecurity Coordination for DHS, where he was responsible
for increasing interdepartmental collaboration in strategic planning for the Nation’s cybersecurity, mutual support for cybersecurity
capabilities development, and synchronization of current operational cybersecurity mission activities for the Departments of Defense
and Homeland Security. He is currently the Vice President and General Manager of RSA Global Public Sector at RSA, the Security
Division of EMC.
32 Asia Pacific Defence Reporter NOV 2015
14/10/2015 10:39 pm
Links Archive APDR October 2015 APDR Dec15/Jan16 Navigation Previous Page Next Page