Home' Asia Pacific Defence Reporter : APDR November 2016 Contents Asia Pacific Defence Reporter NOV 2016 27
ser vers and data networks through which the attack
proceeds? An ethical issue is what happens if the
cyber weapon is a virus or worm that is uncontrollable
and goes on to attack neutral or friendly nations’
information systems or networks.
Malcolm Turnbull said at his cyber strategy
announcement “The use of such a (offensive cyber)
capability is subject to stringent legal oversight and is
consistent with our support for the international rules-
based order and our obligations under international law.
Acknowledging this offensive capability, adds a level of
deterrence. It adds to our credibility as we promote
norms of good behaviour on the international stage.
And importantly, familiarity with offensive measures
enhances our defensive capabilities as well.”
It is a good thing that Malcolm Turnbull has been
open and honest about Australia possessing offensive
cyber operations capabilities. If this fact continued to
remain secret, how would this contribute to stabilising
relations between countries with such capabilities and
providing a deterrent to attack on Australia?
He made it very clear that Australia’s offensive
cyber capabilities would always be subject to political
control. Also in releasing his Government’s cyber
security strategy he announced that a Minister and an
expert Special Advisor will help him in this field.
In the same way that the Australian National Security
Committee is charged with receiving intelligence on a
potential adversary’s intentions, evaluating alternative
responses, and where necessary authorising military
action, the decision to undertake offensive military
cyber operations would be taken by this Committee.
The basic interconnects between networks means
a cyber-attack’s effects cannot all be meaningfully
limited, controlled, or known. Therefore no matter
how discretely intentioned or conducted, an attack
approved by a government could have massive
unintended consequences and poses unknown but
potentially significant political risks.
In looking at the cyber security environment, it can
be seen that there are a number of different levels of
activity to reach the desired outcome of effective use
of cyberspace to the economic and social benefit of
the community without exposing it to unnecessary risks.
The foundation is good architecture through the
establishment and maintenance of computer and
other information systems with security in mind.
Keeping applications up-to-date through using the
auto-update feature of reputable software products.
Passive defence involves use of reputable specialist
security software that provides defence against, and
information about, threats without the need for regular
Active defence involves monitoring and studying
adversary actions, including successful penetrations,
to see how they might be defeated and protected
against in the future. This is in the realm of the ASD,
the Australian Cyber Security Centre (ACSC), and
the security section of government and business IT
departments. A key feature can include collecting
and sharing data, analysing it into information, and
producing the result as cyber intelligence. Remediation
can involve the ASD, ACSC or CERT Australia.
As previously mentioned, offensive actions that
are legally and politically approved can involve self-
defence and countermeasures against an adversary.
Is there a distinction between strategic, operational
and tactical cyber-attacks? It could just be semantics,
but it is useful to try and distinguish between these
different types of attack.
Generally speaking, strategic attacks are those
that cripple some major function(s) of government;
national transport, health, telecommunications, energy
production and distribution; or industry.
Operational cyber-attacks would be considered
those which advance military objectives directly or by
slowing down or actually stopping logistic re-supply,
or impacting the opposition’s defence industrial base.
Tactical attacks would be considered as limited in
scope and duration of effect. For example, it could
disable a weapon system or cause it to misfire. It
could be conducting a short-duration distributed
denial of service attack on a military headquarter’s
information systems or shutting down a network
node. A lot of work goes into hardening weapons
systems and military communication networks to
deny access to an adversary and thus frustrate such
attacks on Australian forces.
According to NATO, a Cyber Weapon is an information
technology‐based system that is designed to damage
the structure or operation of some other information
technology‐based system(s). Such weapons are
formed from technology tools which are used to
deny, degrade, disrupt or destroy another’s network,
computer, or system.
These tools are also used constructively in preparing
defences and in the normal process of strengthening
networks and information systems. As one slightly
cynical obser ver commented “An axe is an axe and a
weapon – it all depends on how it is used.”
The intended effects of military cyber-attacks are not
necessarily limited to the targeted computer systems
or data themselves – they may be attacks on computer
systems that then degrade or destroy infrastructure
with Command and Control capability.
It might also not be delivered directly over a network,
but could use intermediate delivery vehicles including
peripheral devices, electronic transmitters, embedded
code, or human operators. The activation or effect of a
cyber-attack may be widely separated temporarily and
geographically from the delivery.
And what of the offensive attack methods
They could include angle reflectors for diverting
radio beams to friendly receptors for analysis;
malware, viruses, worms, or backdoors planted in an
adversary’s software; botnets of computers whose
control is taken over for offensive purposes such as
distributed denial of ser vice attacks; IP spoofing to
collect emailed messages between headquarters
and the field; spear phishing where an attachment
to an email from an apparently known person, when
clicked on, leads to a website which will download
all manner of software code to allow this computer
to be used as a source of intelligence or for further
spear phishing deeper into the organisation; Trojan
horses in software which are activated when a
particular event occurs or are triggered by an external
message; sniffing or spamming.
These can also be received from an adversary,
therefore the study of defensive methods is aided by
the study of offensive cyber-attack methods.
Generally, offering decentralised cyber operations
to field headquarters or outposts is risky. It should only
be undertaken when there is certainty that the way
they are executed is discrete, timely and sufficiently
protective of friendly intelligence conclusions. The
planning goal should be to develop sets of cyber
weapons to be employed only in pre-planned types of
operations, in the same way that bombs, kinetic
The International Red Cross Committee’s
HANDBOOK ON INTERNATIONAL RULES
GOVERNING MILITARY OPERATIONS states that
The US Department of Defense describes offensive cyber
operations as ‘to project power by the application of force in or
25/10/2016 9:44 AM
Links Archive APDR October 2016 APDR Dec16/Jan17 Navigation Previous Page Next Page