Home' Asia Pacific Defence Reporter : APDR November 2016 Contents 28 Asia Pacific Defence Reporter NOV 2016
‘Armed conflict in the 21st century is more diverse than
conflicts of the 19th or 20th centuries when most of
the treaty law was being developed. Military strategy
and tactics have evolved in such a way that the entire
population of a country or region is directly affected by
a conflict to a greater or lesser degree.’
Nowhere is this more evident than with cyber-attacks
that can reach across the globe, then be denied as the
source by those responsible for directing the attacks.
Questions arise about the impact on several
fundamental principles embodied in the Law of
Armed Conflict (LOAC). These are military
necessity; humanity; distinction; proportionality;
precaution; and limitation.
If a cyber-attack is confined to a purely military
objective and does not have consequences outside
of that, then no problems with LOAC should arise.
However if the cyber-attack, for example, totally
disrupts the telecommunications of a region or cuts
off energy supplies to the population, then issues
of proportionality, distinction and limitation arise
Obviously too, if a cyber-attack on a capable
adversary is considered likely to trigger a massive
response out of all proportion to the original attack, that
consideration would have to be included in the decision
to initiate the cyber-attack. Hopefully the threat of being
able to launch an offensive cyber-attack should be a
sufficient deterrent to a potential adversary.
Intelligence concerns also become important,
because the tactical use of cyber-attacks brings up at
least two challenges.
The first is that actually using cyber weapons gives
the adversary a heads-up on the level of technology
and sophistication employed in the attack. If their
analysis is correct, that does devalue the deterrent
threat that they perceive originating from your side.
The second is that a cyber-attack from a tactical
headquarters might unwittingly alert or destroy the
usefulness of an intelligence channel already in
operation for espionage but not widely proclaimed.
For example, it may be that access has been gained to
a computer used by a senior officer on the other side
and detection of this attack may cause that intelligence
source to be removed because of increased security
consciousness and scanning of that computer.
As noted by the Prime Minister, the ASD is the key
agency for both defensive and offensive cyber security
operations. A number of jobs there have been publicly
advertised on their website with enquiries solicited.
The latest job advertisements seen by APDR were
for Cyber Specialist - Offensive cyber operators;
Cyber Specialist - Cyber security responders and
malware analysts; Cyber Specialist - Cyber security
vulnerability researchers; and Cyber Specialist -
Network and system administrators or engineers.
It is interesting to look at the brief job description
for the employment category of Cyber Specialist -
Offensive cyber operators. ‘These positions involve
the planning, coordination and delivery of cyber
operations in support of Australian Government
requirements. You will be working in a fast-paced
operational environment that requires creative
problem-solving by self-starters and the ability to
collaborate with others.
‘Experience or interest in any of the following
fields, matched with the right attitude and aptitude, is
desirable: plan and coordinate work projects; establish
and maintain productive working relationships with
stakeholders; interest and understanding of current
internet and communication trends; analysis of cyber
environments; development of innovative analytical
solutions in support of cyber requirements.’
Australia is now ready and able to deploy offensive
military cyber operations after strict examination of
any request which will be subject to ‘stringent legal
oversight and is consistent with our support for the
international rules-based order and our obligations
under international law’.
Cyber operations, because they can usually be
accurately targeted, can have a strategic effect without
mass consequences. They are really just another
weapon of war and should be treated as such.
While offensive cyberwarfare capabilities have
the potential to disrupt infrastructure; mislead
commanders and their subordinates; greatly reduce
the effectiveness of physical weapons; and so
on, they do have limitations. They work because
overcoming sur veillance and safety systems allows
special computer code to be placed in a vulnerable
site which could be a central processor, data storage
peripheral, network router or other elements of an
adversary’s information systems or read-only memory
in a weapon’s control system. In this they act as a
force multiplier to conventional weapons. But on their
own they cannot have the lasting effect that navy
ships, ground troops and air forces do to resolve an
According to NATO, a Cyber Weapon is an information technology
based system that is designed to damage the structure or operation
of some other information technology based system(s).
Credit: U.S. Air Force graphic by Naoko Shimoji
25/10/2016 9:45 AM
Links Archive APDR October 2016 APDR Dec16/Jan17 Navigation Previous Page Next Page