[LINK] Cyber Security in Defence Strategic Review
Tom Worthington
tom.worthington at tomw.net.au
Wed Apr 26 10:27:22 AEST 2023
Had a call from the media asking about cyber security in the Defence
Strategic Review (I was interviewed from the shower cubicle in my
Singapore hotel room). I had a half hour beforehand to go through the
report, looking what it said. There is a section on "Cyber domain and
targeting" (page 63):
https://www.defence.gov.au/about/reviews-inquiries/defence-strategic-review
"Australia’s cyber and information operations capabilities must be
scaled up and optimised.
Under project REDSPICE, the Australian Signals Directorate is
significantly expanding its signals intelligence and cyber capabilities
and capacity.
Defence must enhance its cyber domain capabilities to deliver the
required responsiveness and breadth of capability to support ADF
operations. This must focus on: integrating the defence and management
of Defence’s C4 networks and architectures; delivering a coherent and,
where possible, centralised cyber domain capability development and
management function; and building and sustaining a trained Defence cyber
workforce."
I am not sure centralizing is a good idea.
"Defence must also continue to develop its cyber and space
capabilities." page 7
Good.
"To maximise the deterrence, denial and response options for the
Government, the ADF must evolve into a genuine Integrated Force which
harnesses effects across all five domains: maritime, land, air, space
and cyber." page 19
Will cyber have the corresponding funding and staffing?
"In the contemporary strategic era, we cannot rely on geography or
warning time. Regional military modernisation, underpinned by economic
development, has meant that more countries are able to project combat
power across greater ranges in all five domains: maritime, land, air,
space and cyber. Emerging and disruptive technologies are being rapidly
translated into military capability." page 24
Is Australia planning to transition into combat in the cyber domain?
"Cyber warfare is not bound by geography." page 25
Okay.
"Internal measures have included: increased defence and national
security spending; the reorganisation of elements of the national
intelligence and national security community; substantial investments in
cyber security;" page 33
In particular?
"Deterrence strategy and practice is evolving. In military terms it now
spans five domains: maritime, land, air, space and cyber." page 37
Is deterrence effective in the cyber domain.
"Although invasion of the Australian continent is a remote possibility,
any adversary could seek to coerce Australia through cyber attacks ..."
page 37
Could the attacks be made in a coordinated enough way to be useful for
coerce? Under accepted international law, Australia could respond to a
threat by cyber kinetically (that is with missiles, bombs, and troops).
"Resilience requires the ability to withstand, endure and recover from
disruption. ... robust cyber security, data networks and space
capabilities;" page 38
For example, having backups.
"The strategy of denial must also recognise the importance of
non-geographic security threats, including cyber, space and long-range
missile capabilities." page 49
Could Australia be digitally blockaded?
"The adoption of this approach will necessarily lead to a very different
force structure and posture to what the ADF has today. More attention
and resources must be devoted to crucial future-focused joint
capabilities such as information warfare, cyber capabilities, electronic
warfare, and guided weapons and explosive ordnance." page 51
How many cyber and information warfare troops does the ADF have? How
many do they need? Will the ADF pay enough to retain them?
"The evolution to five domains – maritime, land, air, space and cyber –
demands a new approach." page 54
"Defence’s cyber security arrangements should be enhanced in
close collaboration with the Australian Signals Directorate." page 83
"Defence’s cyber security operations capability in Chief
Information Officer Group should be increased and legacy
systems and platforms should be decommissioned." page 83
What will that cost, and how long will it take? For Y2K we took years,
and hundreds of millions of dollars, to tidy up old systems.
"Options should be developed to change Defence’s recruitment
framework to improve the eligibility pool of potential
applications and to align service recruitment requirements to
military employment, especially in key technical and specialist
trades (cyber, engineering, space, etc.)." page 88
Perhaps the physical fitness requirement will be lowered for computer
nerds? ;-)
"The Government also notes that in the contemporary strategic
environment, developments in cyber, space and long-range precision
strike mean our defence interests are not bound by geography alone."
page 103
"A comprehensive framework should be developed for managing
operations in the cyber domain that is consistent with the other
domains.Agreed"
"Defence’s cyber domain capabilities should be strengthened
to deliver the required breadth of capability with appropriate
responsiveness to support ADF operations.Agreed in-principle" page 106
Only in principle?
"Options should be developed to change Defence’s recruitment
framework to improve the eligibility pool of potential applications
and to align service recruitment requirements to military
employment, especially in key technical and specialist trades
(cyber, engineering, space, etc.). Agreed" page 107
So the nerds will not need to do pushups? ;-)
"Defence’s cyber security arrangements should be enhanced in close
collaboration with the Australian Signals Directorate.Agreed" page 108
And the universities?
--
Tom Worthington, http://www.tomw.net.au
More information about the Link
mailing list