[LINK] Cyber Security in Defence Strategic Review

Tom Worthington tom.worthington at tomw.net.au
Wed Apr 26 10:27:22 AEST 2023 

Had a call from the media asking about cyber security in the Defence 
Strategic Review (I was interviewed from the shower cubicle in my 
Singapore hotel room). I had a half hour beforehand to go through the 
report, looking what it said. There is a section on "Cyber domain and 
targeting" (page 63): 
https://www.defence.gov.au/about/reviews-inquiries/defence-strategic-review

"Australia’s cyber and information operations capabilities must be 
scaled up and optimised.

Under project REDSPICE, the Australian Signals Directorate is 
significantly expanding its signals intelligence and cyber capabilities 
and capacity.

Defence must enhance its cyber domain capabilities to deliver the 
required responsiveness and breadth of capability to support ADF 
operations. This must focus on: integrating the defence and management 
of Defence’s C4 networks and architectures; delivering a coherent and, 
where possible, centralised cyber domain capability development and 
management function; and building and sustaining a trained Defence cyber 
workforce."

I am not sure centralizing is a good idea.


"Defence must also continue to develop its cyber and space 
capabilities." page 7

Good.

"To maximise the deterrence, denial and response options for the 
Government, the ADF must evolve into a genuine Integrated Force which 
harnesses effects across all five domains: maritime, land, air, space 
and cyber." page 19

Will cyber have the corresponding funding and staffing?

"In the contemporary strategic era, we cannot rely on geography or 
warning time. Regional military modernisation, underpinned by economic 
development, has meant that more countries are able to project combat 
power across greater ranges in all five domains: maritime, land, air, 
space and cyber. Emerging and disruptive technologies are being rapidly 
translated into military capability." page 24

Is Australia planning to transition into combat in the cyber domain?

"Cyber warfare is not bound by geography." page 25

Okay.

"Internal measures have included: increased defence and national 
security spending; the reorganisation of elements of the national 
intelligence and national security community; substantial investments in 
cyber security;" page 33

In particular?

"Deterrence strategy and practice is evolving. In military terms it now 
spans five domains: maritime, land, air, space and cyber." page 37

Is deterrence effective in the cyber domain.

"Although invasion of the Australian continent is a remote possibility, 
any adversary could seek to coerce Australia through cyber attacks ..." 
page 37

Could the attacks be made in a coordinated enough way to be useful for 
coerce? Under accepted international law, Australia could respond to a 
threat by cyber kinetically (that is with missiles, bombs, and troops).

"Resilience requires the ability to withstand, endure and recover from 
disruption. ... robust cyber security, data networks and space 
capabilities;" page 38

For example, having backups.

"The strategy of denial must also recognise the importance of 
non-geographic security threats, including cyber, space and long-range 
missile capabilities." page 49

Could Australia be digitally blockaded?

"The adoption of this approach will necessarily lead to a very different 
force structure and posture to what the ADF has today. More attention 
and resources must be devoted to crucial future-focused joint 
capabilities such as information warfare, cyber capabilities, electronic 
warfare, and guided weapons and explosive ordnance." page 51

How many cyber and information warfare troops does the ADF have? How 
many do they need? Will the ADF pay enough to retain them?

"The evolution to five domains – maritime, land, air, space and cyber – 
demands a new approach." page 54

"Defence’s cyber security arrangements should be enhanced in
close collaboration with the Australian Signals Directorate." page 83

"Defence’s cyber security operations capability in Chief
Information Officer Group should be increased and legacy
systems and platforms should be decommissioned." page 83

What will that cost, and how long will it take? For Y2K we took years, 
and hundreds of millions of dollars, to tidy up old systems.

"Options should be developed to change Defence’s recruitment
framework to improve the eligibility pool of potential
applications and to align service recruitment requirements to
military employment, especially in key technical and specialist
trades (cyber, engineering, space, etc.)." page 88

Perhaps the physical fitness requirement will be lowered for computer 
nerds? ;-)

"The Government also notes that in the contemporary strategic 
environment, developments in cyber, space and long-range precision 
strike mean our defence interests are not bound by geography alone." 
page 103

"A comprehensive framework should be developed for managing
operations in the cyber domain that is consistent with the other
domains.Agreed"

"Defence’s cyber domain capabilities should be strengthened
to deliver the required breadth of capability with appropriate
responsiveness to support ADF operations.Agreed in-principle" page 106

Only in principle?

"Options should be developed to change Defence’s recruitment
framework to improve the eligibility pool of potential applications
and to align service recruitment requirements to military
employment, especially in key technical and specialist trades
(cyber, engineering, space, etc.). Agreed" page 107

So the nerds will not need to do pushups? ;-)

"Defence’s cyber security arrangements should be enhanced in close 
collaboration with the Australian Signals Directorate.Agreed" page 108

And the universities?


-- 
Tom Worthington, http://www.tomw.net.au

More information about the Link mailing list