Australian Outlook

In this section

Defence and Diplomacy: Australia’s Enhanced Cyber Capability

05 May 2022
By Conor McLaughlin
Example of Locky ransomware. Source: Christiaan Colen

Cyberspace is fast becoming a dominant attribute to the functioning of the Australian economy and society more generally. It is logical to assume that Australia’s defence and security posture will reflect the growing importance of digital technology in policy considerations.

As many Australians were recognising the contributions and suffering of those who had served in war, conflict, and peacekeeping operations this ANZAC Day, Defence Minister Peter Dutton recognised an ominous, yet simple reality – “the only way to preserve peace is to prepare for war.” Good foresight would suggest that the onset of strategic and security engagement will progress towards the cyber domain. Namely, because of the increased prevalence of cyberspace within economic, societal, and security considerations.

While the immediate horizon is witnessing a breathtaking $9.9 billion commitment by the Commonwealth government for cyber security over the next decade, it is essential to also think about the medium-to-longer term initiatives being advanced. The first, bundled under the acronym REDSPICE (Resilience, Effects, Defence, Space, Intelligence, Cyber, and Enablers) looks at building Australia’s cyber defence and offensive capabilities, and indeed, making it a world leader in offensive cyber. The second, perhaps more overlooked initiative is the promotion and upholding of Australian values in cyberspace, namely, its democratic nature. To this end, the Commonwealth government seeks to work with trusted partners and allies in upholding international law within the digital realm. The undertone of these initiatives is through growing and enhancing the intelligence and cyber capabilities of the Australian Signals Directorate (ASD) – Australia’s chief agency for signals intelligence, cyber warfare, and cyber security.

Internal: Offensive Cyber Capabilities

Perhaps the most salient initiative is the Commonwealth government’s intention to enhance and develop Australia’s offensive cyber capability, and therefore, infuse it into the discourse of Australia’s cyber security operations. Indeed, the Commonwealth government has been clear in declaring its ambition of advancing offensive cyber in domains such as responding to cyber attacks of national significance, supporting the operations of the Australian Defence Force (ADF), and to counter major offshore cyber criminals. Offensive cyber capabilities are widely considered an inevitable consequence of the increasing levels of cyber threats, coupled with an increased prevalence of coercive behaviour and increased cyber attacks from Australia’s adversaries.

However, offensive cyber represents a stark contrast to the way cyber security operations have traditionally been conducted by the ASD. Although in some cases, offence is the best defence, the contemporary developing nature of offensive cyber can remain a dangerous endeavour for the ASD, with uncertain repercussions.

Indeed, launching an offensive cyber attack from Australian soil is not only possible, but practical in many regards. Much of cyber security endeavours is represented as a prevention of cyber attacks. While offensive cyber attacks can be witnessed as a “cure” for cyber security, that is, engaging in measures to prevent an attack before it occurs.

However, what remains pertinent is that such attacks must be witnessed within the frame of having the potential for consequential damage that affects civil society beyond the intended target. A prominent example of this is the North Korean WannaCry ransomware attack, which quickly departed North Korea and created significant financial damage, to the sum of $4 – $6 billion globally.

External: Working with Partners and Allies

In the weeks since the announcement, the Commonwealth government has doubled down on its rhetoric as to the transnational nature of cyberspace, and consequently, the need to advance Australia’s international cyber engagement. Much of Australia’s engagement with foreign partners and allies in the cyber domain tends to focus its attention on Australia’s position within the Five Eyes intelligence alliance. However, as part of the AUKUS security pact, Australia’s international cyber engagement will place a renewed emphasis on improving joint capabilities and interoperability with the United States and United Kingdom.

An additional caveat in the AUKUS discussions is Australia’s determination to expand the AUKUS defence technology group to include Japan. The logic behind a possible Japanese inclusion is driven by a dual narrative. The first is the prospect of Japanese technological know-how to support joint development of electronic warfare capabilities. The second is the Japanese Prime Minister Kishida Fumio’s resolve to address the sensitive issue of Japanese cyber security. Despite this, Japan’s Chief Cabinet Secretary Matsuno Hirokazu seemed to dampen the prospect of a Japanese inclusion, citing Japan’s inherent “nuclear allergy” as a potential demise to the discussions. However, Matsuno did not exclusively rule out the possibility of Japan’s cooperation with the security alliance.

In charting the future of Australia’s cyber security apparatus, it is imperative to remember that cyber security remains a cyclical endeavour, a game that can never really be won. Despite this, Australia’s commitment to improving its internal and external strategic cyber outlook is a comforting step. As cyberspace continually evolves, the Australian cyber framework will have to evolve too. Foresight not only helps us to respond to current crises, but prepares us for the next cycle in cybers evolution.

Conor McLaughlin is the Research Coordinator at Edith Cowan University’s Defence Research and Engagement portfolio. Concurrently, he is also a Research Scholar with the Cyber Security Cooperative Research Centre (CSCRC) and a Research Analyst with the International Institute for Counter Terrorism (ICT), based in Herzliya Israel, with a focus on cyber law and policy.

This article is published under a Creative Commons License and may be republished with attribution.