Technology is radically changing the nature of warfare, with the risk moving from a physical disruption to an unpredictable cyber risk that is much more complex. The speed at which technology is developing has introduced the next phase of cyber warfare.
The effects of cyber warfare are not limited to the digital domain and can have real-world consequences. For instance, an attack on a hospital, or nuclear facility can cause injury or even worse loss of life. To navigate this new threat landscape, it is important to be able to control the cyber world just as allied forces seeks control in traditional domains, with air supremacy or command of the sea.
The New York Times for instance reported that, in June, the US military had launched a cyber-attack on Iran just hours after Iran shot down a US surveillance drone knocking out a crucial database used by Iran’s Republican Guard to target oil tankers and shipping traffic in the Persian Gulf.
The article went on to claim: “The US and Iran have long been involved in an undeclared cyberconflict, one carefully calibrated to remain in the grey zone between war and peace.”
Responding to Iran's downing of a US drone with a surface-to-air missile by targeting these same systems with cyber capabilities is a proportionate response that limits collateral damage, although these operations are not totally risk free.
Cyber operations generally come with a temporary loss of intelligence so these responses are not without cost. However, it is important the US demonstrates that it has the will and capability to conduct precision and timely cyber operations against conventional military targets.
In an environment of heightened tension such as that in the Persian Gulf ‘grey zone’, cyber capabilities are being increasingly used and proving effective in establishing deterrence whilst avoiding escalation.
The threat of cyber destruction
Today almost every system on which civilisation depends has some sort of control network, which means there are few limits to the potential for disruption and destruction by a cyber-attack.
While most cyber-attacks to date have resulted in disruption, the potential for destruction has been well demonstrated. For instance, in 2007 the US Department of Homeland Security destroyed a large diesel generator in minutes by cyber tampering with its circuit breakers.
As society becomes ever more networked the potential for damage caused by a cyber-attack can only increase. Certainly, the tools and techniques for defence will evolve, but as the history of cybercrime over the past decade has demonstrated, these developments are available equally to the good and bad actors.
“Australia's national security could be compromised by cyber threats targeting Defence and wider governmental, commercial or infrastructure-related networks,” former Australian Signals Directorate (ASD) deputy director Mike Burgess said. “The potential impact of such activity has grown with Defence's increasing reliance on networked operations.”
The use of artificial intelligence (AI) in both cyber-attack and cyber defence is certain to be a major feature of cyber warfare in the future, and it’s hard to predict the capabilities of AI 5-10 years in the future.
Australia responds to cyber war threats
In this sensitive environment Australia needs strong cyber defence and cyber offence capabilities to be able to respond appropriately to a cyber-attack from a foreign power.
The government has recognised this and in 2017 established the Information Warfare Division tasked with developing both cyber defence and offence capabilities.
But as recent as February 2019, Australian political parties were the target of a malicious cyber-attack that made its way into the Parliament House computer network.
Cyberspace and crime play an important part in internal relations, often creating conflicts and tensions among different governments. Moreover, with nations of poor conventional arsenals increasingly turning to cyber capabilities as a way of responding to physical force, Australia must prepare for the unexpected.
Note: Eddie Stefanescu is the Regional VP Business – APJ for Claroty. The author’s views are his own.