How worried should we be about cyber warfare?
The latest amendment to the ANZUS treaty between the US and Australia, announced at the end of last week suggests it’s a genuine threat to the national security of both nations.
For the first time outside NATO, a defence agreement has acknowledged the internet as a potential battleground.
The treaty extension allows the US and Australia to use technology to cooperate in the event of a large-scale cyber attack.
Nations at risk
Cyber attacks, in all their guises, pose complex problems that reach into new areas for law enforcement, national security and public policy.
Computer network attacks are occurring more frequently, are more sophisticated and are invariably more successful.
The continued uptake of internet-enabled devices (tablet computers, smart phones, laptops and so on) by governments, businesses and citizens means the content on such devices and networks has become more valuable. And cyber security is becoming more vulnerable across the globe.
Last year, in an interview with AFR Magazine, ASIO Director-General David Irvine warned “the whole concept of cyber attack as an act of war” was a serious threat not being seriously considered.
What is cyber warfare?
Cyber warfare is action by one nation to penetrate another’s computer networks for the purposes of causing damage or disruption.
Several nations have cyber capabilities at a level mature enough to launch an attack on another state.
Such an attack could be state-sanctioned or not.
It could occur through the ambit of a sole hacker with criminal intent, it could be espionage or it could come in the form of state-sponsored cyber weapons capable of destroying critical infrastructure.
In battle, information is an important enabler.
Information plays an integral part in all aspects of modern warfare, particularly when considering options for attack.
In recent years there has been a transformation in fighting from the purely physical dimension to the information technology (IT) dimension, as computers and associated communications technologies have led to an increase in the tempo of operations.
The integration of sensors into weapons, for example, has made them more precise, and more lethal.
Not only is there a physical dimension to the use of IT in fighting wars, but also a general reliance on computer networks at all levels.
Rules of engagement
A nation that can attack a computer network can potentially inhibit a superior adversary.
But while there are clear rules for terrestrial war fighting, there are no such conventions online.
The borderless nature of the internet means physical distance from a target is irrelevant. This, combined with anonymising tools, makes it very difficult to determine the identity of your adversary.
To address such threats, the United States Government created the U.S. Cyber Command within the National Security Agency.
The body was set up to wage offensive operations and has the ability to conduct “full-spectrum operations” in the internet domain. Australia, through the Defence Signals Directorate has similar capabilities.
What does cyber war look like?
A government facing imminent military attack from an adversary may seek to launch a pre-emptive network attack against the aggressor.
To achieve this aim, they need to possess the tools and techniques to conduct such an attack and have access to the target computer network.
A less pervasive attack is cyber espionage. This targets government websites, as well as private sector computer networks performing classified work on government contract, seeking confidential information.
In April 2010, it was reported that mining companies BHP Billiton, Rio Tinto and Fortescue Metals Group had all been the subject of cyber attacks.
These attacks came at a time of iron ore price negotiations and the arrest of Rio Tinto executive Stern Hu in China.
In May 2011, Lockheed Martin (which builds missiles, fighter jets and satellite systems for the United States Government) detected an attempted breach of its computer networks.
It’s almost impossible to gauge what the results of a sustained and comprehensive cyber attack against Australia would be.
The majority of IT systems are owned and operated by the private sector, where people regularly put commercial considerations before potential or perceived national security implications.
The ANZUS alliance has proven to be adaptable and relevant, particularly after 9/11.
The advent of cyber warfare may now see a continued utility of the treaty – a substantial cyber attack on either country would guarantee it.