{"id":25032,"date":"2016-03-04T12:30:47","date_gmt":"2016-03-04T01:30:47","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=25032"},"modified":"2016-03-02T09:18:59","modified_gmt":"2016-03-01T22:18:59","slug":"more-cookie-cutters-please-cyber-policy-in-the-2016-dwp","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/","title":{"rendered":"More cookie cutters please: cyber policy in the 2016 DWP"},"content":{"rendered":"
<\/a>While the PM has<\/span> heralded the 2016 Defence White Paper as visionary<\/span><\/a>, its treatment of cyber policy is stuck in first gear. As noted by<\/span> Tobias Feakin<\/span><\/a> last week, DWP 2016 has provided more money and manpower for Australia\u2019s cybersecurity efforts, but lacks a sophisticated policy position on cybersecurity posture, capability and resilience.<\/span><\/p>\n The DWP establishes two broad roles for Defence regarding cybersecurity. The first is to protect its own networks, and the second is to contribute to the broader whole of government cybersecurity effort, principally through the multi-agency Australian Cyber Security Centre (ACSC). The DWP proposes to achieve those two goals through investment in a larger workforce, enhanced cybersecurity capability, increased training and R&D. However this policy almost a carbon copy of the positions put forward in<\/span> 2009<\/span><\/a> and again in<\/span> 2013<\/span><\/a>.<\/span><\/p>\n Casting back to the<\/span> 2000 White Paper<\/span><\/a> (yes, cyberspace existed back then), the central notions of Defence\u2019s cyber policy were being formed. The 2000 White Paper noted that \u2018information technology is transforming the way that armed forces operate\u2019 and included \u2018ensuring these systems are managed effectively, (and) secure against information warfare attack\u2019 as a capability goal. By 2009, the White Paper noted that \u2018the potential impacts of such (cyber) attacks have grown with Defence\u2019s increasing reliance on networked operations\u2019. In 2013, it was reworded to say \u2018The potential impact of malicious cyber activity has grown with Defence\u2019s increasing reliance on networked operations\u2019. In 2016, that assessment remains: \u2018Cyber attacks are a direct threat to the ADF\u2019s warfighting ability given its reliance on information networks\u2019. <\/span><\/p>\n Successive White Papers have also used similar language to reference Defence\u2019s contribution to whole of government cyber security efforts. In 2009, the establishment of the Cyber Security Operations Centre was announced, with the caveat that \u2018While this capability will reside within Defence\u2026it will be purpose designed to serve broader national security goals\u2019. In 2013, the creation of the ACSC, where Defence would play the \u2018principal\u2019 role, was highlighted as a major element of Defence\u2019s cybersecurity posture. In 2016, Defence will continue to contribute to \u2018the Government\u2019s enhanced national cyber security efforts\u2019\u2014an area in which it makes a \u2018critical contribution to (Australia\u2019s) whole of government cyber security efforts\u2019.<\/span><\/p>\n DWP 2016\u2019s language on the treatment of cyber threats focuses on Defence and the Government\u2019s work to \u2018enhance\u2019 and\/or \u2018strengthen\u2019 cyber security capability. The DWP says that \u2018The Government will strengthen Defence\u2019s cyber capabilities to protect itself\u2019. In 2013, Defence planned to \u2018invest in technology and analytical capability to ensure our situational awareness and response capability remains ahead of the threat\u2019. In 2009, the White Paper also stated that \u2018The Government has decided to invest in a major enhancement of Defence\u2019s cyber warfare capacity\u2019.<\/span><\/p>\n A big part of the enhancement to Defence\u2019s cyber capability is supposed to come from \u2018increasing\u2019 the R&D focus from the Defence Science and Technology Group (DTSG). In 2016, \u2018Government will establish a research and development capability to help strengthen the defences of the ADF\u2019s military information systems against attack\u2019.<\/span> DSTG\u2019s Cyber and Electronic Warfare Division<\/span><\/a> may be surprised to hear about this new cyber R&D capability since they have been responsible for Defence\u2019s cyber related R&D work \u00a0for a number of \u00a0years now. In 2009, the then<\/span>–<\/span>DSTO planned to \u2018increase its investigation and application of key enabling technologies\u2026such as cyber warfare and computer security\u2019. In 2013 also, DSTO was going to \u2018bolster\u2019 its cyber research in line with the<\/span> 2013 National Security Strategy<\/span><\/a>.<\/span><\/p>\n DWP 2016 has omitted the statement from 2013 on Australia\u2019s position on international law and norms regarding cyberspace. That\u2019s an important piece of the broader cyberspace conflict prevention and confidence building agenda in which Australia plays a leading role in our region. This agenda was important enough for the<\/span> PM to mention in Washington<\/span><\/a>, and its omission is surely a missed opportunity to promote it in Defence\u2019s principal statement of policy.<\/span><\/p>\n Also missing is a strong concept of cyber resilience. Resilience is frequently mentioned in the DWP, but unfortunately, it\u2019s only used once in the DWP in connection to cybersecurity. This is despite the concept of resilience\u2019s emerging centrality to advanced cyber policy positions, such as the<\/span> US Department of Defense\u2019s Cyber Strategy<\/span><\/a>. The DWP significantly fails to mention that a resilient military not only has the capability to protect itself in cyberspace, but also must be ready to operate effectively in a contested environment where access to cyberspace isn\u2019t possible or trusted. The ability to operate without access to critical command and control networks now and in the future will mark the difference between advanced and less capable militaries and states. That\u2019s a significant oversight, and a further marker of the lack of sophisticated thinking in DWP 2016 on cybersecurity policy.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":" While the PM has heralded the 2016 Defence White Paper as visionary, its treatment of cyber policy is stuck in first gear. As noted by Tobias Feakin last week, DWP 2016 has provided more money …<\/p>\n","protected":false},"author":364,"featured_media":25037,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,95,1636,38],"class_list":["post-25032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-security","tag-defence-white-paper-2016","tag-department-of-defence"],"acf":[],"yoast_head":"\n