{"id":25032,"date":"2016-03-04T12:30:47","date_gmt":"2016-03-04T01:30:47","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=25032"},"modified":"2016-03-02T09:18:59","modified_gmt":"2016-03-01T22:18:59","slug":"more-cookie-cutters-please-cyber-policy-in-the-2016-dwp","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/","title":{"rendered":"More cookie cutters please: cyber policy in the 2016 DWP"},"content":{"rendered":"<p><span style=\"font-weight: 400;\"><a href=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-25037 aligncenter\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg\" alt=\"\" width=\"808\" height=\"538\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z-205x136.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z-332x221.jpg 332w\" sizes=\"(max-width: 808px) 100vw, 808px\" \/><\/a>While the PM has<\/span><a href=\"http:\/\/www.malcolmturnbull.com.au\/media\/launch-of-the-defence-white-paper\" target=\"_blank\"> <span style=\"font-weight: 400;\">heralded the 2016 Defence White Paper as visionary<\/span><\/a><span style=\"font-weight: 400;\">, its treatment of cyber policy is stuck in first gear. As noted by<\/span><a href=\"http:\/\/www.aspistrategist.ru\/matching-rhetoric-with-action-cyber-and-the-2016-defence-white-paper\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">Tobias Feakin<\/span><\/a><span style=\"font-weight: 400;\"> last week, DWP 2016 has provided more money and manpower for Australia\u2019s cybersecurity efforts, but lacks a sophisticated policy position on cybersecurity posture, capability and resilience.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The DWP establishes two broad roles for Defence regarding cybersecurity. The first is to protect its own networks, and the second is to contribute to the broader whole of government cybersecurity effort, principally through the multi-agency Australian Cyber Security Centre (ACSC). The DWP proposes to achieve those two goals through investment in a larger workforce, enhanced cybersecurity capability, increased training and R&amp;D. However this policy almost a carbon copy of the positions put forward in<\/span><a href=\"http:\/\/www.defence.gov.au\/whitepaper\/2009\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">2009<\/span><\/a><span style=\"font-weight: 400;\"> and again in<\/span><a href=\"http:\/\/www.defence.gov.au\/whitepaper\/2013\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">2013<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Casting back to the<\/span><a href=\"https:\/\/www.google.com.au\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;ved=0ahUKEwiI5N7635vLAhXHG5QKHTRWBjcQFggfMAA&amp;url=http%3A%2F%2Fwww.defence.gov.au%2Fpublications%2Fwpaper2000.pdf&amp;usg=AFQjCNGv44ISTfmOsrma0A9W0fe7MOwXjg&amp;sig2=TqWy-rzWLj8UU4OJ9WcQGg&amp;cad=rja\"> <span style=\"font-weight: 400;\">2000 White Paper<\/span><\/a><span style=\"font-weight: 400;\"> (yes, cyberspace existed back then), the central notions of Defence\u2019s cyber policy were being formed. The 2000 White Paper noted that \u2018information technology is transforming the way that armed forces operate\u2019 and included \u2018ensuring these systems are managed effectively, (and) secure against information warfare attack\u2019 as a capability goal. By 2009, the White Paper noted that \u2018the potential impacts of such (cyber) attacks have grown with Defence\u2019s increasing reliance on networked operations\u2019. In 2013, it was reworded to say \u2018The potential impact of malicious cyber activity has grown with Defence\u2019s increasing reliance on networked operations\u2019. In 2016, that assessment remains: \u2018Cyber attacks are a direct threat to the ADF\u2019s warfighting ability given its reliance on information networks\u2019. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">Successive White Papers have also used similar language to reference Defence\u2019s contribution to whole of government cyber security efforts. In 2009, the establishment of the Cyber Security Operations Centre was announced, with the caveat that \u2018While this capability will reside within Defence\u2026it will be purpose designed to serve broader national security goals\u2019. In 2013, the creation of the ACSC, where Defence would play the \u2018principal\u2019 role, was highlighted as a major element of Defence\u2019s cybersecurity posture. In 2016, Defence will continue to contribute to \u2018the Government\u2019s enhanced national cyber security efforts\u2019\u2014an area in which it makes a \u2018critical contribution to (Australia\u2019s) whole of government cyber security efforts\u2019.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DWP 2016\u2019s language on the treatment of cyber threats focuses on Defence and the Government\u2019s work to \u2018enhance\u2019 and\/or \u2018strengthen\u2019 cyber security capability. The DWP says that \u2018The Government will strengthen Defence\u2019s cyber capabilities to protect itself\u2019. In 2013, Defence planned to \u2018invest in technology and analytical capability to ensure our situational awareness and response capability remains ahead of the threat\u2019. In 2009, the White Paper also stated that \u2018The Government has decided to invest in a major enhancement of Defence\u2019s cyber warfare capacity\u2019.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A big part of the enhancement to Defence\u2019s cyber capability is supposed to come from \u2018increasing\u2019 the R&amp;D focus from the Defence Science and Technology Group (DTSG). In 2016, \u2018Government will establish a research and development capability to help strengthen the defences of the ADF\u2019s military information systems against attack\u2019.<\/span><a href=\"http:\/\/www.dsto.defence.gov.au\/research-division\/cyber-and-electronic-warfare-division\" target=\"_blank\"> <span style=\"font-weight: 400;\">DSTG\u2019s Cyber and Electronic Warfare Division<\/span><\/a><span style=\"font-weight: 400;\"> may be surprised to hear about this new cyber R&amp;D capability since they have been responsible for Defence\u2019s cyber related R&amp;D work \u00a0for a number of \u00a0years now. In 2009, the then<\/span><span style=\"font-weight: 400;\">&#8211;<\/span><span style=\"font-weight: 400;\">DSTO planned to \u2018increase its investigation and application of key enabling technologies\u2026such as cyber warfare and computer security\u2019. In 2013 also, DSTO was going to \u2018bolster\u2019 its cyber research in line with the<\/span><a href=\"http:\/\/apo.org.au\/resource\/strong-and-secure-strategy-australias-national-security\" target=\"_blank\"> <span style=\"font-weight: 400;\">2013 National Security Strategy<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DWP 2016 has omitted the statement from 2013 on Australia\u2019s position on international law and norms regarding cyberspace. That\u2019s an important piece of the broader cyberspace conflict prevention and confidence building agenda in which Australia plays a leading role in our region. This agenda was important enough for the<\/span><a href=\"http:\/\/www.malcolmturnbull.com.au\/media\/australia-and-the-united-states-strengthen-ties-on-cyber-security\" target=\"_blank\"> <span style=\"font-weight: 400;\">PM to mention in Washington<\/span><\/a><span style=\"font-weight: 400;\">, and its omission is surely a missed opportunity to promote it in Defence\u2019s principal statement of policy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Also missing is a strong concept of cyber resilience. Resilience is frequently mentioned in the DWP, but unfortunately, it\u2019s only used once in the DWP in connection to cybersecurity. This is despite the concept of resilience\u2019s emerging centrality to advanced cyber policy positions, such as the<\/span><a href=\"https:\/\/www.google.com.au\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=0ahUKEwiUwLCE4JvLAhUGpJQKHY5FDKsQFggcMAA&amp;url=http%3A%2F%2Fwww.defense.gov%2FPortals%2F1%2Ffeatures%2F2015%2F0415_cyber-strategy%2FFinal_2015_DoD_CYBER_STRATEGY_for_web.pdf&amp;usg=AFQjCNHksika1UvMP3URJG7ZU5YIGHLCdg&amp;sig2=WcfUBlUXbQ-hJldVfJ4ZbQ\" target=\"_blank\"> <span style=\"font-weight: 400;\">US Department of Defense\u2019s Cyber Strategy<\/span><\/a><span style=\"font-weight: 400;\">. The DWP significantly fails to mention that a resilient military not only has the capability to protect itself in cyberspace, but also must be ready to operate effectively in a contested environment where access to cyberspace isn\u2019t possible or trusted. The ability to operate without access to critical command and control networks now and in the future will mark the difference between advanced and less capable militaries and states. That\u2019s a significant oversight, and a further marker of the lack of sophisticated thinking in DWP 2016 on cybersecurity policy.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While the PM has heralded the 2016 Defence White Paper as visionary, its treatment of cyber policy is stuck in first gear. As noted by Tobias Feakin last week, DWP 2016 has provided more money &#8230;<\/p>\n","protected":false},"author":364,"featured_media":25037,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,95,1636,38],"class_list":["post-25032","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyber-security","tag-defence-white-paper-2016","tag-department-of-defence"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>More cookie cutters please: cyber policy in the 2016 DWP | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"More cookie cutters please: cyber policy in the 2016 DWP | The Strategist\" \/>\n<meta property=\"og:description\" content=\"While the PM has heralded the 2016 Defence White Paper as visionary, its treatment of cyber policy is stuck in first gear. As noted by Tobias Feakin last week, DWP 2016 has provided more money ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-04T01:30:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-01T22:18:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Liam Nevill\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Nevill\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg\",\"width\":640,\"height\":426},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/\",\"name\":\"More cookie cutters please: cyber policy in the 2016 DWP | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#primaryimage\"},\"datePublished\":\"2016-03-04T01:30:47+00:00\",\"dateModified\":\"2016-03-01T22:18:59+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"More cookie cutters please: cyber policy in the 2016 DWP\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\",\"name\":\"Liam Nevill\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"caption\":\"Liam Nevill\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"More cookie cutters please: cyber policy in the 2016 DWP | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/","og_locale":"en_US","og_type":"article","og_title":"More cookie cutters please: cyber policy in the 2016 DWP | The Strategist","og_description":"While the PM has heralded the 2016 Defence White Paper as visionary, its treatment of cyber policy is stuck in first gear. As noted by Tobias Feakin last week, DWP 2016 has provided more money ...","og_url":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2016-03-04T01:30:47+00:00","article_modified_time":"2016-03-01T22:18:59+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg","type":"image\/jpeg"}],"author":"Liam Nevill","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Liam Nevill","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/03\/4342441602_e30c78447b_z.jpg","width":640,"height":426},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/","url":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/","name":"More cookie cutters please: cyber policy in the 2016 DWP | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#primaryimage"},"datePublished":"2016-03-04T01:30:47+00:00","dateModified":"2016-03-01T22:18:59+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"More cookie cutters please: cyber policy in the 2016 DWP"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936","name":"Liam Nevill","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","caption":"Liam Nevill"},"url":"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/25032"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=25032"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/25032\/revisions"}],"predecessor-version":[{"id":25040,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/25032\/revisions\/25040"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/25037"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=25032"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=25032"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=25032"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}