{"id":26627,"date":"2016-05-17T06:00:58","date_gmt":"2016-05-16T20:00:58","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=26627"},"modified":"2016-05-16T14:02:24","modified_gmt":"2016-05-16T04:02:24","slug":"thinking-deeper-about-australias-offensive-cyber-capability","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/","title":{"rendered":"Thinking deeper about Australia\u2019s offensive cyber capability"},"content":{"rendered":"<p><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"426\" class=\"size-full wp-image-26636 aligncenter\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg\" alt=\"\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640-205x136.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640-332x221.jpg 332w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>At the launch of Australia\u2019s new<\/span><a href=\"https:\/\/cybersecuritystrategy.dpmc.gov.au\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">Cyber Security Strategy<\/span><\/a><span style=\"font-weight: 400;\"> last month, the<\/span><a href=\"https:\/\/www.pm.gov.au\/media\/2016-04-21\/launch-australias-cyber-security-strategy-sydney\" target=\"_blank\"> <span style=\"font-weight: 400;\">Prime Minister confirmed<\/span><\/a> <span style=\"font-weight: 400;\">what many have been<\/span><a href=\"http:\/\/www.tripwire.com\/state-of-security\/latest-security-news\/australian-defense-force-seeks-to-develop-offensive-cyber-capabilities\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">guessing for years<\/span><\/a><span style=\"font-weight: 400;\">: Australia possesses offensive cyber capabilities. The announcement, however, provided us with the barest of information about Australia\u2019s offensive cyber capability, and it remains largely unclear how its potential uses have been conceived by government and the national security community. Given the minimal discussion of Defence\u2019s approach to cyber capability in<\/span><a href=\"http:\/\/www.aspistrategist.ru\/more-cookie-cutters-please-cyber-policy-in-the-2016-dwp\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">the 2016 Defence White Paper<\/span><\/a><span style=\"font-weight: 400;\">, it\u2019s unlikely that we\u2019ll see this information disclosed anytime soon.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">What we do know is that Australia\u2019s offensive cyber capability provides an<\/span><a href=\"https:\/\/www.pm.gov.au\/media\/2016-04-22\/doorstop-treasurer-and-minister-industry-innovation-science\" target=\"_blank\"> <span style=\"font-weight: 400;\">additional option for government<\/span><\/a><span style=\"font-weight: 400;\"> when responding to serious cyber security incidents. We also know that it resides in the Australian Signals Directorate\u2014its natural home considering the Directorate\u2019s technical expertise\u2014and that it will only be used in accordance with stringent legal oversight and consistent with international law. The PM\u2019s announcement was carefully calibrated to clarify that Australia has a sophisticated capability at its disposal, but will exercise significant restraint in employing it.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Offensive cyber capabilities have<\/span><a href=\"http:\/\/belfercenter.ksg.harvard.edu\/publication\/22046\/on_the_use_of_offensive_cyber_capabilities.html\" target=\"_blank\"> <span style=\"font-weight: 400;\">utility beyond<\/span><\/a><span style=\"font-weight: 400;\"> the responsive role outlined by the PM, but there\u2019s little detail of how that capability has been integrated into Defence\u2019s planning, operations and capability development processes. Its<\/span><a href=\"http:\/\/www.aspistrategist.ru\/matching-rhetoric-with-action-cyber-and-the-2016-defence-white-paper\/\" target=\"_blank\"> <span style=\"font-weight: 400;\">exclusion from the Defence White Paper<\/span><\/a><span style=\"font-weight: 400;\"> was a glaring omission, and it\u2019s a shame that Defence and PM&amp;C weren\u2019t able to better align the DWP and the Cyber Security Strategy. Publicly releasing a document that outlines Defence\u2019s thinking on Australia\u2019s cyber capability would grow the sophistication of Australia\u2019s cyber policy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">But what might be included in such a document? Given Australia\u2019s strong defence and intelligence<\/span><a href=\"https:\/\/www.pm.gov.au\/media\/2016-04-22\/doorstop-treasurer-and-minister-industry-innovation-science\" target=\"_blank\"> <span style=\"font-weight: 400;\">relationship with the US and the UK<\/span><\/a><span style=\"font-weight: 400;\">, Australia should draw significantly on their experience to develop concepts and doctrine for offensive cyber operations, adapting them to our own unique requirements. The US and UK have already produced a<\/span><a href=\"https:\/\/ccdcoe.org\/cyber-security-strategy-documents.html\" target=\"_blank\"> <span style=\"font-weight: 400;\">healthy public cache<\/span><\/a><span style=\"font-weight: 400;\"> on cyber operations, their use as a responsive capability and their potential to support conventional military operations. These documents give us some insight into how Australia may consider the development and use of its own offensive cyber capability.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">US policy and doctrine characterises cyber operations as an instrument of power in broader conflict, as well as a response to cyber incidents, and seeks to integrate them seamlessly with conventional military operations. The<\/span><a href=\"https:\/\/www.google.com.au\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=0ahUKEwiP2efI-s7MAhWBGaYKHefkDWwQFggcMAA&amp;url=http%3A%2F%2Fwww.jcs.mil%2FPortals%2F36%2FDocuments%2FPublications%2F2015_National_Military_Strategy.pdf&amp;usg=AFQjCNFQk5kUVY7qTgPlDSbbI4cjqqn6rg&amp;sig2=jJqtiCzAqtvB6Ybj4NNG0w\" target=\"_blank\"> <span style=\"font-weight: 400;\">US National Military Strategy<\/span><\/a><span style=\"font-weight: 400;\"> characterises cyber operations primarily as a means to defend the US homeland, and defeat an adversary by projecting power across multiple domains. The Department of Defense\u2019s<\/span><a href=\"https:\/\/www.google.com.au\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=1&amp;cad=rja&amp;uact=8&amp;ved=0ahUKEwjnj8X9-s7MAhXDKKYKHRftAzIQFggbMAA&amp;url=http%3A%2F%2Fwww.defense.gov%2FPortals%2F1%2Ffeatures%2F2015%2F0415_cyber-strategy%2FFinal_2015_DoD_CYBER_STRATEGY_for_web.pdf&amp;usg=AFQjCNHksika1UvMP3URJG7ZU5YIGHLCdg&amp;sig2=Q14zAD6AjSXzQH1JjM1oJg&amp;bvm=bv.121421273,d.dGY\" target=\"_blank\"> <span style=\"font-weight: 400;\">Cyber Strategy<\/span><\/a><span style=\"font-weight: 400;\"> states that \u2018DoD must be able to provide integrated cyber capabilities to support military operations and contingency plans.\u2019 It goes on to note specific examples of cyber operations in support of this goal including disrupting an adversary\u2019s command and control networks, military-related critical infrastructure and weapons capabilities. US<\/span><a href=\"https:\/\/www.google.com.au\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=6&amp;cad=rja&amp;uact=8&amp;ved=0ahUKEwjnj8X9-s7MAhXDKKYKHRftAzIQFgg7MAU&amp;url=http%3A%2F%2Fwww.dtic.mil%2Fdoctrine%2Fnew_pubs%2Fjp3_12R.pdf&amp;usg=AFQjCNE9kdVVhU3Q3DPHmk-8N1PsvDoLYA&amp;sig2=pYtfLAV04J8sTEV3DQRnDA&amp;bvm=bv.121421273,d.dGY\" target=\"_blank\"> <span style=\"font-weight: 400;\">doctrine on cyberspace operations<\/span><\/a><span style=\"font-weight: 400;\"> notes that cyber operations are most effective when integrated with other capabilities. The doctrine holds that commanders should seek to integrate \u2018cyberspace fires\u2019 with other capabilities to achieve their desired effects.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Similarly, the UK sees significant value in using offensive cyber capabilities to support military operations, as well as a response option for cyber incidents. The 2015<\/span><a href=\"https:\/\/www.gov.uk\/government\/publications\/national-security-strategy-and-strategic-defence-and-security-review-2015\" target=\"_blank\"> <span style=\"font-weight: 400;\">National Security Strategy and Strategic Defence and Security Review<\/span><\/a><span style=\"font-weight: 400;\"> states that the Armed Forces will be provided with, \u2018advanced offensive cyber capabilities\u2019 that will be used to \u2018enable the success of coalition operations\u2019. Further, the Review states that offensive cyber capabilities will be considered amongst the full spectrum of response options that the UK will develop to deter adversaries and ensure there are consequences for actors that threaten the UK\u2019s security.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The announcement that Australia has an offensive cyber capability, and the manner in which it was announced, indicate a growing sophistication and confidence in thinking on cyber policy issues in the Australian Government. To take advantage of the potential offered by such a capability, Defence needs to make a concerted effort to formulate its thinking on the how, when, where and why it will be used, along with how the capability will be developed and sustained. That should include its broader utility in support of conventional military operations as well as its potential role as a retaliatory option for government. Such moves will patch the hole in the DWP, aid the development of cyber capability within Defence and provide further evidence of Australia\u2019s commitment to developing cyber capability that aligns with Australian and international law. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>At the launch of Australia\u2019s new Cyber Security Strategy last month, the Prime Minister confirmed what many have been guessing for years: Australia possesses offensive cyber capabilities. The announcement, however, provided us with the barest &#8230;<\/p>\n","protected":false},"author":364,"featured_media":26636,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[1707,95,1597,1636],"class_list":["post-26627","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber-capability","tag-cyber-security","tag-cyber-strategy","tag-defence-white-paper-2016"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Thinking deeper about Australia\u2019s offensive cyber capability | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Thinking deeper about Australia\u2019s offensive cyber capability | The Strategist\" \/>\n<meta property=\"og:description\" content=\"At the launch of Australia\u2019s new Cyber Security Strategy last month, the Prime Minister confirmed what many have been guessing for years: Australia possesses offensive cyber capabilities. The announcement, however, provided us with the barest ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2016-05-16T20:00:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-05-16T04:02:24+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"426\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Liam Nevill\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Liam Nevill\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg\",\"width\":640,\"height\":426},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/\",\"name\":\"Thinking deeper about Australia\u2019s offensive cyber capability | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#primaryimage\"},\"datePublished\":\"2016-05-16T20:00:58+00:00\",\"dateModified\":\"2016-05-16T04:02:24+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Thinking deeper about Australia\u2019s offensive cyber capability\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936\",\"name\":\"Liam Nevill\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g\",\"caption\":\"Liam Nevill\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Thinking deeper about Australia\u2019s offensive cyber capability | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/","og_locale":"en_US","og_type":"article","og_title":"Thinking deeper about Australia\u2019s offensive cyber capability | The Strategist","og_description":"At the launch of Australia\u2019s new Cyber Security Strategy last month, the Prime Minister confirmed what many have been guessing for years: Australia possesses offensive cyber capabilities. The announcement, however, provided us with the barest ...","og_url":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2016-05-16T20:00:58+00:00","article_modified_time":"2016-05-16T04:02:24+00:00","og_image":[{"width":640,"height":426,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg","type":"image\/jpeg"}],"author":"Liam Nevill","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Liam Nevill","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2016\/05\/code-459070_640.jpg","width":640,"height":426},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/","url":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/","name":"Thinking deeper about Australia\u2019s offensive cyber capability | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#primaryimage"},"datePublished":"2016-05-16T20:00:58+00:00","dateModified":"2016-05-16T04:02:24+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/thinking-deeper-about-australias-offensive-cyber-capability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Thinking deeper about Australia\u2019s offensive cyber capability"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/d81d6aff5a42bb8e53d00720fad0e936","name":"Liam Nevill","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cfa81d9fb18f77771edc760e855ec75f?s=96&d=mm&r=g","caption":"Liam Nevill"},"url":"https:\/\/www.aspistrategist.ru\/author\/liam-nevill\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/26627"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/364"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=26627"}],"version-history":[{"count":3,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/26627\/revisions"}],"predecessor-version":[{"id":26637,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/26627\/revisions\/26637"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/26636"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=26627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=26627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=26627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}