{"id":67325,"date":"2021-09-20T06:00:40","date_gmt":"2021-09-19T20:00:40","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=67325"},"modified":"2021-09-19T17:20:15","modified_gmt":"2021-09-19T07:20:15","slug":"aspis-decades-cybersecurity","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/aspis-decades-cybersecurity\/","title":{"rendered":"ASPI\u2019s decades: Cybersecurity"},"content":{"rendered":"
<\/figure>\n

ASPI celebrates its 20th anniversary this year. This series looks at ASPI\u2019s work since its creation in August 2001.<\/em><\/p>\n

In the language of strategy and defence, the information space has become the battle space.<\/p>\n

Cyberspace is a new military domain where heavy blows\u2014\u2018kinetic effects\u2019\u2014can be inflicted.<\/p>\n

In this crowded domain, governments seek to direct, demand, defend\u2014and attack.<\/p>\n

Tech giants grow gargantuan. Businesses swarm. Spies and criminals throng.<\/p>\n

And billions of people can act as individuals as well as groups.<\/p>\n

The cybersphere today, and the tomorrow of quantum computing, are a manifold expression of what Marshall McLuhan saw 50 years ago: \u2018Electric circuitry has overthrown the regime of \u201ctime\u201d and \u201cspace\u201d<\/a> and pours upon us instantly and continuously the concerns of all \u2026 It has reconstituted dialogue on a global scale.\u2019<\/p>\n

The cyberworld can be specific and infinitely individual, a realm where a lone terrorist can become radicalised and act.<\/p>\n

Australia\u2019s first national security statement in 2008 said e-security was one of the top security priorities, referring to cyberwarfare, cyberattacks, electronic espionage, threats to critical infrastructure running on computer systems, and computers used by terrorists.<\/p>\n

An ASPI paper on threats and responses<\/a> in the information age, by Alastair MacGibbon, said Australian cybersecurity policy had been outstripped by the take-up of technology by the public, industry and government\u2014and its abuse by criminals and foreign powers.<\/p>\n

Canberra had relied on business for security solutions via industry self-regulation and a failed belief in \u2018light touch\u2019 regulation of telecommunications. A narrow policy focus on the legal definition of cybercrime missed broader problems, MacGibbon said, causing a widening gap between the cybersecurity problem and the national capacity to deal with it. Australia faced a greater level of risk because of \u2018the incremental nature of government policy-making which can\u2019t keep up with the speed of information and communications technology innovation, and more importantly, how such systems are abused\u2019.<\/p>\n

Surveying cybersecurity in 2011, Andrew Davies judged that Australia had acted \u2018after the event<\/a>\u2019 to \u2018catch up\u2019. Awoken by \u2018consistent penetration of national and commercial systems and substantial commercial losses\u2019, the elements of a national strategy had emerged.<\/p>\n

Using expertise from cyber operations in defence and national security, Canberra could provide guidance, build regulatory frameworks and even offer technical help and tools. The outstanding issues, Davies wrote, were whether the governance mechanisms in place would be sufficient as the problem evolved and grew, and whether the resources brought to bear were proportional to the threat.<\/p>\n

At the 2011 AUSMIN talks in San Francisco, marking the 60th anniversary of ANZUS, the alliance extended into cyberspace<\/a>: \u2018[O]ur Governments share the view that, in the event of a cyber attack that threatens the territorial integrity, political independence or security of either of our nations, Australia and the United States would consult together and determine appropriate options to address the threat.\u2019<\/p>\n

It was the first time outside NATO that two allies had formalised cooperation in the cyber realm, Carl Ungerer wrote, while cautioning that classic deterrence<\/a> wouldn\u2019t work in this new domain:<\/p>\n

The real cybersecurity threat is not from a single weapon of mass destruction but from the persistent and pernicious combination of online crime and espionage that is undermining financial systems, compromising the identity of individuals and stealing important intellectual property rights from corporations and governments. The classic deterrence theory of holding at risk the things that an adversary values fails in the cyber world because would-be attackers operate with an assumed level of deniability that changes their risk calculus.<\/p><\/blockquote>\n

ASPI convened a conference of Australian and American experts in Washington in 2011 to discuss the future of cyber conflict and defence. Lydia Khalil wrote that the alliance would have to define what type of cyberattack<\/a> would be a threat to territory, politics or security:<\/p>\n

[T]here\u2019s an important blurring between espionage and attack in cyberspace that doesn\u2019t exist in the physical space. The same intrusion method that\u2019s used to extract information from a network can also be exploited to conduct an attack to disrupt that network. This is a critically important distinction that policymakers must be aware of and account for. While every cyberintrusion can\u2019t be labelled as an \u2018attack\u2019 per se, it\u2019s critically important to assess whether or not an intrusion has exploited a vulnerability that could also be used to disrupt or destroy networks.<\/p><\/blockquote>\n

ASPI thought Canberra had to offer more coherence and clarity on the cyber challenge. The institute\u2019s response was to create the International Cyber Policy Centre<\/a>, in August 2013, with Tobias Feakin as director.<\/p>\n

Peter Jennings said that the centre was ASPI\u2019s first major expansion as a think tank, giving it a wider remit<\/a>. Cybersecurity, he said, was emerging as \u2018one of the most significant strategic challenges faced by Australia\u2019. Jennings and Feakin wrote that ASPI saw a pressing need<\/a> to be involved in emerging policy debates:<\/p>\n

There are two such debates: one at an often very highly classified government level, and one that encompasses a wider group in civil society but is often limited to those with deep specialist knowledge about information technology and security. There\u2019s a need for a broader dialogue among people interested in many aspects of the impact of cyber issues on public policymaking.<\/p><\/blockquote>\n

The International Cyber Policy Centre would have four aims<\/a>:<\/p>\n