Australia and Cyber Warfare by Ian Dudgeon A presentation to the AIIA Queensland Branch 14 June 2011

What is Warfare ? Hostilities, including the use of force, between states, states and non-states, two or more non-states Warfare involves both defence and offense The end-game is political

What is Cyber Warfare? Cyber warfare is warfare in cyberspace or the cyber domain Cyberspace comprises all global digital communities and information processing, storage and transfer infrastructures Cyber warfare activities encompass information in digital or electronic form, supporting IT systems (including both hardware & software), other supporting infrastructure, and the people who rely on, operate and maintain the ICT

Targets in Cyber Warfare Capability and Will to wage and sustain warfare Capability is largely physical but includes the decision cycle Will is largely psychological but capability can play an important role Both apply to military and civilian targets

Information Infrastructures in the Information Society Infrastructures within the cyber domain in and over which information is collected, processed, stored and transported. It includes the information itself and the people who process information & maintain systems. Three relevant information infrastructures *National Information Infrastructure (NII *Global Information Infrastructure (GII) *Defence Information Infrastructure (DII)

Information Infrastructures in the Information Society NII – domestic information infrastructure that enables the critical infrastructures that underpin the functionality of our society e.g. telecommunications, financial services, transport systems, energy, water, media, essential government services. Includes the domestic part of the Internet. GII – global collection of NIIs. Connectivity provides the global Internet. DII – tactical information infrastructures, and those Defence and private sector owned elements of the NII and GII Defence that enable all Defence operational, strategic and support functions.

Information Infrastructures in the Information Society The DII – Some Characteristics Some 90% of the DII, especially domestic strategic, but also some key operational communications e.g. satellites, are owned by the private sector Many other critical integrated support requirements are provided by the private sector e.g. manufacture of defence equipment, and logistic and maintenance services. It is evident, therefore, that much of Defence capability (e.g. communications, equipment manufacture, logistics and other services) is integrated & interdependent with & provided by the private sector and underpinned by the DII, NII and GII

Information Infrastructures in the Information Society Information Assurance (IA) The functionality of the NII, GII and DII relies on Information Assurance *Availability *Integrity *Confidentiality (where appropriate) *Authentication In wartime, we must defend Information Assurance across the Defence-related cyber domain from attack by adversaries, or other threats. In peacetime, we protect Information Assurance across the NII, GII and DII against exploitation by a potential adversary, and protect also against accident, criminals, cyber vandals, and other threats Our adversary’s Information Assurance is an offensive target for capability and will

Targets in Warfare The NII, GII and DII are defensive and offensive targets in cyber warfare Robust Information Assurance, including cyber security, enhances functionality & capability Enhanced functionality & capability help maintain morale & will Compromised Information Assurance, including cyber security, negatively impacts on functionality & capability, and (especially with targeted psyops) on morale and will

The Networked ADF : C4ISREW The ADF : Force 2030 will be fully networked in terms of combat capability and support functions, all enabled via the cyber domain. The importance of C4ISREW command & control, computers & communications :C2+C2=C4 intelligence, reconnaissance, surveillance : ISR electronic warfare (EW) In the cyber domain ISREW provides situational awareness ISREW contributes to intelligence processing and knowledge ISREW also contributes to decision-making Command and Control(C2) advises decisions and enables manoeuvre Computers and Communications enable all of the above

The Networked ADF : Superiority The networked ADF will enable superiority in information awareness of the operational environment knowledge & decision-making manoeuvre support via supply and logistics

The Decision Cycle & Superiority Observe Action Orient Decide Observe = superior situational awareness of the operational environment Orient = superior knowledge & options about the operational environment Decide = superior decision making of operational action to take against an adversary Action = superior manouvreability to that of the adversary

For the ADF, high quality and robust Information Assurance (IA) across the cyber domain is a critical requirement for superiority Defensive measures to protect IA across the cyber domain (DII, NII and GII) are, therefore, critical. Any compromise of Information Assurance (IA) will have some impact on superiority. The greater the compromise the greater the impact. Offensive measures that target & impact on the IA of an adversary, and thus the functionlity and any potential superiority the adversary, are a priority

Cyber Warfare Targeting What: hardware, software, power supply, people How: destroy, disrupt, deny, degrade, deceive, exploit Means: Kineticexplosive force Malwareviruses, worms, trojans, logic bombs, botnets etc. Hackingexploit for intelligence, insert malware New Weaponsinclude EW, Lasers, HPM, RF, other anti- satellite

Offensive Cyber Warfare Targeting capability through C4ISREW Computers - all processors at all levels: exploit for intelligence, destroy/disrupt/deny hard ware and software Communications – destroy, disrupt and deny some or all key systems in relevant strategic, operational or support areas Surveillance & Reconnaissance – destroy/disrupt/deny access/deceive Intelligence – destroy, disrupt or deceive (corrupt/alter) data, disrupt or deny access Command & Control – destroy/disrupt computers or communications, deny,

Offensive Cyber Warfare Targeting will by psychological means Disruption to society generally – causes frustration, impacts on morale and shapes & influences attitudes, commitment, & can initiate the drive for political change Specific targeting that denies access to electronic media, information via internet, mobile phones, SMS, iPads, etc Exploit all information including social networking systems through internet ( messages, websites, blogs, twitter) SMS, TV, radio etc to project messages and facilitate influence

Advantages of Cyber Warfare It can effectively complement other combat operations – it is not a substitute for these Used pre-emptively, it may avoid other combat operations Very cheap compared to other weapons systems etc, therefore more accessible to less wealthy or technically advanced states and non-states Asymmetrical advantages Access to some targets otherwise not accessible Can place own troops in less danger Less collateral damage than use of conventional kinetic operations But some legal and control considerations

Cyber Warfare is a Must-Have capability for any credible defence force in the 21 st century. Its two key components are A high quality defensive capability A high quality offensive capability The start date has already passed

Questions?