Australia’s response to the emerging centrality of cyber space in the conduct of future war has been slow and fragmented. That’s true in different ways of the government, the armed forces, the private sector, and the strategic studies community. If the country is to have any hope of keeping pace with future needs, we need much more attention to international benchmarks for capability development and policy than we’ve seen to date.
We can find essential reference points in the policy of two countries of strategic interest to Australia: China and the US. Throughout 2015, both have taken radical decisions in cyber war policy that threaten to leave the rest of the world, Australia included, even further behind them. In stark contrast to those two countries, the Australian government hasn’t been prepared to canvas in public the centrality of cyber-enabled warfare nor craft policies and doctrines accordingly.
In May 2015, China issued its first ever ‘Military Strategy’ under that title. The paper says that cyber space and outer space are the commanding heights of international security and strategic competition.
By the end of 2015, China had begun a revolutionary transformation of its armed forces to execute the new cyber military strategy. Two examples may suffice. First, it announced changes to the PLA command structure to support greater integration of joint operations and intelligence so essential to cyber war. That was essentially a catch-up policy modelled on the US armed forces. Yet if the reforms are implemented effectively, China’s war fighting power in all domains, including naval operations, could be lightyears beyond what it is today.
Second, as the strategy paper foreshadowed, the recrafting of command structures will take on a uniquely Chinese aspect that has high appeal in light of the traditional doctrines of ‘people’s war’ and ‘active defence’. The armed forces in combat will be expected to operate on a model of distributed authority that assumes a loss of central command resulting from cyber attack by a superior enemy. That’s captured in the strategy when it calls for reducing central command authority to foster the conditions of victory in cyber-enabled war under the rubric of ‘self-dependence’ of military units (‘you fight your way and I fight my way’). But it will be embodied in practice in the rapid development of cyber militias (citizenry cyber forces), which in turn will provide China something of an edge in its race to begin to match US full-time uniformed capability.
For its part, the US has also quickened the pace of its cyber military development with its own radical elements. Its strategy has for some time been premised on information dominance through cyber effect operations as the foundation for what it calls ‘prompt global strike’. This is a strategic objective in war, not just a tactical or theatre-level ambition. In 2015, the Pentagon issued a new ‘Cyber Strategy’ and Cyber Command issued a new planning document, titled ‘Beyond the Build’. A Pentagon Law of War Manual, also issued in 2015, and prepared with input from Australian military lawyers, says it is lawful for a country in wartime to undertake pre-emplacement of ‘logic bombs’ in an enemy country’s networks and information systems.
There are at least two highly significant innovations in ‘Beyond the Build’. First, there’s recognition that combat units must be able to operate with degraded command and control systems and a lack of situational awareness. Second, the paper argues that Cyber Command will need to offer commanders and policy makers ‘cyber tools in all phases of operations’, which means at all levels of combat across all services.
The most important lesson for all middle powers from the 2015 Pentagon documents is that to be effective in cyber-enabled war, a country needs to plan for it, structure and train its forces accordingly, and develop the foundations for public engagement in it. The strategy document makes plain that there are many foundations of cyber war that need to be out in the open, ranging from critical infrastructure protection to industry-based R&D and developing a civilian cyber work force.
The US and China are determined to create conditions in cyber space that in wartime could undermine the effectiveness of weapons systems, deployed units and military-related civil infrastructure of an enemy as quickly as possible. They want to disable enemy cyber systems in the early stages of hostilities, or even on a pre-emptive basis. Such capabilities present almost insurmountable challenges to the security of middle powers.
To respond to the emerging environment, Australia will need to develop complex systems of decision-making for medium intensity war that address multi-vector, multi-front and multi-theatre attacks in cyber space, including against civilian infrastructure and civilians involved in the war effort. Australia doesn’t currently possess such capabilities, nor is it close to achieving them.