ADF must bolster cyber capabilities to maintain combat edge
1 Jul 2025|

The Australian Defence Force’s cyber capacity falls short of what would be needed in a scenario where Australia found itself in combat against an adversary with modern military and technological capabilities. The ADF’s establishment of Cyber Command within Joint Capabilities Group in March 2024 was a positive move. However, developing offensive cyber capabilities that can support tactical objectives in addition to the strategic—like those of the US Cyber Combat Mission Teams—is the necessary next step.

As the ADF and the Australian Signals Directorate (ASD) provide defensive cyber capabilities, we should expect these resources to be stretched thin attempting to defend government networks and critical infrastructure. The cyber threat, enabled by technology, is worsening.

It is true that ASD is additionally responsible for conducting offensive cyber operations in support of the ADF. But its offensive cyber capabilities are targeted mainly at the strategic level—for example, the targeting of cybercriminal syndicates that damage Australia’s economy. They’re also divided between offence and defence.

ASD demonstrated that it had the ability to conduct cyber operations in support of the ADF against ISIS in 2016 to support the liberation of Mosul. But effectively operating in a wartime environment—projecting force offshore while defending onshore—requires augmenting ASD’s capabilities at the ADF’s tactical levels. Tactical cyber capability could support an expanded capacity for ADF kinetic action. One way is to expand the number of uniformed cyber personnel and increase the scope of their capabilities.

By contrast to ASD, ADF cyber capabilities currently focus on the defensive and on incident response. However, current global events have demonstrated that the integration of cyber and kinetic activities can significantly influence battlefield outcomes. Military cyber operations can integrate with and support not only command, intelligence and surveillance but also a range of other capabilities. Such integration has been demonstrated in Russia’s attack on the ViaSat satellite network before the full-scale invasion of Ukraine, and in frontline intelligence gathering by the Ukrainian security service’s cyber department.

Weapons have been employed in the cyber domain against civilian populations, organisations, warfighters and governments. As the scope of military operations grows increasingly complex, cyber weapons have also been used as targeting mechanisms for a range of actors within conflicts, where borders no longer restrict the use of attacks. And while attacks against civilians may be against established rules, digital effects don’t incite the international outrage of kinetic attacks.

Russia significantly increased cyberattacks in the lead up and commencement of its invasion of Ukraine. It is safe to assume that when Australia finds itself in conflict, an artillery battery far from Australian shores may find itself hard pressed receiving targeting information from ASD.

Both Ukraine and Russia have demonstrated the practical application of cyber within military combat activities through intelligence gathering, targeting for offensive fires and disrupting enemy networks. These capabilities have been demonstrated through Russia’s strike on Ukraine’s 128th Mountain Assault Brigade, adjustment of offensive fires through compromised webcams and deploying malicious applications designed for artillery crews that compromised users’ geolocation information. Conversely, Ukraine was able to count every vehicle being moved across the Kerch Bridge, and it leaves malicious payloads inside drones for eager Russians attempting to retrieve GPS logging data or other information.

Ukraine military intelligence pushes cyber specialists closer to frontlines to conduct intelligence gathering, enable rapid exploitation of captured devices, and provide active cyber threat hunts by searching for compromised friendly devices.

The United States includes Cyber Combat Mission Teams within their Order of Battle, tasked with conducting cyber operations supporting combatant commands. The ADF should consider emulating this model. Further integrating cyber capabilities within the ADF in line with US military cyber doctrine would achieve significant force multiplication through focusing on areas such as:

—Network exploitation facilitating surveillance and reconnaissance;

—Cross-domain fires, where actions in one domain create effects in others;

—Multi-domain fires, where actions converge effects from multiple domains against targets;

—Dedicated cyber capabilities within brigade-level units; and

—Deploying cyber cells within Task Force Headquarters.

Expanding the scale at which Australia’s military could conduct actions within the cyber domain requires significant expansion of the current force structure. Cyber personnel account for about 0.4 percent of Australia’s uniformed military force. The US ratio is about 3.7 percent.

Apart from expanding the ADF’s cyber skills base, and expanding its remit to include offensive action, consideration could be given to adopting a tiered targeting system. For example, ASD could maintain responsibility for complex, high value targets whilst simultaneously enabling units within the ADF to conduct intelligence gathering and offensive operations for targets at the brigade level and below.

Ultimately, the ADF needs to update its cyber capabilities to better provide required effects across the full spectrum of domains within the context of modern conflict, augmenting the capabilities already well provided by ASD.

Author

Chris Sheahan is a cyber engineer in the defence industry and a former member of the Australian Army.

 

Image: Lisa Sherman/Department of Defence.

Tags
Share

The Strategist — The Australian Strategic Policy Institute Blog. Copyright © 2025