Content and ideas + cyber—the sleeper in our national security defences
17 Apr 2018|

Australia is in the midst of a much-needed cyber resuscitation. Over the past two years Prime Minister Malcolm Turnbull, a small group of overworked public servants, proactive industry supporters and key civil society actors have been hard at work trying to elevate and mainstream all things cyber. No easy feat given that the term ‘cyber’ means very different things to different people.

New senior positions, proactive government strategies, growth centres and innovation hubs, piles of industry conferences and a gaggle of indecipherable acronyms are spurting out of Canberra at impressive speed. While a much-discussed national cyber ‘slip, slop, slap’ campaign hasn’t yet been realised, the momentum is positive. It must continue to grow under this and future governments.

Why? Because this is only the beginning. Cyberspace and cyber-enabled technologies will continue to reshape everything. Advancements like the internet of things and artificial intelligence (AI) will alter the make-up of Australia’s future workforce, our export base and potential customers.

Australia will have to fundamentally rethink how we engage in diplomacy, intelligence work and warfare. We’ll likely continue to coast on the first but won’t have the luxury of lagging on the latter two. Think, for example, of the impact of advances in facial recognition on human intelligence gathering. Or the potential defensive and offensive capabilities of autonomous military systems guided by composite human–AI decision-making.

Regionally, large technology and AI investments made by others—such as China’s ambitious social credit system to rank citizens—will bring unexpected consequences (watch this space for an upcoming ASPI paper on this).

Until now, governments have rightly focused on understanding and defending against traditional cybersecurity threats, ensuring that our infrastructure and industry is resilient to attacks.

But we’ve failed abysmally on the content side of cyberspace—the actual information that keeps the world’s 4 billion+ internet users coming back again and again. We haven’t invested in understanding how information actually travels in cyberspace. How it engages with, and potentially influences, those that consume it and pass it on. Or how particular information gets magnified and amplified and how these actions can so easily manifest themselves offline.

As Fairfax’s Chris Zappone wrote last year, when it comes to information warfare, cybersecurity won’t help defend us. Information warfare isn’t about the protection of networks or the ways in which information is delivered. It’s about the actual content and ideas that form and shape cyberspace and its users.

This has been a rather dangerous oversight, but we’re certainly not alone. Countries around the world, particularly democracies, are grappling with external interference in their political systems and social structures. Arguably, Australia is ahead of many other countries given its ongoing and important public debate and the draft espionage, foreign interference and foreign influence reforms before Parliament.

We know that there are mounting examples of increasingly sophisticated—often cyber-enabled—covert operations occurring around the world, including in our own region. We’re not talking here about public diplomacy, or slick, overt propaganda put out by international broadcasters.

Instead, we’re talking about the deliberate and covert use of information to confuse, distract and mislead. Who is behind it, and why, are the key questions. (See Herb Lin and Jackie Kerr’s work for useful definitions of ‘cyber-enabled information warfare and manipulation’).

Is Australia actually prepared? If a state or non-state actor were to deploy a deliberate, strategic and coordinated cyber-enabled influence operation in Australia, what would we do?

Let’s say it’s deployed around an election, a breaking political development or an issue related to regional security: who’s in charge? And while I’m here, let me throw out a few more questions:

  1. How does cyber interference fit into Australia’s draft foreign interference legislation?
  2. Is the Australian government currently resourced with the right skills and expertise to detect a covert attempt at cyber interference in our domestic political and social landscape? Which department/agency would take the lead?
  3. Is the Australian government currently resourced with the right skills and expertise to counter such interference? Which department/agency would take the lead?
  4. If such an event did occur, which part of the Australian government would then be responsible for alerting, informing and sustaining a dialogue with the Australian public about such developments so there’s no ongoing confusion?

Within these questions there are some issues that need further unpacking. For example, it’s hard to see Australia’s foreign interference laws having much effect if such an operation is run from overseas rather than physically from Australia—or by individuals with diplomatic cover for that matter.

Detection is equally complicated. It would require multi-language work by individuals who understand how information spreads online. And the work would need to span popular online networks and apps from the US and North Asia. WeChat, for example, has an estimated 2.5 million users in Australia.

Let’s say, for example, that a social media bot swarm were activated by a state or non-state actor to promote confusion, magnify dissent or prop up a particular political position. Let’s say these maliciously intended activities are detected by one of our intelligence agencies. Now what?

Would the work be handed over to another part of government that would be responsible for publicly countering such efforts? Most government departments have a very risk-averse approach to online engagement, and few have a savvy cyber presence, so it’s hard to imagine any part of the government engaging in domestically focused, protective information operation efforts.

But equally, can the government really be silent? Should the government instead focus its efforts on urging American and/or Asian social media networks to dismantle the bot swarm? What if they won’t or they’re slow to action?

Home Affairs will most likely be charged with explaining what is happening and what is being done. But Home Affairs is brand-spanking new. It doesn’t have much of a relationship with the Australian public (or much of its own active online infrastructure). In the short-term, this doesn’t provide us a satisfactory answer.

Russia’s cyber interference in the US exposed a crucial gap in the West’s national security threat matrix. While we’ve been rightly worrying about cybersecurity, we’ve failed to worry about actual information—it’s integrity, how it can be used to influence, and how it can be so easily redirected, falsified, magnified, manipulated and weaponised through cyberspace.

Ensuring the integrity of domestic discussions isn’t just something for political parties or ASIO to worry about—it’s key to a free and open Australian society. We’ve been gifted a colossal wakeup call. Let’s not waste it.