Last week, attendees at the Australian Information Security Association conference were given a preview of the Australian cyber security strategy by PM&C official Lynwen Connick. Connick noted the importance of cybersecurity to future prosperity and innovation in Australia, and the key role the private sector should play in achieving a more cyber secure country. Australian small businesses remain woefully unprepared for cyber security threats. According to research from the Department of Communications and the Arts, only 25% believe they are at risk from hacking and less than half kept anti-virus programs up to date. One proposal for the strategy appears to be a set of guidelines that any organisation can adopt to improve their cybersecurity practice. However there’s still no news on when the strategy will be released, and it will likely be delayed due to the change in leadership to the tech-focused Malcolm Turnbull.
The Dutch Scientific Council for Government Policy have released the English text of their report on the public core of the internet. The report recommends that the international community establish a norm protecting the main protocols and infrastructure that supports the internet from interference by governments. The report characterises the internet as an ‘extended national interest’ that, due to its value to states with open economies, should be considered a global public good. That’s a slightly different approach to the one advocated by Joseph Nye, who has focused on declaration of vulnerabilities to achieve simultaneous disarmament in cyberspace.
Despite the agreement between Presidents Obama and Xi on cyber theft of intellectual property, Stratfor has reported the unsurprising news that Chinese hacking attempts of commercial entities have continued unabated. The Netherlands Institute for International Relations has suggested new norms that limit national security intelligence collection to reduce the risk of ill-considered retaliation for cyber espionage by the US. The Institute calls on US allies, including Australia, to encourage the US to refrain from any retaliation that would more than likely destabilise the international system and instead work towards a new normative framework on the limits of espionage.
The US Army is reportedly conducting a series of experiments during field training exercises to better integrate cyber operations into its operational activities. Brigade level teams rotating through national training centres will take part in several tests run by US Army Cyber to inform US Army doctrine, organization and training. What isn’t known is whether the recently demonstrated ‘tactical cyber rifle’ has been used. Developed by US Army Cyber Institute at West Point, the device uses US$150 of components, including ‘a Raspberry Pi, WiFi radio, and antenna to take advantage of a known exploit in Parrot quadcopters’, causing it to crash. It was also used to open a bunker door and turn on the lights. While its inventor, Captain Brent Chapman, believes in future small units, leaders will be able to quickly fabricate equipment to take advantage of cyber vulnerabilities in the field, this may be wishful thinking until the US Army can recruit more infantry officers with computer science degrees.
The Indian Army this week announced the establishment of a Defence Cyber Agency as an interim body until a tri-service Cyber Command can be created. India has a keen awareness of cyber threats, with the Deputy Chief of Operations at Indian Defence HQ Vice Admiral Girish Luthra noting at the CyFy conference in New Delhi last week that ‘cyber attacks on critical ICT networks can provide significantly higher military advantages than physical attacks.’ However the Indian military has been slow to respond to this threat. India has just two integrated commands, which exhibits the fragmentation that characterises much of its approach to security issues.
Concerns about cyber war and espionage aren’t new, but continue to grab the attention of commentators around the world. For example, this week at The Washington Post Robert Samuelson warns of the potential effects of a cyber arms race and offensive capabilities that could undermines society by harming vital infrastructure like power grids. However Laura Bate at the Centre for the National Interest believes much of this discussion is carried on using terminology that’s so outdated or vague that meaningful discussion is made difficult, if not impossible. Bate quite rightly points out that words such as cyberattack, cybersecurity and cybercrime can mean different things to different governments, undermining confidence in discussion of agreements and developing international norms. The Australian Cyber Security Centre’s most recent threat report provided a useful glossary that differentiates carefully between actions like cyberattack, espionage, intrusions and incidents.
And finally, for some audible cyber security and policy discussion, check out this Foreign Policy podcast on a few of the challenges facing the US in cyberspace with Rosa Brooks, Kori Schake and David Sanger.