Today, yesterday, each and every day, strings of malicious code are pushed down wires, searching for their targets. Some of these are simple thieves; some seek information that others want to keep private. These are the usual activities of spy and intelligence agencies.
What’s changed today is that other armed forces have got into the game as well. They’re planting digital bombs, burrowing down and preparing for war. The problem is our response is being critically hobbled.
For hundreds of years we’ve accepted, tolerated, and grown accustomed to spies collecting information and operating clandestinely without any declaration of war. Codes of behaviour have grown up around such activities. These practices have been normalised. But what’s changed, today, is that it’s not just trench-coat wearing intelligence agencies that are operating in the cyber world and this is not a low-stakes competition. It’s a new, desperate struggle to secure the critical fabric that links our modern post-industrial society. Rip this apart and the country disintegrates.
The problem is that today, foreign military forces around the world are engaged in an enthusiastic effort to penetrate beyond national boundaries, lodge electronic bombs, and preparing to detonate a cataclysmic cyber Pearl Harbour on command. If any country did this physically, we’d call it exactly what it is; an act of war. There aren’t, however, similar rules and understandings in the cyber domain.
It’s a threat that we’re unprepared to meet, but to that in a moment.
First, examine exactly how this all began.
It was, ironically enough, a smiling, enigmatic, Harvard graduate and former law professor that opened this Pandora’s box. Barack Obama happily legitimised a cyber attack, authorising a coded mission to destroy Iranian centrifuges far more effectively than the only other, more dangerous, alternative: sending Israeli jets flying over the desert sands to bomb the nuclear enrichment facilities. This was qualitatively different from the other, also used, alternative, getting motorcycle assassins to shoot scientists caught-up in Tehran traffic. Unfortunately for Obama, what was fine back then (because the US was so far in advance of any other power) doesn’t look quite so damn cool and smart today. Other nations have caught up.
Obama unleashed a new way of war but couldn’t control it.
Russia, Iran, and North Korea (the RINK) learnt from what occurred. They decided the US couldn’t have all the fun and joined in the games, but added their own twist. They got the military involved.
The cyber domain became a free-for-all, similar to the Caribbean in the sixteenth century.
Spanish galleons were ploughing across the waters of the Main on business. England’s Elizabeth 1st (“Good Queen Bess”) happily commissioned privateers (her “Sea Dogs”) like Francis Drake and John Hawkins to loot and raid the Spanish Treasure ships, all the while denying they operated on her instructions. The pirates became wealthy heroes as they destroyed legitimate commerce. It was so much easier than invading America. Later, in 1812 it was the US’s turn. “Independent” raiders were rewarded for capturing British ships while America denied responsibility for their activities.
This is the way smaller powers have always operated. Asymmetric warfare targets the weakest point of opponents who can’t strike back. Is it a surprise this is how the RINK engages? Did the US really believe it would be allowed to send spies wandering electronically through other countries wires, dropping electronic bombs, without them retaliating?
But now China has joined the RINK, heightening risk and adding complexity to an already dangerous situation. Today regular military units are engaged in operations behind the lines and through the wires, penetrating and targeting not just government, but commercial and civilian systems. Every nation’s preparing for the first day of the next war by ensuring they have the capacity for a crippling, devastating opening attack.
So where does this leave us?
The Army Research Centre’s Al Palazzo offers a brilliant conceptual model to engage with what’s happening.
Traditionally, we think of conflicts beginning with a declaration of war and finishing with a settlement. Instead Palazzo talks about the “war cycle”, often operating below the threshold of actual violence, and through which nations achieve their aim. Using a combination of smarts, force and unattributed actions, Turkey was able to obtain its way in Syria while Russia swiftly and successfully incorporated the Crimea.
The cyber domain is the new site of struggle and becoming similarly weaponised. China’s Peoples Liberation Army units are regularly engaging in a similar, crucial, struggle for dominance and supremacy.
The big problem is that our laws aren’t set up for conditions short of war. Our military can’t operate here because “cyber” isn’t a physical territory you can defend. It’s in the ether, so our military is hobbled because there’s no legislative basis for it to engage.
Major General Marcus Thompson is deputy chief, information warfare. He’s that rare thing, a commander with a doctorate in cyber security. But now he’s warning – in a succession of public speeches – that parliament urgently needs to change the legal framework for engaging in these new conflicts.
Thompson specifically notes that “Australia does not posess a legal or conceptual definition of what information warfare is”. This is because, critically, our forces can’t be involved without a declaration of war. In Brussels recently the Chief of the Defence Force, Angus Campbell, reiterated his own concerns about these issues.