Cloud Hosting

Canberra is significantly boosting the cyber capabilities of the Australian Signals Directorate (ASD) the government agency responsible for signals intelligence, support to military operations, cyber warfare and information security. Project Redspice, announced in March, will increase ASDs budget by almost $10 billion over 10 years.

Unfortunately, ASDs 21-page Blueprint offers few insights into how the new money will be spent. In essence, we know only that the organisations staffing will almost double, its persistent cyber hunt activities will expand at the same rate, and its offensive cyber capability will grow even faster; tripling over the same period.

Hardly shy of criticising China, the government remains peculiarly leery of identifying Beijing as the source of constant cyber operations against Australia.

Prime Minister Scott Morrison has explained this move as necessary in order to be prepared for war: the first shot fired in any conflict that Australia might be involved in won't be in a metal casing, it'll be in bits and bytes. According to Defence Minister Peter Dutton, that was most recently demonstrated by offensive cyber activity against Ukraine.

Thats all true, but the cyber threat is more immediate and its coming from China. Hardly shy of criticising China, the government remains peculiarly leery of identifying Beijing as the source of constant cyber operations against Australia. Canberra joined allies to name China as the perpetrator of a Microsoft Exchange hack identified in January 2021, but still generally prefers euphemisms such as state-based actor (or allusions like Redspice).

Canberras focus on a future war is also misleading. Chinas aggressive actions in cyberspace are part of a growing competition short of war in what is often, if unhelpfully, described as the grey zone. Australias goal in this contest is not simply to win cyber battles by having superior offensive capabilities but to prevent cyberspace being transformed into a battlespace.

Australia wants an open and secure global internet in which states behave according to accepted rules. So Canberra must use its growing offensive cyber capability strategically to avoid undermining this greater goal.

Public messaging is an essential part of this strategic approach, not least because the opacity of cyberspace can foster misunderstanding. Clear communication is essential to both deter adversaries and reassure international partners.

There are, of course, limits on what the government can say about the activities its intelligence organisations perform. But in 2016, Australia was among the first countries to reveal its offensive cyber capability. In doing so, then Prime Minister Malcolm Turnbull said this would add a level of deterrence [and] adds to our credibility as we promote norms of good behaviour on the international stage.

ASDs leaders have since then slowly added to the picture. Theyve explained that offensive cyber (which doesnt include reconnaissance or espionage) encompasses anything from sabotage of critical infrastructure down to subtle manipulation of data. ASDs former Director-General Mike Burgess has emphasised that most of the agencys operations are low key: our targets may find their communications dont work at a critical moment rather than being destroyed completely. Burgess and his successor Rachel Noble have described ASDs operations against non-state actors (terrorists and criminals), but not other states.

Still, its clear that ASD is legally able to undertake offensive cyber activity against other states in situations short of war. ASD may conduct offensive cyber operations to disrupt criminal activity. Cybercrime is defined broadly enough to include other states cyber intrusions. ASD Director-General Rachel Noble last year underscored that we consider both state actors and serious and organised criminals to be undertaking criminal activity when going after Australian networks.

Canberra often emphasises that its offensive cyber operations accord with international and domestic law. The bigger question is whether Australia should use its offensive cyber capabilities against other states and, if so, how?

US public discussion of these issues has evolved faster than Australias in recent years. When Turnbull revealed Australias capability, President Barack Obama was still keeping tight control over US cyber operations. President Donald Trump reversed this approach in 2018, partly because that was his modus operandi and partly because cyber security agencies argued for a new approach.

Advocates argue that America can only counter its adversaries continual cyberattacks by operating in their networks.

President Joe Biden appears to have maintained the policy of defend forward, articulated in Trumps2018 Department of Defense Cyber Strategy. Washingtons current approach to competition in cyberspace is described as persistent engagement by Paul Nakasone, the dual-hatted head of the National Security Agency (NSA) and Cyber Command (both of which are ASDs close American counterparts.)

Still, the US debate about persistent engagement continues. Advocates argue that America can only counter its adversaries continual cyberattacks by operating in their networks. Opponents maintain that the risks of unintended consequences and escalation are too great. But most of them would acknowledge that those risks are at least mitigated by Washingtons relatively transparent discussion of cyber strategy.

Australias offensive cyber capability is now growing faster than its public discussion about why these tools are needed and how they should be used. Because Australian cyber competition with China will almost inevitably intensify, so too will the need to publicly air the complex questions of strategy and values that this raises. At minimum, Canberra should say whether ASD has also adopted persistent engagement.

Read more:
Australian cyber: What's Redspice for? | The Interpreter - The Interpreter