Australia must expedite cyber and AI technology sharing arrangements with the United States and United Kingdom to address the immediate threat of cyber-enabled grey zone warfare.
The technology sharing arrangements unveiled under the new AUKUS alliance were welcomed by many across Australia’s national security apparatus. Indeed, Prime Minister Scott Morrison’s confirmation that Australia would pursue the local construction of nuclear-powered submarines strengthened the nation’s growing role in maintaining a rules-based order in the face of an increasingly volatile Indo-Pacific, and opened the door to developing cutting-edge cyber and AI technologies tapping into the collective commercial-military capabilities of Australia, the UK and the US.
However, while the strategic deterrence capabilities of an Australian fleet of nuclear-powered submarines would discourage threat actors from taking overt action in the Indo-Pacific (once constructed in over a decade’s time), Australia must take more immediate and short-term capability improvements against the threat that Australians already face – information warfare in the grey zone.
While potentially an overused terminology, the threats are substantial.
The key threat of grey zone activities lies firmly in an inability to definitively attribute attacks. Information operations, hacking or even counterspace measures are difficult – if not often impossible – to attribute to state or non-state actors, providing the victim with little legal or military recourse to defend themselves against threat actors.
If we hold the Clausewitzian maxim that “war is the continuation of politics by other means” to be true, then the sharp increase of cyber-enabled information warfare poses an immediate and significant risk to undermining Australia’s national resilience, critical infrastructure and ultimately national morale.
So great is the threat of cyber-enabled warfare, that upon the release of the French government’s Military Cyber Strategy in 2019, the country’s Minister for the Armed Forces, Florence Parly, argued that “cyber warfare has begun”. Indeed, the strategy examined the broad swathe of information operations, from intelligence to influence operations and undermining national resilience.
Information warfare has long been used to foment internal divisions, destroying enemy morale and their willingness to undertake armed combat.
A prototype of this information and psychological warfare was evidenced throughout the Huk rebellion in the Philippines throughout the 1940s and 1950s, in which ranger teams would place small drawing of eyes into Huk weapons caches to lead the combatants to believe that they were always watched. This hugely successful tactic undermined the rebels’ willingness to fight without having to fire a bullet.
More recently, at the outset of the War in Afghanistan Peter Singer wrote in the Brookings Institution that the US should foment division between the local Afghan mujahideen and the wealthier Arab jihadis (termed the “Gucci Mujahadeen”) to mitigate the threat of a unified opposition to the invasion.
Simply – by undermining national resilience and fomenting division, an enemy can remove their adversary’s willingness to fight.
Such behavioural operations have been magnified in recent years with cyber interconnectedness providing a greater number of vectors for threat actors to exploit.
Writing in ASPI’s The Strategist last week, cyber expert Pukhraj Singh explained that Australian companies exhibit an array of exploitable weaknesses that place a continuum of organisations – and Australia’s overarching national resilience – at risk.
“The relentless compromising of the private sector, which remains a soft but strategic target, has diluted the conventional boundaries of conflict, forcing the government to enhance its legislative reach,” Singh argues.
Singh notes that while the commonwealth’s Security Legislation Amendment (Critical Infrastructure) Bill 2020 acknowledges the vulnerability of Australian cyber space, it needs to refine critical infrastructure.
“While the contentious issue of how much access into the enterprise networks the Australian Signals Directorate should be offered requires deliberation, the private sector can’t withstand the Category 5 hurricane that a state-sponsored cyberattack could be,” Singh observes.
“Veteran cyber security analysts Andrew Burt and Daniel Geer say that something becomes critical infrastructure when it is adopted by society. ‘Adoption is the gateway drug to criticality. When enough people depend on something in cyber space, that something is made critical.’”
Indeed, Singh draws a link to how the breadth of cyber-enabled operations – from hacking through to information warfare are critical tools to psychologically weaken nations, without having to rely on military intervention.
“Before and after Russia’s 2014 annexation of Crimea, the Ukrainian power grid was repeatedly targeted with destructive malware. Ben Buchanan notes in his book The hacker and the state, ‘It plunged hundreds of thousands of people into darkness … but did not devastate cities or starve populations’,” Singh says.
“Life went on. But the attacks did demotivate the population, affecting people’s will to fight and resist the Russian insurgency.”
Singh further outlines how information warfare further erodes societal cohesion, further undermining national resilience.
Citing Corneliu Bjola and Krysianna Papadakis from the University of Oxford, Singh notes, “[Its aim is] not primarily to alter people’s views in support of certain policies, but to induce them into a state of self-defeating and endemic scepticism by undermining the very criteria on the basis of which they develop their cognitive abilities to make sense, interpret, shape reality.”
Indeed, the Minister Parly is likely correct in arguing that “cyber warfare has begun.” Low barriers to entry and an inability to attribute attacks to threat actors make cyber incursions too attractive to deny.
New technology sharing arrangements under the AUKUS agreement must enable Australia to tap into world leading cyber capabilities, build our cyber resilience and mitigate the threat of cyber-enabled information war.
Liam began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed a range of international media and communications campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to researching and writing extensively on geopolitics and defence, specifically in North Africa, the Middle East and Asia. He holds a Bachelor of Commerce from the University of Sydney and is undertaking a Masters in Strategy and Security from UNSW Canberra.