Australia is unprepared for cyber war

Like many nations, Australia is not sufficiently prepared for cyber warfare. In a study published by the University of New South Wales at Canberra, Greg Austin writes that few governments have started to consider or financially plan for the civil defense force needed to maintain national stability in cyber space, both to support their military operations as well as to protect its citizens.

While governments worldwide have dedicated billions of dollars to purchase sophisticated weapons, a “cyber storm” attack could deter such weapons from operating or even reaching the frontline of modern warfare, as well as interrupting the support of its opponent’s military forces throughout the civil sector.

Why Australia is not prepared for cyber war

Austin has identified numerous civil defense gaps in preparing for a cyber attack, including research, legal, communication, and training.

Rory Medcalf, a senior intelligence analyst and former diplomat, trains Australia’s intelligence and defence officials at the National Security College in Canberra. He has argued that Australia is unprepared for an increasingly plausible cyber war. “In many ways, we may not even know when a cyber attack or indeed when a cyber campaign against Australian interests has begun,” he said.

And in another top-secret Australian Department of Defence review published in 2019, it was reported that despite facing the greatest danger of war or financial crisis since the early 20th century, the country was still dangerously unprepared for war, including for cyber war. The historic report, published under the Freedom of Information laws, is the first comprehensive revaluation of long-term cyber war preparation and planning by the government since the Vietnam era.

The assessment, completed in June 2019, was terrifying in its prescience. It described a potential Asian pandemic as a probable risk within ten years, and concluded with: “The probability of a significant social or economic disruption, [or] a regional operation requiring Australia to lead a multinational coalition or become engaged in a major power conflict is higher now than at any time in the last 60 years.”

The analysis also indicated widespread concerns throughout the Department of Defence that Australia’s readiness for new and unconventional tactics is insufficient for both conventional and cyber war, despite the cyber interventions and measures that are already in place. 

Recently, the former director of preparedness and mobilization for the Department of Defence, Cheryl Durrant,revealed her serious reservations about Australia’s ability to stave off a crisis. She acknowledged that she was shocked to discover the simultaneous threats from emergencies as varied as cyber warfare, climate-induced disasters, and the effects of a pandemic.

According to the mobilization review, the nature of unconventional warfare has changed significantly. It confirms that Australia’s “level of security comfort” from its geographic isolation has been considerably reduced because cyber attacks “making national security borders very porous”.

A wargame study from the National Security College, also obtained under the FOI laws, cautioned that a foreign entity in a cyber war would not only exploit vulnerabilities in computer systems, but would also exploit vulnerabilities in society. Financial information, passwords, and email addresses of Australian citizens would be most at risk from XSS attacks, malware, and SQL injections.

In one of the team’s scenarios, an enemy state launches synchronized cyber attacks on Australia’s vital infrastructure, such as electricity grids and military networks. It also attacks supply chain operations where there has been a lack of encryption level security or outdated security software. 

In another scenario, the attacker hacks into automated vehicles as well as drones, triggering traffic accidents and starting bushfires.

In the final scenario, the prime minister is battered by a bribery scandal over reimbursements to his or her credit card, while mass resentment and uncertainty are triggered by ‘deepfake’ video clips of politicians and ‘false flag’ assaults engineered to redirect the accusations. Deepfake attacks include faking video and audio as well as using AI to draw on fear-mongering and otherwise entice people to look, listen, and become targets of cyber attacks in the process.

In these scenarios, with Australia’s cyber infrastructure no longer safe, the nation finds itself alienated from its allies and expelled by the US, Canada, the UK, and New Zealand from the Five Eyes intelligence community.

A call to action: A ‘whole-of-government’ approach is needed

In recent years, the Australian government has passed measures intended to increase cyber security, but they have not been without controversy. An example is the Telecommunications and Other Legislation Amendment Bill of 2018, which is designed to make it easier for law enforcement to intercept and investigate online communication services. However, this is at the expense of not allowing those services to use encryption technology inherent in security applications such as virtual private networks (VPNs), server monitoring software, and enterprise firewalls.

VPNs do remain legal in Australia, but popular communication apps are forced to make their chats completely available to law enforcement by severely weakening their encryption. It’s an example of a law that many believe may weaken Australia’s cyber security despite its intentions to give law enforcement an upper hand against cyber criminals.

Meanwhile, Australian companies are experiencing more cyber breaches than ever before, a harbinger of what might come in a cyber war.

Inside the federal government and through Australia’s intelligence and military societies, there is an increasing demand for the prime minister and the states to design and implement a new national security or stability program.

The Department of Defence’s own report is explicit, outlining a “whole-of-government approach will be essential” to address any and all anarchistic threats among all sectors of society. The report also advocates for a thorough analysis of the country’s vulnerabilities and suggests that a nationwide effort is needed to shield against the damaging divisions that opponents like Russia have earned within the United States.

UNSW professor Medcalf expects that the COVID-19 pandemic, which revealed many deficiencies in Australia’s ability to be resilient in the face of massive disruptions, might have a lasting effect—that there will be a continued collaboration among Australia’s governments, citizens and the private sector to make the country more resilient.