Lights Out in Cyber Attack

Professor Roger Bradbury, from then ANU National Security College, has portrayed the "South Australian power shutdown ‘just a taste of cyberattack'" (ANU Reporter, 2016). He speculates that Australia's electrical, telecommunications, water, sewerage, transport and financial services infrastructure already has been compromised by China, in preparation for a "surgical cyberattack" in a future dispute over the South China Sea. The effects of a possible cyber attack are not exaggerated, but perhaps Professor Bradbury should not have singled out China.

It is likely that all nations are now preparing for cyber-attacks, as a routine adjunct to conventional military operations. This year I ran ANU computing students through a "Cyberwar: Hypothetical for Teaching ICT Ethics". This was based on a possible conflict over the South China Sea. However, I was careful not to identify who might be attacking who. 

 

Professor Bradbury suggests that our systems can be made less vulnerable by not having them top-down or hierarchical. He suggests "We need 21st-century networks that have no centre: no main power station, no main water dam, no main interconnector, no main transport hub or central train station...". In this he is perhaps suggesting a system like the Internet, which consists of a collection of interconnected networks (literally an Inter-Net). However, even a system with no hierarchy is vulnerable to attack if it uses the same computer control software for all iots nodes and those nodes are all connected to the Internet.

 

One way to build resilience is to rely on gravity, as is done with much of the water supply. Water is pumped to reservoirs and then flows by gravity. Similarly, sewage systems have overflow valves, which open to allow sewage to flow into waterways (bad for the environment, but better for human health than sewage backing up into people's homes).

The electrical grid can be similarly protected by having generators independently working to maintain the system, rather than acting via central control. Local home solar panels could have a role in this, by boosting the grid when required. However, these systems need to be protected from hacking, or they could be used to attack the grid.

Cybersecurity Conference in Canberra

The conference "Securing our Future in Cyberspace", is being hosted by the Australian National University in Canberra, 15-19 February 2016. There are also free public talks during the conference (registration for each required):

1. Towards a political ecology of cyberspace, Research symposium, 8:30am-12pm, Tuesday 16 February 2016, Chair: Professor Roger Bradbury, Director, Strategy and Statecraft in Cyberspace research program, ANU National Security College
2. Quantum sovereignty: the Westphalian principle and the global governance of cyberspace, Public seminar, 6-7pm, Tuesday 16 February 2016, Speaker: Professor Paul Cornish, Research Group Director for Defence, Security and Infrastructure at RAND Europe, Cambridge
3. Taming cyberspace: Applying international law in a new domain, Public seminar, 6-7pm, Wednesday 17 February 2016, Speaker: Professor Fred Cate, Vice President for Research at Indiana University, Distinguished Professor and C. Ben Dutton Professor of Law at the Indiana University Maurer School of Law 
4. The role of cybersecurity in Chinese foreign policy, Public seminar, 12:30-1:30pm, Thursday 18 February 2016, Speaker: Assistant Professor Jon Lindsay, Assistant Professor of Digital Media and Global Affairs at the University of Toronto Munk School of Global Affairs 
5. Securing our future in cyberspace: Next steps, Closing plenary, 12:30-2pm, Friday 19 February 2016, Speakers: Dr Herb Lin, Senior Research Scholar for cyber policy and security at the Center for International Security and Cooperation and Research Fellow at the Hoover Institution, Stanford University, and others.

Future of Cyber Warfare

Greetings from the 2014 Digital Government Conference in Canberra, where Dr Suresh Hungenahally, Chief Information Security Officer, Department of Business and Innovation (Vic), is speaking on "The Future of Cyber Warfare". He showed a video from the Australian Signals Directorate (ASD) depicting a government official who has lost their laptop, so logs in from a cybercafe and has their password stolen as a result.

Dr Hungenahally pointed out that "hackers" are now not just teenager having fun, they are criminals out to steal corporate secrets. He related the Queensland case of a SCADA system being penetrated  the Maroochy Shire Council's sewage control system.
Dr Hungenahally then claimed that the Australian Air Traffic control system depended on US based computer systems, which seems unlikely.

ps: The Australian National University is launching its "Strategy and Statecraft in Cyberspace" research, later today.

Strategic Ecology for Cyberspace Security

Professor Paul Cornish will speak on "Connection, Communication and Conversation: Shaping a Strategic Ecology for Cyberspace", at the Australian National University in Canberra, 5.45pm,  12 November 2013.

Public seminar

Connection, Communication and Conversation: Shaping a Strategic Ecology for Cyberspace

Speaker: Professor Paul Cornish
Date: Tuesday 12 November 2013
Time: 5.45pm – 7.00pm, refreshments served from 5.15pm
Register: Register here

The expanding global communication infrastructure brings with it the possibility of a worldwide conversation across all dimensions and at all levels of human life. In most of the cases of human interaction, customs, protocols and ‘rules of the road’ emerge with usage. Where government interactions are concerned, however, there is a tendency to revert to established ideas and methods with which to stabilise and then manage competitive strategic relations – often those drawn from the Cold War.

Yet, while cyberspace should indeed be managed as an arena of human interaction and contestation, more thought is needed as to how this can be achieved in an efficient and durable manner. The relaxation of cyber tensions between China and the West, for example, will not come as a result of a technological fix of some sort, and nor will it lie in a Cold War-style strategic stand-off.

The current strategic narrative is dominated by mistrust, by claims of espionage, crime and terrorism, by rumours of worse to come and by disagreement over the basic terms of debate. Cyberspace appears to be a lawless frontier in which each actor operates according to the rules he prefers. Consequently, the governance of cyberspace is in a state of arrested development.

A strategic ecology for cyberspace is needed: a sense of cyberspace as a rule-bound political environment in which the scope and limitations of interaction can be discussed, in which trade-offs and compromise are made possible, and in which mutual interest can be pursued. Above all, this ecology should correspond more closely to the digital environment of the 21st century than to the missile environment of the 20th.

Paul Cornish is Professor of Strategic Studies at the University of Exeter, having previously been Carrington Professor of International Security at Chatham House. He has taught at the UK Defence Academy and at the University of Cambridge, and has served in the British Army and the Foreign and Commonwealth Office. His work covers national strategy, cyber security, the ethics of armed conflict and civil-military relations. He is a member of the UK Chief of Defence Staff’s Strategic Advisory Panel, a Fellow of Oxford University’s Global Cyber Security Capacity-Building Centre, and a Senior Associate Fellow of the Royal United Services Institute.
The National Security College is a joint initiative of the Commonwealth Government and ANU.

Researching National Security in Cyberspace

A public forum on "Strategy and Statecraft in Cyberspace" is being held at the Australian National University in Canberra, 12:30pm, 8 November 2013. International security experts will discuss if we face a ‘digital Pearl Harbor’, or as I suggest in Australia's case, a Binary Bombing of Darwin.  The question is if Australia is vulnerable to a cyber attack on its national information infrastructure on a scale similar in effect to 19 February 1942, when Japanese aircraft attacked Darwin.

Strategy and Statecraft in Cyberspace

Date: Friday 8 November 2013 - 12:30 to 13:45 
Register: Register online now

Join us for a panel discussion and open forum to explore the complexities of cyberspace from a national security perspective – a domain in which states and non-state actors interact with each other in an increasingly contested environment.

This event has been organized by the ANU National Security College (NSC) as it finalises priorities for its new research program on Strategy and Statecraft in Cyberspace. The NSC has brought together leading researchers from Australia, the United States and the United Kingdom for this event which will be facilitated by the ABC’s Michael Brissenden:

• 
  Professor Roger Bradbury is a complex systems scientist with experience in international cyber issues, and is with the National Security College at ANU.
• Professor Fred Cate specialises in information privacy and security law issues, and is Director of the Center for Applied Cybersecurity Research at Indiana University, USA.
• Professor Paul Cornish is an expert in cyber security and cyber war, and Professor of Strategic Studies at the Strategy and Security Institute at the University of Exeter, UK.
• Dr Jon Lindsay is an expert in international relations at the University of California Institute on Global Conflict and Cooperation at UC San Diego, USA.

Like the traditional domains of land, sea, air and space, states and non-state actors are using the cyberspace domain to pursue their objectives in an increasingly complex world. The panel will discuss the rise of cyberspace, which has created a number of ‘wicked’ policy problems for global security including:

the proliferation of cyber weapons to state and non-state actors

the systemic vulnerabilities in the infrastructure of globalisation and military power

the friction between private sector actors who manage the Internet and the public sector actors who are supposed to defend them

the mismatch between the pace of policy formation and the pace of technological change

the failure to coordinate among government agencies responsible for national security, law enforcement and industrial policy

major disagreements about how the Internet should be managed domestically and internationally.

Some authors foresee grave new risks of a ‘digital Pearl Harbor’, while their critics dismiss these warnings as inflating the threat. Technological complexity has amplified political complexity, which in turn has complicated political analysis. Our panel will endeavor to unpick these issues from the perspectives of social policy, security policy and the future of technology. We look forward to welcoming you at this important event focusing on an issue of critical significance.