'No such thing' as cyber warfare: Australia's head of cyber warfare

Warfare is warfare, espionage is internationally normal, and cyber is just one of a suite of potential capabilities for a military response, says Major General Marcus Thompson.

The Australian government wouldn't necessarily call out specific nation-states for cyber attacks or cyber espionage. Attribution is hard, and it isn't done lightly, according to Major General Marcus Thompson, head of the Australian Army's Information Warfare Division.

"There is a tradeoff here between intelligence and evidence, and as a military guy I'm obviously focused on intelligence," Thompson said on Tuesday.

Intelligence analysis doesn't always deliver the kind of standards for evidence that's needed for law enforcement or public attribution, he said.

"We make an assessment, and it's not just necessarily about being able to trace those electrons back through whatever to 'Hah! There's buggalugs sitting at his or her computer screen'. It's contextual."

Thompson also says it's important to remember that espionage isn't new.

"We've got to be careful not to jump up and down -- throw the toys out of the cot -- when an internationally normal activity of espionage is being conducted, because others do it too."

Thomson's comments echoed those by Alastair MacGibbon, former head of the Australian Cyber Security Centre (ACSC), who is now the newly appointed chief strategy officer at CyberCX.

"It's not done lightly because you need the literal smoking gun that you're willing to expose," MacGibbon said.

"You also want to be changing the behaviour if you can. There's no point naming something if you're not changing behaviour. I'm not sure whether public attribution changes much behaviour," he said.

Hypothetical 'zombie robot trucks' run amok

Thompson and MacGibbon were among the panellists for the Cyber Security Hypothetical organised by University of New South Wales (UNSW) Canberra Cyber at the Australian Defence Force Academy (ADFA).

In a scenario designed by Steve Wilson of Lockstep Consulting, panellists were asked to consider what might happen if an escalating series of cyber attacks arose leading up to the 2025 federal election.

In the hypothetical scenario, presumed nation-state hackers penetrated a mining company. Autonomous mining trucks, a technology in which Australia is a world leader, are turned into "zombie robot" weapons. Panic ensues.

Meanwhile, social media disinformation campaigns add to the confusion.

In response to the scenario, tech analyst Justin Warren said misinformation isn't new.

"It goes to culture," Warren said.

"People need to be practiced to understand that authoritative sources exist, and that I should go and look for one, not just believe whatever my mate Dave said about the purple monkeys that are going to eat my brain."

See also: Australia as concerned about cyber Bond villains as state actors

Myth-busting site Snopes has become an authority because it demonstrated trust over a long period of time, he said.

"One of the issues we have at the moment is that we have a lot of institutions that are not practising those behaviours, that show us that they can be trusted."

Kate Carruthers, chief data and insights officer for UNSW Sydney, had another theory.

"Potentially by 2025, governments will step up and realise that organisations like Facebook are public utilities and ought to be regulated as such," she said.

"I strongly believe that these sorts of organisations should be regulated, just like we regulate telcos."

Back in the hypothetical, radio shock jocks which are still a thing in this version of 2025, are calling on government to retaliate with a military response.

What would be the considerations for engaging in cyber warfare?

"Despite the fact that my job title is head of information warfare, and I talk a lot about cyber warfare, there's actually no such thing. There's just warfare," Thompson said.

"Any response that the government might choose to make that involves the military could occur using any capabilities that the military has available, including of course capabilities that sit within ADF [Australian Defence Force] and the Australian Signals Directorate [ASD]," he said.

"A military response would be one of any number of options, or could be part of a suite of options, that the government of the day could consider."

There's a "fundamental question" in this scenario about the role of the ADF in a domestic setting, according to Thompson.

"There are strict and entirely appropriate constitutional constraints on the role of the military on Australian soil," he said, and the rules are laid out in Part IIIAAA of the Defence Act 1903.

This can occur as part of counter-terrorism activities, for example.

Three cyber military questions that need answers

Earlier this year Thompson expressed concerns that while Australia has "good" cyber defence capabilities, those capabilities might not be able to scale if Australia was faced with a large-scale attack in a cyber realm.

On Tuesday, he said that when we think about "cyber warfare, cyber-enabled influence, that broader information warfare thing", three questions have been "burning" him for some time.

  • How do we have a sensible conversation with our population about this?
  • How do we increase national resilience in the face of this? Resilience is different from security, he said. Resilience is "what happens after security's been breached".
  • What is the role of the ADF in defending the homeland in this space?

"I'm not advocating one way or the other. I just want to know where we sit so I can design capabilities accordingly," Thompson said.

"I think it's a debate or a discussion the nation needs to have."

Disclosure: Stilgherrian travelled to Canberra as a guest of UNSW Canberra Cyber.

Related Coverage

US wants to isolate power grids with 'retro' technology to limit cyber-attacks

SEIA bill, inspired by the 2015 cyber-attack on Ukraine's power grid, passes Senate.

Ransomware: Cyber-insurance payouts are adding to the problem, warn security experts

"It seems like a fix but it really isn't". Paying the ransom might be the cheapest short-term option to get your data back, but it causes long-term problems.

NordVPN confirms data center breach

The company said an attacker gained access to a server at a data center in Finland by exploiting an insecure remote management system left by the data center provider.

Simplify and cooperate to beat back the cybercrime wave

Complexity, recent data breaches, and perceived urgency are creating opportunities for online criminals.

Kaspersky honeypots find 105 million attacks on IoT devices in first half of 2019 (TechRepublic)

The number of attacks on IoT devices in 2019 is nine times greater than the number found in the first half of 2018.