Australia’s 2023 cybersecurity strategy makes clear that most of the things we need to do to protect ourselves in cyberspace are essentially defensive. The strategy is usefully organised according to six ‘shields’.

But sometimes we also need a sword. Offensive cyber is the pointy end of cybersecurity. It can be understood expansively as encompassing all the threats that defensive cyber is, in the strategy’s terms, trying to ‘block’. ASPI’s cyber, technology and security program defines offensive cyber as operations that ‘manipulate, deny, disrupt, degrade or destroy targeted computers, information systems or networks’. Offensive cyber is usually—but contestably—distinguished from operations whose main goal is to collect intelligence.

Offensive cyber is fraught with risk. The long list of unintended potential consequences includes spillovers, blowback and escalation. One of the earliest and most successful offensive cyber operations was the US–Israeli attack on Iran’s nuclear program. The Stuxnet virus destroyed Iranian centrifuges but probably went on to infect more than 100,000 computers around the world before it was stopped. The attack also accelerated the development—and destructive use—of Iran’s offensive cyber capabilities.

Liberal democracies are much more interested than states like Iran in preventing cyberspace from becoming a battlespace and, more broadly, in maintaining the integrity of the global information environment. The decisions they make about when and how to engage in offensive cyber operations involve fundamental questions about international order and the future of the digital information revolution. They demand extremely complex assessments of cause and effect.

Leading Western cyber powers are developing more sophisticated doctrines and concepts to guide these decisions. After Stuxnet, President Barack Obama’s administration put the United States Cyber Command on a tight leash. That was reversed by Donald Trump, who promulgated a defend-forward doctrine. Joe Biden’s administration has embraced that approach: USCYBERCOM’s more assertive posture probably blunted the Russian cyber offensive that accompanied the invasion of Ukraine. The UK is developing its own concept of responsible cyber operations accompanied by a doctrine of cognitive effects.

This work is unfinished. The issues are complex and consequential. Compelling arguments have been made that there’s no meaningful distinction between offensive and defensive cyber operations or even between information and cyber operations. Importantly, much of this discussion and debate is taking place in public.

Offensive cyber operations are usually undertaken covertly. But that’s precisely why democratic governments need to be clear with their citizens about how decisions to undertake them are made. Debating these matters publicly also allows for better consideration of the big issues involved, especially because a wider range experts can be engaged.

Australia shouldn’t be a bystander to these debates. The Australian Signals Directorate’s REDSPICE project, announced by the previous government, includes a tripling of Australia’s offensive cyber capability. The new cybersecurity strategy promises to ‘build world-class innovative offensive cyber capabilities that can deliver real world impact to deter, disrupt, degrade and deny cybercrime’. The strategy commits an additional $587 million from 2023 to 2030 for cybersecurity. That’s in addition to the $10 billion that REDSPICE will add to ASD’s budget over 10 years.

So, what is Australia’s concept of offensive cyber? Despite promising to make Australia a ‘world leader’ in cybersecurity, the strategy sheds little light. It commits to ‘transparency about the rights and obligations that govern’ the use of offensive cyber capabilities but doesn’t say much more than that Australia will comply with existing laws and help develop new ones. The best sources are the speeches of ASD’s directors-general. Since Prime Minister Malcolm Turnbull first revealed Australia’s offensive cyber capability in 2016, these speeches have incrementally disclosed more about what ASD does and why.

Australia frequently reiterates that its use of offensive cyber complies with international and domestic law. Notably, ASD’s current director-general, Rachel Noble, has emphasised that Australia defines offensive cyber operations conducted by other countries against Australia as criminal activity to which Australia may respond in kind. But international norms are unclear, are contested and lag rapid technological change. Saying that Australia complies with them therefore doesn’t reveal much about when and how it uses offensive cyber capabilities.

Following the release of ASD’s November 2023 threat report, Defence Minister Richard Marles was asked whether Australia was ‘striking back’ at cyber attackers. He responded only that, ‘We have a full range of capabilities in the Australian Signals Directorate and we’re making sure that we are as capable as we can be.’ He could have provided a much more useful and informative answer if Australia had, as the US and UK have done, developed a public offensive cyber doctrine. Australians should be told more.

The government’s public discussion of its approach to offensive cyber still falls well short of those of its Five Eyes partners. The charge that Australia has put ‘capability before concept’ in its decision to acquire nuclear-powered submarines can be more accurately applied to its approach to offensive cyber. But fixing this doesn’t require Australia to reinvent the wheel. It can and should build on intellectual work already undertaken by its Five Eyes partners.

Australia will be compelled by an increasingly complex and contested world to compete more in the grey zone. Decision-makers will face tough choices. A stronger and more public offensive cyber doctrine would keep them tethered to Australia’s values and interests as they make those decisions.

Artificial intelligence (AI) presents Australia’s security as many challenges as it does opportunities. While it could create mass-produced malware, lethal autonomous weapons systems, or engineered pathogens, AI solutions could also prove the counter to these threats. Regulating AI to maximise Australia’s national security capabilities and minimise the risks presented to them will require focus, caution and intent.

One of Australia’s first major public forays into AI regulation is the Department of Industry, Science and Resources (DISR)’s recently released discussion paper on responsibly supporting AI. The paper notes AI’s numerous positive use cases if it’s adopted responsibly—including improvements in the medical imagery, engineering, and services sectors—but also recognises its enormous risks, such as the spread of disinformation and harms of AI-enabled cyberbullying.

While national security is beyond the scope of DISR’s paper, any general regulation of AI would affect its use in national security contexts. National security is a battleground comprised of multiple political, economic, social and strategic fronts and any whole-of-government approach to regulating AI must recognise this.

Specific opportunities for AI in national security include enhanced electronic warfare, cyber offence and defence, as well as improvements in defence logistics. One risk is that Australia’s adversaries will possess these same capabilities, and another is that AI could be misused or perform unreliably in life or death national security situations. Inaccurate AI-generated intelligence, for instance, could undermine Australia’s ability to deliver  effective and timely interventions, with few systems of accountability currently in place for when AI contributes to mistakes.

Australia’s adversaries will not let us take our time pontificating, however. Indeed, ASPI’s Critical Technologies Tracker has identified China’s primacy in several key AI technologies, including machine learning and data analytics—the bedrock of modern and emerging AI systems. Ensuring that AI technologies are auditable, for instance, may come at strategic disadvantage. Many so-called ‘glass box’ models, though capable of tracing the sequencing of their decision-making algorithms, are often inefficient compared to ‘black box’ options with inscrutable inner workings. The race for AI supremacy will continue apace regardless of how Australia regulates it, and those actors less burdened by ethical considerations could gain a lead over their competitors.

Equally though, fears of China’s technological superiority should not lead to cutting corners and blind acceleration. This would exponentially increase risk the likelihood of incurring AI-induced disasters over time. It could also trigger an AI arms race, adding to global strategic tension.

Regulation should therefore adequately safeguard AI whilst not hampering our ability to employ it for our national security.

This will be tough and may overlap or contradict other regulatory efforts around the world. While their behaviour often raises eyebrows, big American tech companies’ hold over most major advances in AI is at the core of strategic relationships such as AUKUS. If governments ‘trust bust’, fragment or restrict these companies, they must also account for how a more diffuse market could contend with China’s ‘command economy’.

As with many complex national security challenges, walking this tightrope will take a concerted effort from government, industry, academia, civil society and the broader public. AI technologies can be managed, implemented and used safely, efficiently and securely if regulators find a balance that is neither sluggish adoption nor rash acceleration. If they pull it off, it would be the circus act of the century.

The Indo-Pacific’s importance to the security of Australia and regional allies continues to dominate public discourse. Last month, the Quad foreign ministers from Australia, India, Japan and the United States released a joint statement on ransomware, recognising that vulnerabilities in cyberspace are compromising the security of critical national infrastructure and economic continuity in the region.

The statement is an important acknowledgement that ransomware is a transnational threat that can’t be mitigated purely through domestic policy. The rise of ransomware attacks on software supply chains demonstrates this much. The multistakeholder approach that the Quad statement highlights is key to addressing the vulnerabilities that enable this type of ransomware attack.

Ransomware is a highly profitable and disruptive cyberattack technique that serves both criminal and state actors alike. Companies in the information and communication technology sector are at particular risk because they are critical infrastructure providers that also hold rich data troves that can be exploited as leverage or for profit on the dark web.

Since the Covid-19 pandemic, ransomware attacks have increased dramatically worldwide. The latest annual report on the state of ransomware, by cybersecurity firm Sophos, indicated a 78% rise in attacks globally between 2020 and 2021. Nearly two-thirds of the organisations surveyed reported having been affected.

Australia is the most targeted ransomware victim in the Indo-Pacific region, and the third most cyberattacked nation globally. The likelihood of an attack is high and, as recently as September, Australian telecoms provider Optus was successfully targeted in the largest ever national data breach. Outside of critical-infrastructure providers, ransomware targets are typically large organisations that have the capacity to pay high ransom demands due to their extensive operations. Australian-owned multinationals providing ICT products and services to domestic and regional clients that require regular software updates and installations fall into this category and have a high chance of being hit by supply-chain attacks.

A software supply-chain attack exploits the trust relationship between the vendor and client. A common scenario is when a vulnerability is exploited that enables hackers to compromise the provider’s source code with malicious malware. Software updates containing malicious code are then unwittingly installed by users, infecting their networks. This is also known as a downstream attack.

Effective cybersecurity programs require assessment of third-party vulnerabilities; however, they can’t always identify or mitigate source code compromises in software because they’re hard to detect and can evade firewalls when disguised within trusted code. Detection and prevention of this type of attack are best managed at the source by the software vendor itself.

This is where the multistakeholder approach emphasised by Quad ministers comes into play. Cyber policy that aims to secure critical national infrastructure needs to recognise that third-party vulnerabilities—or links in the supply chain—are often the points most prone to compromise. Governments need to work collaboratively to identify the links between critical-infrastructure providers in their jurisdictions and organisations in the region. From there, domestic policy in each nation needs to reinforce the efforts of regional counterparts to ensure that baseline security standards, vulnerability reporting mechanisms and ransomware mitigation and response practices are comparable, if not interoperable.

The Kaseya ransomware attack in 2021 is an example of how the effects of supply-chain attacks can go beyond the intended victim. Kaseya was targeted by a Russia-based ransomware group called REvil that leveraged a vulnerability in the company’s software. Kaseya provides ‘virtual system administrator’, or VSA, software products—remote monitoring and management products that use cloud technology to handle a range of activities for businesses. The VSA software that was compromised had a high degree of trusted access to client systems. When the software was automatically updated, the ransomware infected clients in 17 countries. Customers included small businesses such as supermarkets, as well as schools and pharmacies. REvil then demanded a ransomware payment from Kaseya. While Kaseya was a US company operating under California law, the ransomware attack had downstream supply-chain consequences globally.

A ransomware attack on an Australian business with downstream supply-chain relationships like Kaseya’s would have significant ramifications for regional stability and Australia’s broader national security interests, particularly if the business were held to ransom for an extended period.

State actors could easily leverage this technique for disruptive or coercive purposes, particularly since sophisticated attacks can ensure that malicious code is programmed to stop operating when it is uploaded to a network with specific language settings. This enables more refined and accurate targeting by adversaries and mitigates the risk of cyber fratricide.

Economic productivity and supply chains will be disrupted in the region if businesses are repeatedly taken offline. Such attacks could also damage Australian providers’ reputation for reliability and security, resulting in regional business seeking similar services from other major providers in the region. Australia’s economy would suffer, and adversaries could be given more control of digital trade. The reputational damage could also extend to diplomatic partnerships.

While these concerns have been framed in an Australian context, other Quad members are vulnerable to the same scenarios. The implications of a supply-chain attack are therefore significant for both Australia and regional partners. The importance of the Quad’s ransomware statement shouldn’t be lost. Public pressure should be placed on governments to keep them accountable to the Quad’s call for states to uphold the shared responsibility of assisting each other when faced with malicious cyber activity, particularly when ransomware threatens critical national infrastructure.

As a starting point, the Australian parliament should review the proposed amendments to the Security Legislation Amendment (Critical Infrastructure) Bill 2021 in this context and take it as an opportunity to demonstrate Australia’s commitment to combating regional cybersecurity risks to critical national infrastructure. There is also an opportunity to apply the lessons learned from the recent Optus and Medicare ransomware attacks.

It’s time for Canberra to step up its leadership in this area and help spearhead the formulation of robust, consistent and enduring ransomware mitigation and response policies and practices that can be developed and emulated by regional partners. Only through collaboration can the threat of instability that ransomware poses be managed.

Late last month, Australia’s leading scientists, researchers and businesspeople came together for the inaugural Australian Defence Science, Technology and Research Summit (ADSTAR), hosted by the Defence Department’s Science and Technology Group. In a demonstration of Australia’s commitment to partnerships that would make our non-allied adversaries flinch, Chief Defence Scientist Tanya Monro was joined by representatives from each of the Five Eyes partners, as well as Japan, Singapore and South Korea. Two streams focusing on artificial intelligence were dedicated to research and applications in the defence context.

‘At the end of the day, isn’t hacking an AI a bit like social engineering?’

A friend who works in cybersecurity asked me this. In the world of information security, social engineering is the game of manipulating people into divulging information that can be used in a cyberattack or scam. Cyber experts may therefore be excused for assuming that AI might display some human-like level of intelligence that makes it difficult to hack.

Unfortunately, it’s not. It’s actually very easy.

The man who coined the term ‘artificial intelligence’ in the 1950s, cybernetics researcher John McCarthy, also said that once we know how it works, it isn’t called AI anymore. This explains why AI means different things to different people. It also explains why trust in and assurance of AI is so challenging.

AI is not some all-powerful capability that, despite how much it can mimic humans, also thinks like humans. Most implementations, specifically machine-learning models, are just very complicated implementations of the statistical methods we’re familiar with from high school. It doesn’t make them smart, merely complex and opaque. This leads to problems in AI safety and security.

Bias in AI has long been known to cause problems. For example, AI-driven recruitment systems in tech companies have been shown to filter out applications from women, and re-offence prediction systems in US prisons exhibit consistent biases against black inmates. Fortunately, bias and fairness concerns in AI are now well known and actively investigated by researchers, practitioners and policymakers.

AI security is different, however. While AI safety deals with the impact of the decisions an AI might make, AI security looks at the inherent characteristics of a model and whether it could be exploited. AI systems are vulnerable to attackers and adversaries just as cyber systems are.

A known challenge is adversarial machine learning, where ‘adversarial perturbations’ added to an image cause a model to predictably misclassify it.

When researchers added adversarial noise imperceptible to humans to an image of a panda, the model predicted it was a gibbon.

In another study, a 3D-printed turtle had adversarial perturbations embedded in its surface so that an object-detection model believed it to be a rifle. This was true even when the object was rotated.

I can’t help but notice disturbing similarities between the rapid adoption of and misplaced trust in the internet in the latter half of the last century and the unfettered adoption of AI now.

It was a sobering moment when, in 2018, the then US director of national intelligence, Daniel Coats, called out cyber as the greatest strategic threat to the US.

Many nations are publishing AI strategies (including Australia, the US and the UK) that address these concerns, and there’s still time to apply the lessons learned from cyber to AI. These include investment in AI safety and security at the same pace as investment in AI adoption is made; commercial solutions for AI security, assurance and audit; legislation for AI safety and security requirements, as is done for cyber; and greater understanding of AI and its limitations, as well as the technologies, like machine learning, that underpin it.

Cybersecurity incidents have also driven home the necessity for the public and private sectors to work together not just to define standards, but to reach them together. This is essential both domestically and internationally.

Autonomous drone swarms, undetectable insect-sized robots and targeted surveillance based on facial recognition are all technologies that exist. While Australia and our allies adhere to ethical standards for AI use, our adversaries may not.

Speaking on resilience at ADSTAR, Chief Scientist Cathy Foley discussed how pre-empting and planning for setbacks is far more strategic than simply ensuring you can get back up after one. That couldn’t be more true when it comes to AI, especially given Defence’s unique risk profile and the current geostrategic environment.

I read recently that Ukraine is using AI-enabled drones to target and strike Russians. Notwithstanding the ethical issues this poses, the article I read was written in Polish and translated to English for me by Google’s language translation AI. Artificial intelligence is already pervasive in our lives. Now we need to be able to trust it.

The federal government’s 2022–23 budget allocates $9.9 billion for boosting Australia’s cyber defence capabilities. The expansion forms part of the government’s commitment to the AUKUS pact, building out the military workforce to support its objectives.

The successful deployment of critical technologies—cyber, artificial intelligence and quantum computing—into Australia’s defence and national security assets can’t be achieved solely through off-the-shelf acquisition from our allies. The government must partner with Australia’s technology and broader ICT sector to provide capabilities where we already have them, rather than simply buying from overseas.

The need for local capability is critical. With cyber, AI and quantum, data moves from being a supporting asset to a core component—effectively becoming the fuel that powers these capabilities. As with fuel, data storage and transmission will continue to be central to the operation of Australia’s critical infrastructure providers.

Conversations in this arena will ramp up as regional tensions continue to seep into the virtual world and our data infrastructure becomes an attractive target for adversaries.

Over the past year we have witnessed a raft of sophisticated attacks launched against all levels of government, as well as health, utilities, food and critical supply chains.

The Australian Cyber Security Centre’s latest annual cyber threat report found that 35% of cyberattacks reported in 2020–21 were launched against government agencies.

Australia has become too reliant on foreign suppliers to store and protect our data assets, undermining our ability to ensure that defence and other government data is entirely under Australia’s jurisdictional control.

In July, the parliament passed legislation allowing electronic data held offshore to be accessed for local law enforcement and national security purposes. This was yet another push towards the establishment of a bilateral agreement with the US under its Clarifying Lawful Overseas Use of Data (CLOUD) Act, a move that would enable unfettered data access between countries and raise concerns over privacy.

The Australian ICT industry already has the capability to deliver many of the data storage and protection services we need, to world-class standards, while also being genuinely sovereign to Australia.

Australia boasts its own burgeoning local cloud industry. It has been expanding for years and was supercharged by the Covid-19 pandemic, as organisations, government agencies and industries digitised activities en masse. The growth has been assessed by local analyst firm Telsyte, which predicts the local cloud market will be worth over $3 billion by 2025.

Further, the demand for local and sovereign data centres to store information has led to Australia’s emergence as one of the fastest-growing data centre locations, with the country now occupying one-tenth of data centre space in the world.

There’s no reason why the Department of Defence or any other government agency should be contracting these services to foreign-owned companies and, in the process, offshoring our data protection and storage. There are wholly sovereign Australian companies that provide the full suite of ICT services governments require.

This is not simply an argument for government to ‘buy Australian’. To be effective partners, ICT businesses need clear guidelines on what areas government will support, including the building of local capabilities, and what should be delivered by allies or other international partners.

In the absence of clear guidelines, businesses are often left second-guessing where to invest to best support the government’s technology needs. Even with the best and most well-informed intentions, those investments may not align with the government’s requirements.

What’s needed is an overarching whole-of-government ICT strategy and policies that specify and prioritise the sovereign technological capabilities we will need for a future-proof digital Australia.

The good news is that we have a ready-made framework currently in use to support defence materiel procurement that can be easily adapted to serve our ICT and critical technology needs.

The defence sovereign industrial capability priorities include AI, robotics and cyber technologies, and imbue Australian businesses looking to partner with the government in these areas with the confidence they need to invest and innovate, knowing it will align with Defence’s procurement policy requirements.

The government should adapt and apply this methodology to ICT and critical technologies so that all government agencies can make procurement decisions based on utilising Australian capability first.

This does not mean the capabilities of our allies are left out in the cold. It simply means we look first in our own cupboard for a solution, and in the event that we lack a specific capability, we then turn to our allies and partners.

This is not asking for ICT to get special treatment. Rather, it is a recognition of the ubiquity of ICT in our economy.

ICT is essential to each of our sectors, including defence and national security. It contributes as much as finance and insurance, and more than four times as much as agriculture. In fact, according to recent research by Accenture for the Technology Council of Australia, the technology sector contributed $167 billion to Australia’s GDP in 2020–21.

More importantly, ICT is not just a core dependency of Australia’s critical infrastructure, but is critical infrastructure itself.

Australian businesses are playing a major role in building the sovereign capabilities required to meet the challenges and opportunities of a cyber-oriented future. They have invested heavily in the development of talent, infrastructure and intellectual property, and demonstrated both technological and strategic capabilities.

The $9.9 billion injection demonstrates that the government understands the critical nature of cyber defence, but industry needs to participate. The local sector wants to work with Defence as its partner, and to help design a roadmap for sovereign ICT and critical technology.

A clear strategy that sets out our national priorities will benefit not only Australian technology businesses, but also government and the entire economy.