Saturday 09 Oct 2021 | 20:10 | SYDNEY
Saturday 09 Oct 2021 | 20:10 | SYDNEY

Dire duo: Terror and cyberspace


Graeme Dobell

30 August 2010 16:22

At almost warp speed, cyber attack has joined terrorist attack at the top of Australia's threat list. Call them the new dire duo of globalisation — the jihadist and the malign screen jockey. Where terrorism elevated the non-state actor to the top of the threat list, the cyber threat erases much of the ability to distinguish between the state and the non-state attacker.

The twin themes of cyber and terror came through strongly in a presentation by the director general of ASIO, David Irvine, in the National Security Lecture Series at the University of Canberra. Eventually, the text of the speech should appear here on the ASIO site. As Irvine expressed the twin threat, terrorism and cyber attack challenge governments and challenge legal systems. He placed the two issues at the head of his list of threats to Australia's security and Australian lives: terrorist violence first and cyber attack second.

The dire duo were discussed in depth. Everything else mentioned was lightly listed: uncontrolled movements of people, the drug trade, virulent pandemics and climate change. Challenged later on climate change straying into ASIO's remit, Irvine virtually conceded it was on the list to make up the numbers. ASIO, he said, will not be hiring climatologists, unless they also happen to speak a couple of the languages of interest.

The terrorism discussion was a succinct restatement of the Counter-Terrorism White Paper: 'I can tell you quite bluntly, Australia is a potential terrorist target. This has become a persistent feature in Australia's security environment.'

Irvine said that, on four occasions, a mass-casualty terrorist attack in Australia had been avoided. He said three of those planned attack would have been the work of home-grown terrorists. The national security nightmare is the terrorist attack which is 'globally inspired but locally generated.'

The terrorism discussion then shifted to cyber security as 'the issue of the 21st century'. As discussed in a previous column, Australia's Defence computer networks are attacked, on average, 6.5 times a day by hackers, spies, tech-heads or industrial snoopers. Irvine said Australia faced constant attacks by state-sponsored and non-state hackers.

In such discussions, it's always interesting to see how close the politician or official can go to naming that important country which starts with C and ends with A (hint: not Cuba, not Canada). As a former ambassador to Beijing, David Irvine can be relied on to give the C***a danger a wide berth.

But he did offer one thought on the cyberwar end of the scale which is all about the contest between nuclear superpowers: 'Cyber attack has the potential to reduce the conventional and nuclear weapons advantage of a county. It can reduce or sidestep kinetic advantage.'

The problem for the spooks, spy catchers and electronic eavesdroppers is that, in cyberspace, the line between state and non-state actors is getting ever fuzzier. So is geography: the domestic merges and melds with the foreign. As the US has shown, electronic eavesdropping on foreigners can take you quickly onto your own turf. And the overseas-internal distinction isn't just a question of analysis or definition, it is a crucial bureaucratic and legal issue for Australia's $4 billion national security complex.

In grappling with a cyber world that stretches from identity threat to nuclear warfare, Australia's national security complex has to challenge its own culture. Irvine, by the way, calls it the 'national security community'; the 'community' metaphor is significant because much of the national security effort in recent years has focused on being able to talk to each other.

Irvine said that when Canberra had six intelligence silos, information was shared on a strict 'need to know' basis. Need-to-know was an excellent way to protect information, he said, but today silos are out and community is in. Canberra is shifting from a 'need to know' mindset to a 'need to share' model. Irvine said the need to share is being enforced as a 'responsibility'. Just as the cyber world breaks down all sorts of barriers and distinctions, it fosters new relationships in the national security complex.

During questions, Irvine pointed to how the cyber challenge is causing ASIO and the Defence Signals Directorate to mesh their specialist capabilities and also offer more help to business and industry through the Attorney-General's Computer Emergency Response Team. ASIO teaming up with DSD is certainly breaking down the silos – and also opening a wonderful new dimension for even more ornate conspiracy theories.

The dire duo of globalisation is only just taking up joint residence at the top of the threat hierarchy. Canberra is going to have to do a lot more explaining to sell the idea that 'cyber security is now a core national security priority.' That is the starting point for this ASPI paper by the founding director of the Australian High Tech Crime Centre, Alastair MacGibbon.

For ASIO, the new world still has some of the old problems. In the Irvine presentation, ASIO is assailed using the bumbling spy stereotype, but can be equally attacked for failing to be omniscient. The one flash of the wry Irvine persona came at this point: 'I'm bumbling, but I don't think I'm a spy stereotype.'

Image courtesy of Wikipedia.