Enhancing Resilience

Automated Detection of Pre-Incident Indicators in Australian Emergency Response and Defence Capabilities

In a world where the landscape of threats and vulnerabilities is constantly evolving, it is paramount for the Australian Defence Force (ADF) to recognise that seemingly innocuous events may harbor deeper implications. The fundamental importance of this realisation lies in the fact that these innocuous events, often dismissed as insignificant, can potentially serve as the first ripples in a larger, orchestrated strategy by adversaries aimed at disrupting a nation's emergency responses and Defence capabilities.

Deliberately orchestrated innocuous events, when viewed through a strategic lens, can be considered as 'pre-incident indicators'. These indicators act as subtle warnings, or precursors to more significant disruptions orchestrated by a determined adversary. The culmination of a series of such innocuous events, if left unattended, has the capacity to undermine the very fabric of a nation's emergency response and Defence capabilities.

Australia, like many other nations, employs a manoeuverist theory approach when targeting its adversaries. This approach involves the identification of Targetable Critical Vulnerabilities (TCVs) across an adversary's suite of capabilities and leveraging superior decision-making to create maximum disruption and chaos for the enemy. Paradoxically, the same strategy is likely being used against Australia, with our adversaries seeking to gain control by identifying unknown and unidentified TCVs that have the capacity to influence and undermine Australia's emergency response and Defence capabilities.

This strategy is favoured because it has proven to be a highly efficient, cost effective, and indirect method of targeting and undermining an adversary's capabilities or 'source of power.' To address this growing challenge, this Land Power Forum Post argues argue that an enhanced understanding and mapping of Australia's emergency and Defence capability eco-systems, combined with a holistic automated early warning system to alert for any ‘pre-incident indicators’, has the potential to protect Australian emergency and Defence capabilities. As such it has the potential to enable Australian decision making superiority over its adversaries. In doing so, these automated measures can effectively protect Australia's emergency response and Defence capabilities, while simultaneously ensuring the nation's security and resilience in the face of evolving threats.

The concept of how resonant frequency shatters a glass serves as a powerful analogy to elucidate the critical relationship between vibrations and potential disruptive events within a capability eco-system. Just as a glass shatters when subjected to resonant vibrations, the fabric of a capability eco-system can also experience a breakdown when confronted with a series of seemingly innocuous events that culminate into a singular resonant event.

In this analogy, multiple innocuous events can be likened to the subtle vibrations that gradually intensify within the glass. While each individual event may appear harmless, their cumulative effect can create disruptive effects within the capability eco-system. This progression mirrors how a glass begins to exhibit cracks when subjected to resonant frequencies over time. When a capability eco-system is exposed to a sustained onslaught of disruptive events, it can start to exhibit signs of degradation, ultimately underperforming and teetering on the brink of collapse. This analogy aligns with how a glass may show signs of structural compromise, such as cracks and weakened areas, as the vibrations caused by external forces persist. The critical point arises when these disruptive 'frequencies' or events remain unidentified, isolated, and untreated. If they continue unchecked or unobserved, the capability eco-system, like the glass under intense resonant vibrations, will ultimately shatter and collapse.

The concept that seemingly innocuous events occurring over time can have the capacity to collapse entire organisations or operating capabilities is rooted in several real-world examples and well-documented phenomena. While it may not lead to complete collapse, such events can significantly compromise effectiveness and resilience. This concept can be supported by:

1. Complex Systems Theory: The study of complex systems, such as ecosystems or economies, has demonstrated that small perturbations or seemingly innocuous events can lead to system-wide disruptions or "butterfly effects". This concept, known as chaos theory, shows that small changes can have profound and unpredictable consequences.
2. Economic Crises: Financial markets and economies have experienced collapses or severe downturns triggered by seemingly minor events. For example, the subprime mortgage crisis in 2008, initially sparked by defaults on subprime mortgage loans, led to a global financial meltdown with far-reaching consequences.
3. Cybersecurity Incidents: Cyberattacks often begin with seemingly innocuous events, such as phishing emails or malware infections. These initial intrusions can escalate into major data breaches, system disruptions, and significant financial losses.
4. Natural Disasters: Seemingly insignificant weather events, like a small rainstorm, can contribute to larger natural disasters, such as flooding when combined with other factors like saturation of the ground. These disasters can have devastating impacts on communities and infrastructure.
5. Organisational Failures: In organisations, a series of small operational inefficiencies, miscommunications, or oversights can accumulate over time, leading to significant problems, reduced productivity, and, in some cases, financial collapse.
6. Supply Chain Disruptions: Supply chains are vulnerable to disruptions caused by seemingly minor events, like transportation delays, weather events, component shortages, or labour strikes. These disruptions can lead to significant production delays and financial losses.
7. Infrastructure Vulnerabilities: Critical infrastructure systems, such as power grids or water supplies, can be compromised by seemingly minor equipment failures or inadequate maintenance, resulting in widespread outages and disruptions.
8. Healthcare Systems: In healthcare, a series of seemingly innocuous medical errors or oversights in patient care can escalate into serious complications, negatively impacting patient outcomes and the reputation of healthcare organisations.

These examples illustrate how the cumulative effect of seemingly innocuous events can lead to significant disruptions or even systemic collapses. They highlight the importance of recognising and addressing early warning signs and vulnerabilities, as well as the need to identify and map the source of these events in order to mitigate the impact of such events on organisations and systems.

The ability to identify and comprehend a sequence of pre-incident indicators or disruptive events that lead to capability disruption therefore becomes fundamental in effectively safeguarding Australia’s emergency response and Defence capabilities. Just as measuring and mitigating a resonant frequency can prevent a glass from shattering, understanding and addressing specific sequences of disruptive events can therefore protect and preserve the integrity of vital emergency and Defence capability eco-systems.

Australia's emergency response and Defence capability eco-systems are facing increased vulnerability to indirect attacks orchestrated by adversaries who leverage small innocuous events to indirectly target critical supporting supply chains and capabilities. Several key factors contribute to this vulnerability:

1. Lack of Comprehensive Visibility and Understanding: One significant challenge is that the entire emergency response and Defence capability eco-systems are not well understood as a holistic network. While individual components and organisations within each domain have a high degree of understanding within their respective 'silos', there is no single 'common operating picture' (COP) that provides a comprehensive ‘Central Nervous System’ view of an entire multi -domain capability.  This fragmented understanding hampers the ability to identify seemingly innocuous events or incidents and appreciate the casual flow-on ‘kill chain’ effects.
2. Limited Detection of Pre-Incident Indicators: The absence of a singular COP limits the ADF’s ability to detect, identify and comprehend specific pre-incident indicators with the capacity to trigger 'kill chains' capable of collapsing emergency and Defence capabilities. Without a comprehensive and holistic COP, it becomes challenging to detect, identify and respond to the early warning signs of potentially catastrophic events.
   
   In addressing this COP requirement, a unified eco-system view needs to encompass the following elements:
   1. Mapping of Critical Dependencies: A holistic COP must map all critical dependencies across multiple domains and entire eco-system to their single points of failure. Understanding these dependencies are fundamental for future resilience planning.
   2. Automated Integration of Real-Time Data: The COP must integrate third-party, real-time data sources to provide early warnings of innocuous pre-incident indicators as they occur in near real-time. This data integration will enhance situational awareness, response agility and therefore enable decision superiority.
   3. Automated 3D Visualisation: The COP must render entire capability eco-systems in 3D in order to visually identify ‘kill chains’ and to enhance individual and organisational understanding that supports rapid decision making. Visual representations can also help identify vulnerabilities and causal relationship ‘kill chains’ that may be less apparent in traditional data displays.
   4. Automated Real-Time Alerts: The COP should provide decision-makers at all levels with real-time dash-boarded alerts and warnings of pre-incident indicators as they occur. Rapid decision-making is critical to achieving decision superiority over an adversary, and timely information is the key to this advantage.

Addressing the vulnerability of Australia's emergency response and Defence capability eco-systems to indirect attacks requires the development and implementation of a comprehensive and unified COP. This approach will enable proactive identification of pre-incident indicators and therefore enhance the nation's resilience and responsiveness in the face of evolving threats.

The concept of a singular, holistic COP capability eco-system serves as a critical precursor to safeguarding emergency responses and Defence capabilities from adversaries who employ indirect strategies to exploit multiple vulnerabilities to disrupt systems. Analogous to the phenomenon of resonant frequency (wherein the accumulation of small vibrations can shatter a glass), the coordinated, synchronised and seemingly innocuous events orchestrated by adversaries can have a devastating impact on a capability eco-system.

This article is a submission to the Spring Series 2023 Short Writing Competition, 'Army’s approach to accelerated preparedness'.