Cyber network defence: Protecting ourselves before it’s too late
As the integration of cyber networks reaches full saturation within the deployed environment, the time that cyber defenders and a cyber network defence framework should have been put in place has already passed. This leaves our networks and the missions reliant on those networks for command, control and communications vulnerable to exploitation by any number of adversaries within the battlespace.
With governments around the world spending billions of dollars on the implementation of cyber defence centres, and the required personnel to man them, Australia is at risk of being left behind and vulnerable to the pandemic of cyber attacks. Breaches are occurring on an almost daily basis, in almost all sectors of the Government, and the importance of being prepared has become such that the Australian Signals Directorate is releasing systematic policy updates and suggested implementations to mitigate the almost inevitable attack or compromise.
However, the personnel within the Australian Signals Directorate and the Chief Information Officer Group’s ICT Security Branch, can not be expected to fully protect Army cyber networks while deployed. With signals personnel being responsible for the initial deployment and maintenance of the networks currently used, a new job role needs to be implemented as a protective measure, as well as a means to defend against and interrogate breaches, both internally and from external sources. The importance of the seemingly endless amount of intelligence that can be gained about an adversary is second only to the importance of protecting our own networks and the capabilities within them.
While adaptation of the current vulnerability assessment continuum needs to occur for a job role to be implemented within Defence, fortunately the steps for the conduct of a cyber security audit or penetration test can be overlayed onto the current doctrinal steps for a mission or attack.
| Stages of Conventional Attack | Stages of a Cyber Attack |
|---|---|
| Reconnaissance | Reconnaissance |
| Assault | Scanning |
| Exploitation | Exploitation |
| Reorganisation | Maintain access |
| Cover tracks |
In this way, it is possible to implement a career stream capable of defending our networks against attack, or engage in attacks against enemy networks without the need to rewrite current doctrine practices. As a result, this stream is capable of keeping in line with the rest of the career development cycle already in place for both officers and other ranks in other job roles, such as all corps courses, without the need to rewrite all corps requirements and develop specialty courses for career progression.
Through the use of cyber operators as cyber network defenders, a mutually beneficial relationship can emerge, with intelligence being gathered from both the attacks on the system as well as flaws noticed in the systems through internal penetration tests or red-teaming. As a result, signals operators gain greater security for the networks they are implementing, and the signals intelligence operators gain greater intelligence into the attack methods used by adversaries and capability of those adversaries.
Australia has reached a tipping point where Government and Defence agencies can no longer keep up with the vast job of defending Australia and the ADF’s cyber-based networks. To mitigate this, a cyber-based defence position will provide a greater integration between cyber-based intelligence organisations by bolstering the total number of professionals protecting our Government and Australia from cyber-based breaches and attacks in an ever-escalating environment.
The views expressed in this article and subsequent comments are those of the author(s) and do not necessarily reflect the official policy or position of the Australian Army, the Department of Defence or the Australian Government.
Using the Contribute page you can either submit an article in response to this or register/login to make comments.
