Credits: ABC News
Australia will work more closely with the United States on offensive cyber capabilities in a deal that presages a more aggressive approach by the nation’s electronic spooks in carrying out operations abroad.
Defence Minister Marise Payne has confirmed an arrangement she has struck with American counterpart James Mattis will include jointly developing capabilities to attack adversaries overseas as well as defending computer systems in Australia.
She has told Fairfax Media the memorandum of understanding signed as part of the Australia-United States Ministerial talks in San Francisco this week means greater “research, development, testing and evaluation of cyber capabilities” with the US Cyber Command, which has itself flagged taking a more assertive posture in recent months.
“The MOU will enable a deeper level of co-operation on the development of both defensive and offensive cyber capabilities than exists today,” she said.
“It will enable the joint development of capabilities to counter more advanced adversaries, and defend our networks and operations from sophisticated threats.”
So-called offensive cyber capabilities are one of the more secretive weapons in the nation’s arsenal. Prime Minister Malcolm Turnbull only confirmed in 2016 that the Australian Signals Directorate carries out offensive cyber operations, which involve disrupting or destroying the networks of foreign adversaries.
They have been used against the so-called Islamic State and also against cyber criminals who attack Australians from overseas jurisdictions that are beyond the reach of Australian police.
A joint statement issued after the ministerial talks – which also involved Foreign Minister Julie Bishop and US Secretary of State Mike Pompeo – stated the two countries would “collaboratively develop tools and software”.
The US Defence Department’s Cyber Command issued a “command vision” paper in March that squarely foreshadowed taking a more forceful approach to foreign cyber attacks in the wake of the 2016 election hacking as well as global viral attacks such as WannaCry, which was blamed on North Korea, and NotPetya, which was pinned on Russia.
It vows to “enable and bolster our partners” and to “pursue attackers across networks and systems”.
“Defending forward as close as possible to the origin of adversary activity extends our reach to expose adversaries’ weaknesses, learn their intentions and capabilities, and counter attacks close to their origins,” the paper stated.
Fergus Hanson, a cyber expert at the Australian Strategic Policy Institute, said it made sense for Australia and the US – which share intelligence through the “five eyes” network that also includes Britain, Canada and New Zealand – to more assertively push back against cyber attackers.
“The current approach has shortcomings. NotPetya caused more than a billion dollars in damage to large corporations and the cost imposed on Russia was next to zero,” he said.
He said the US vision paper was “an extraordinary document” that had sparked a conversation among five eyes nations “about what their posture should be”.
Given the United States’ massive cyber expertise resources, Australia would be a net beneficiary of greater collaboration, he said.
Senator Payne said Australia and the US already worked well together on cyber security, including “the sharing of threat intelligence, collaboration on capabilities to combat mutual cyber threats, and regular exchange of personnel”.
The US recently elevated the status of its Cyber Command – which is based at Fort Meade in Maryland along with the National Security Agency – to the same level as its major military commands covering geographic areas such Europe and the Pacific.