Ukraine has been battered by Russian cyber-attacks since Russia’s illegal annexation of the Ukrainian territory of Crimea in 2014, with the barrage surging in the weeks before Russia invaded Ukraine in February and continuing in the months since. Including data theft, disinformation, deep fake technology, distributed denial-of-service attacks, phishing, and data-wiper malware, the wide-ranging attacks targeted Ukraine’s public, energy, media, financial, business and non-profit sectors. According to a European parliament briefing in June, Russian cyber-attacks have undermined the distribution of medical, relief and food supplies since the invasion began. Ukraine has fought back, targeting Russia with its own cyber blitz.
Sometimes called the fifth domain of war, after air, sea, ground and space, cyber warfare is often anonymous, and often the work of plausibly deniable proxies. The domain of remote aggressors whose efforts are continually developing in sophistication, cyber-attacks are ramping up in frequency.
The US-based Centre for Strategic and International Studies (CSIS) listed nine “significant” cyber-attacks around the world in August alone: on government agencies, defence and high-tech companies, or comprising economic crimes with losses of more than a million US dollars. Targets included Taiwan’s presidential office, the Finnish parliament, Ukraine’s state energy agency, the Latvian parliament, Greece’s largest natural gas distributor and a privately-owned UK water supply company.
It can be difficult to directly assign blame for cyber-attacks, even though the damage on the ground can be very real. The International Committee of the Red Cross told a UN working group in June that “it would be of great concern if views prevailed that consider it lawful to disable civilian infrastructure and civilian government agencies through cyber operations”, adding that using “cyber operations against civilians is unlawful”.
Fergus Hanson, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute, says cyber-warfare has so far been limited to disabling infrastructure attacks that almost never prove directly lethal. Damaging a hospital’s software and communications systems, for instance, does far less damage to human life than dropping a bomb on the hospital building.
But as the world moves into a 5G-connected world, Hanson expects the potential for internet-driven lethal attacks to rise immeasurably. “When Teslas are driving around by themselves with no-one at the wheel; they are large physical objects that can cause people to die if they’re hacked,” he says.
Cyber-attacks are levied by actors of different types, Hanson says, including activists who often work alone; cyber criminals – ranging from organised crime gangs which mount cyber-attacks as a way of doing business, to crime-minded individuals who hope to wring a profit out of the effort. A final and most important category includes nation-states, with a broad spectrum of capability, from the limited capacity of developing nations through to the cyber-power of the US. There’s also a grey area of cyber-warfare waged by those who act as proxies for nation-states.
Cyber-warfare encompasses data hacks that can open windows allowing damage to nation-states, he says, pointing to the hacks on the US Office of Personnel Management, the Marriott hotel chain and a range of healthcare providers – all attributed to China. “The theory is that all of those datasets will be combined by the Chinese state to undermine American capability,” Hanson adds. “So if you know of 23 million people with security clearance, join that up with all hotel records and all healthcare records, you can target those vulnerable to exploitation.”
The recent massive hack of Optus client data in Australia, he says, had a flavour of the amateur, but it would also have provided a wealth of information. Joined with other stolen databases it would allow the hackers – or whichever player then stole or otherwise acquired it from the original hackers – to start to build a detailed picture of Australian networks and identify vulnerabilities in the system.
John Blaxland, professor of International Security and Intelligence Studies at the Strategic and Defence Studies Centre at ANU, says cyber-attacks are underway world-wide on an “industrial scale”, with effects ranging from government destabilisation to stolen revenue to skewed election results.
“We’re living in a world that is hyper-actualised and accelerated by the fourth industrial revolution, and so it is spilling over into all the other domains of warfare and all the other domains of society,” he says, referring to the age of ever-more sophisticated technology and internet expertise.
Cyber-warfare is waged in a twilight zone, he says, and it can be difficult to respond to large-scale cyber-attacks commensurately without escalating the conflict into actual war. Cyber-attacks can cripple infrastructure, or they can be used to sway elections, such as Russia’s cyber meddling in the 2016 US election in order to secure the victory of its favoured candidate, Donald Trump.
To add a level of confusion, cyber-attacks emanating from North Korea, China, Russia, and Iran are often the work of government proxies, intent on furthering their governments’ agendas and providing a lucrative source of income, Blaxland says: “I’m quite confident they’re doing it with state blessing, at arm’s length, with plausible deniability”. Cyber-attacks, he adds, are a major source of revenue for North Korea in particular.
Australia has boosted its cyber defences in response to the escalating threat. Project REDSPICE is the most significant single investment in the Australian Signals Directorate’s 75 years, a $9.5 billion funding surge to boost the nation’s ability to respond to “the deteriorating strategic circumstances in our region, characterised by rapid military expansion, growing coercive behaviour and increased cyber attacks”, the Directorate’s website says.
Blaxland says the REDSPICE project has expanded international collaboration and cooperation on cyber warfare, particularly within the Five Eyes intelligence community (comprising Australia, Canada, New Zealand, the US, and Britain) but also with a range of partners in the region, in South-East Asia and the Pacific, Europe and beyond.
Meanwhile, the Australian defence forces have also ramped up cyber capabilities, he adds, with the Information Warfare Division in the defence department, and the Fleet Cyber unit, RAAF 462 Squadron and Army 138 Squadron in the armed services.
Blaxland points out that cyber-attacks often slide into the realm of the criminal, so deterrence should be seen as a police domain as well as being the responsibility of intelligence and the defence forces.
“All the mechanisms that we’ve put in place internationally in the last few decades regarding Interpol are being gravely undermined by the cavalier approach to these issues by countries like China and Russia,” he says.