Expanding alliance: ANZUS cooperation and Asia–Pacific security

Is an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? Overview The alliance between Australia and the US, underpinned by the formal ANZUS Treaty of 1951, continues to be a central part of Australian defence and security thinking and an instrument of American policy in the Asia–Pacific. How is it that an alliance conceived as a bulwark against a resurgence of Japanese militarism and which cut its military and intelligence teeth in the Cold War is still relevant to today’s strategic concerns? The answer is partly—and importantly—that the core values of the ANZUS members are strongly aligned, and successive Australian governments and American presidential administrations have seen great value in working with like-minded partners to ensure Asia–Pacific security. Far from becoming a historical curiosity, today it’s not just relevant, but of greater importance than has been the case in the past few decades. To explore new ideas on how to strengthen the US–Australia alliance, ASPI conducted a high-level strategic dialogue in Honolulu in July this year. Discussions canvassed the future strategic environment; the forthcoming Australian Defence White Paper; budget, sovereignty and expectation risks; and cooperation in the maritime, land, air, cyber, space and intelligence domains. A key purpose of the Honolulu dialogue was to help ASPI develop policy recommendations on the alliance relationship for government. This report is the product of those discussions

STOP-IT: strategic, tactical, operational protection of water infrastructure against cyberphysical threats

Water supply and sanitation infrastructures are essential for our welfare, but vulnerable to several attack types facilitated by the ever-changing landscapes of the digital world. A cyber-attack on critical infrastructures could for example evolve along these threat vectors: chemical/biological contamination, physical or communications disruption between the network and the supervisory SCADA. Although conceptual and technological solutions to security and resilience are available, further work is required to bring them together in a risk management framework, strengthen the capacities of water utilities to systematically protect their systems, determine gaps in security technologies and improve risk management approaches. In particular, robust adaptable/flexible solutions for prevention, detection and mitigation of consequences in case of failure due to physical and cyber threats, their combination and cascading effects (from attacks to other critical infrastructure, i.e. energy) are still missing. There is (i) an urgent need to efficiently tackle cyber-physical security threats, (ii) an existing risk management gap in utilities’ practices and (iii) an un-tapped technology market potential for strategic, tactical and operational protection solutions for water infrastructure: how the H2020 STOP-IT project aims to bridge these gaps is presented in this paper.Postprint (published version

Guide to Australia’s national security capability

This paper provides a single consolidated picture of the capabilities that enable Australia to achieve national security outcomes in a range of environments, including domestically, at the border, offshore and in cyberspace. Introduction The period since 2001 has been transformative for Australia’s national security and our national security challenges continue to evolve. To meet these challenges, we need new ways to coordinate and develop our capability and to shape the national security environment. Significant advances have been made in recent years to build greater collaboration and interoperability across the national security community. However, the increasing complexity of national security threats requires an even more consistent and connected approach to capability planning that complements existing individual agency arrangements. To that end, the Government has developed a security classified National Security Capability Plan to provide a single consolidated picture of the capabilities that enable Australia to achieve national security outcomes. This Guide offers an overview of Australia’s national security capability planning. It identifies the functions performed by the national security community and how these achieve the objectives outlined in the National Security Strategy (2013). Capability planning is one of the tools that support Government to better consider how capabilities can be directed to meet national security objectives. This ensures that capability investment is focussed and that Government can give appropriate consideration to redirecting existing capabilities to meet new or emerging risks and opportunities. It also highlights areas where agencies’ capabilities are interdependent, identifying focus areas for collaboration and interoperability. Having a better understanding of our capabilities will help us to make more informed decisions about what we need. Australia’s national security arrangements are underpinned by a number of agencies working across areas such as diplomacy, defence, development, border protection, law enforcement and intelligence. Australia’s national security agencies include: Attorney-General’s Department (AGD) Australian Agency for International Development (AusAID) Australian Crime Commission (ACC) Australian Customs and Border Protection Service (ACBPS) Australian Federal Police (AFP) Australian Security Intelligence Organisation (ASIO) Australian Secret Intelligence Service (ASIS) Australian Geospatial-Intelligence Organisation (AGO) Australian Signals Directorate (ASD) Department of Agriculture, Fisheries and Forestry (DAFF) Department of Defence (Defence) Department of Foreign Affairs and Trade (DFAT) Department of Health and Ageing (DoHA) Department of Immigration and Citizenship (DIAC) Department of Infrastructure and Transport (DIT) Department of the Prime Minister and Cabinet (PM&C) Office of National Assessments (ONA). The Capability Plan brings together, for the first time, a single view of the capabilities maintained by these agencies with the exception of Defence capabilities. Defence has a separate established capability planning process that includes the Defence White Paper (2013) and Defence Capability Plan (2012). Defence is a key contributor to Australia’s national security arrangements including leading the coordination and delivery of national security science and technology and works in close cooperation with other national security agencies. Defence capabilities will continue to be managed through existing mechanisms, principally the Defence Capability Plan. For the first time, the Capability Plan, and the accompanying Guide to Australia’s National Security Capability, presents a unified picture of the capabilities that exist across non-Defence national security agencies. Together with other strategic planning tools, this work informs the broader national security planning cycle and supports the objectives and implementation of overarching policy documents such as the National Security Strategy and the Australia in the Asian Century White Paper. The Capability Plan complements the Defence Capability Plan and does not seek to duplicate it. It should also be noted that the Guide has not been designed to signal specific initiatives or tender opportunities. Such processes will continue to be managed by individual agencies

The Fault Is Not in Our Stars: Avoiding an Arms Race in Outer Space

The world is on the precipice of a new arms race in outer space, as China, Russia, the United States, and others undertake dramatic new initiatives in anti-satellite weaponry. These accelerated competitive efforts at space control are highly destabilizing because developed societies have come to depend so heavily upon satellite services to support the entire civilian economy and the modern military apparatus; any significant threat or disruption in the availability of space assets would be massively, and possibly permanently, disruptive. International law regarding outer space developed with remarkable rapidity in the early years of the Space Age, but the process of formulating additional treaties and norms for space has broken down over the past several decades; no additional legal instruments have emerged that could cope with today’s rising threats. This Article therefore proposes three initiatives. Although none of them can suffice to solve the emerging problems, they could, perhaps, provide additional diplomacy, reinvigorating the prospects for rapprochement in space. Importantly, each of these three ideas has deep roots in other sectors of arms control, where they have served both to restore a measure of stability and to catalyze even more ambitious agreements in the longer term. The first proposal is for a declaratory regime of “no first use” of specified space weapons; this would do little to directly alter states’ capabilities for space warfare, but could serve as a “confidence-building measure,” to temper their most provocative rhetoric and practices. The second concept is a “limited test ban,” to interdict the most dangerous debris-creating developmental tests of new space weapons. Third is a suggestion for shared “space situational awareness,” which would create an international apparatus enabling all participants to enjoy the benefits of greater transparency, reducing the possibilities for secret malign or negligent behavior. In each instance, the Article describes the proposal and its variations, assesses its possible contributions to space security, and displays the key precedents from other arms-control successes. The Article concludes by calling for additional, further-reaching space diplomacy, in the hope that these relatively modest initial measures could provoke more robust subsequent negotiations

NATO Cyberspace Capability: A Strategic and Operational Evolution

The development of cyberspace defense capabilities for the North Atlantic Treaty Organization (NATO) has been making steady progress since its formal introduction at the North Atlantic Council Prague Summit in 2002. Bolstered by numerous cyber attacks, such as those in Estonia (2007), Alliance priorities were formalized in subsequent NATO cyber defense policies adopted in 2008, 2011, and 2014. This monograph examines the past and current state of cyberspace defense efforts in NATO to assess the appropriateness and sufficiency to address anticipated threats to member countries, including the United States. The analysis focuses on the recent history of cyberspace defense efforts in NATO and how changes in strategy and policy of NATO writ large embrace the emerging nature of cyberspace for military forces as well as other elements of power. It first examines the recent evolution of strategic foundations of NATO cyber activities, policies, and governance as they evolved over the past 13 years. Next, it outlines the major NATO cyber defense mission areas, which include NATO network protection, shared situational awareness in cyberspace, critical infrastructure protection, counter-terrorism, support to member country cyber capability development, and response to crises related to cyberspace. Finally, it discusses several key issues for the new Enhanced Cyber Defence Policy that affirms the role that NATO cyber defense contributes to the mission of collective defense and embraces the notion that a cyber attack may lead to the invocation of Article 5 actions for the Alliance. This monograph concludes with a summary of the main findings from the discussion of NATO cyberspace capabilities and a brief examination of the implications for Department of Defense and Army forces in Europe. Topics include the roles and evolution of doctrine, deterrence, training, and exercise programs, cooperation with industry, and legal standards.https://press.armywarcollege.edu/monographs/1422/thumbnail.jp

Business Continuity for Critical Infrastructure Operators

Critical infrastructures often lack resilience and easily lose critical functionalities if hit by adverse events. Continuity management strategies for critical infrastructure operators and the networks that they form, rely also on the functionality of other interrelated networks. Disruptions in operations may affect society and for this reason, securing the operations of critical infrastructure operators is important. The technological impacts of CPS become evident to the resilience of all fields of critical infrastructure, but there is also human elements to take into account. The research question of this study is: How to enhance business continuity of critical infrastructure? This case study research uses qualitative methods collected by conducting interviews of resilience and continuity professionals who work with Finnish critical infrastructure. Resilience and continuity management are key for critical infrastructure operators. Important factors identified were identifying risks, critical activities, key personnel, creating guidelines and procedures, and open communication, which themes were recognised as important to improve resilience and manage continuity.</p

Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability

[ES] La presente tesis doctoral realiza un análisis en detalle de los elementos de decisión necesarios para mejorar la comprensión de la situación en ciberdefensa con especial énfasis en la percepción y comprensión del analista de un centro de operaciones de ciberseguridad (SOC). Se proponen dos arquitecturas diferentes basadas en el análisis forense de flujos de datos (NF3). La primera arquitectura emplea técnicas de Ensemble Machine Learning mientras que la segunda es una variante de Machine Learning de mayor complejidad algorítmica (lambda-NF3) que ofrece un marco de defensa de mayor robustez frente a ataques adversarios. Ambas propuestas buscan automatizar de forma efectiva la detección de malware y su posterior gestión de incidentes mostrando unos resultados satisfactorios en aproximar lo que se ha denominado un SOC de próxima generación y de computación cognitiva (NGC2SOC). La supervisión y monitorización de eventos para la protección de las redes informáticas de una organización debe ir acompañada de técnicas de visualización. En este caso, la tesis aborda la generación de representaciones tridimensionales basadas en métricas orientadas a la misión y procedimientos que usan un sistema experto basado en lógica difusa. Precisamente, el estado del arte muestra serias deficiencias a la hora de implementar soluciones de ciberdefensa que reflejen la relevancia de la misión, los recursos y cometidos de una organización para una decisión mejor informada. El trabajo de investigación proporciona finalmente dos áreas claves para mejorar la toma de decisiones en ciberdefensa: un marco sólido y completo de verificación y validación para evaluar parámetros de soluciones y la elaboración de un conjunto de datos sintéticos que referencian unívocamente las fases de un ciberataque con los estándares Cyber Kill Chain y MITRE ATT & CK.[CA] La present tesi doctoral realitza una anàlisi detalladament dels elements de decisió necessaris per a millorar la comprensió de la situació en ciberdefensa amb especial èmfasi en la percepció i comprensió de l'analista d'un centre d'operacions de ciberseguretat (SOC). Es proposen dues arquitectures diferents basades en l'anàlisi forense de fluxos de dades (NF3). La primera arquitectura empra tècniques de Ensemble Machine Learning mentre que la segona és una variant de Machine Learning de major complexitat algorítmica (lambda-NF3) que ofereix un marc de defensa de major robustesa enfront d'atacs adversaris. Totes dues propostes busquen automatitzar de manera efectiva la detecció de malware i la seua posterior gestió d'incidents mostrant uns resultats satisfactoris a aproximar el que s'ha denominat un SOC de pròxima generació i de computació cognitiva (NGC2SOC). La supervisió i monitoratge d'esdeveniments per a la protecció de les xarxes informàtiques d'una organització ha d'anar acompanyada de tècniques de visualització. En aquest cas, la tesi aborda la generació de representacions tridimensionals basades en mètriques orientades a la missió i procediments que usen un sistema expert basat en lògica difusa. Precisament, l'estat de l'art mostra serioses deficiències a l'hora d'implementar solucions de ciberdefensa que reflectisquen la rellevància de la missió, els recursos i comeses d'una organització per a una decisió més ben informada. El treball de recerca proporciona finalment dues àrees claus per a millorar la presa de decisions en ciberdefensa: un marc sòlid i complet de verificació i validació per a avaluar paràmetres de solucions i l'elaboració d'un conjunt de dades sintètiques que referencien unívocament les fases d'un ciberatac amb els estàndards Cyber Kill Chain i MITRE ATT & CK.[EN] This doctoral thesis performs a detailed analysis of the decision elements necessary to improve the cyber defence situation awareness with a special emphasis on the perception and understanding of the analyst of a cybersecurity operations center (SOC). Two different architectures based on the network flow forensics of data streams (NF3) are proposed. The first architecture uses Ensemble Machine Learning techniques while the second is a variant of Machine Learning with greater algorithmic complexity (lambda-NF3) that offers a more robust defense framework against adversarial attacks. Both proposals seek to effectively automate the detection of malware and its subsequent incident management, showing satisfactory results in approximating what has been called a next generation cognitive computing SOC (NGC2SOC). The supervision and monitoring of events for the protection of an organisation's computer networks must be accompanied by visualisation techniques. In this case, the thesis addresses the representation of three-dimensional pictures based on mission oriented metrics and procedures that use an expert system based on fuzzy logic. Precisely, the state-of-the-art evidences serious deficiencies when it comes to implementing cyber defence solutions that consider the relevance of the mission, resources and tasks of an organisation for a better-informed decision. The research work finally provides two key areas to improve decision-making in cyber defence: a solid and complete verification and validation framework to evaluate solution parameters and the development of a synthetic dataset that univocally references the phases of a cyber-attack with the Cyber Kill Chain and MITRE ATT & CK standards.Llopis Sánchez, S. (2023). Decision Support Elements and Enabling Techniques to Achieve a Cyber Defence Situational Awareness Capability [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19424