Cybersecurity and Deterrence

An Opportunity for Strengthening U.S.-Australian Cyber Cooperation

By Brandon Kirk Williams
Wednesday, September 16, 2020, 8:01 AM

On June 19, Australian Prime Minister Scott Morrison announced that a “sophisticated state-based actor”—likely China—was responsible for a wave of ongoing cyberattacks against the country. Shortly afterward, Minister for Defense Linda Reynolds outlined the Cyber Enhanced Situational Awareness and Response (CESAR), Canberra’s largest ever investment in cybersecurity of AU$1.35 billion to overhaul cyber capabilities. Australian policy is responding with urgency to Chinese aggression—and together with the evolving security landscape in the Indo-Pacific, this could be the beginning of a new era for Australian cybersecurity. If that’s the case, Australia’s cybersecurity direction could open the door for cooperation between Australia and the U.S. that looks to the future where national security and technology meet.

Morrison did not identify the specific state actor or advanced persistent threat (APT) in his June announcement that Australia was weathering the ongoing cyber campaign. The APT employed spearfishing and capitalized on unpatched vulnerabilities in Telerik UI, Microsoft Internet Information Services, SharePoint and Citrix to burrow into networks and use websites as command and control servers. The Australian Cyber Security Centre dubbed the APT’s tactics, techniques, and procedures “copy-paste compromises” for its reliance on open source tools. The APT concealed its presence on networks by utilizing stolen credentials that provided a veneer of legitimate remote access while conducting malicious activities.

The June 19 announcement described only one of the many cyberattacks that have battered Australia in 2020. Cybercrime related to the coronavirus pandemic spiked after March, prompting the Australian Cyber Security Centre to issue a high alert in March and April to warn of malicious websites masquerading as trustworthy authorities on coronavirus information.

More explosively, news reports in May pointed to a glaring example of an attempted Chinese cyberattack earlier in the year. In January 2020, according to press reports, a Chinese military-linked APT targeted Australian government computers with a backdoor named Aria-body. The backdoor commandeered computers and captured an array of data, ranging from files, keystrokes, and screenshots to files from flash drives.

Aria-body demonstrated China’s continuing reliance on cyber weapons to conduct espionage against Australia and its Southeast Asian neighbors. Although no Australian officials assigned responsibility publicly, an analysis by cybersecurity firm Check Point attributed blame to an APT associated with the People’s Liberation Army operating under the name Naikon.

The severity of the June attacks seems to have convinced Morrison to speak on the issue of cyberattacks, even if he was unwilling to attribute responsibility to China. Previously, the only public statements originated from official warnings of cyberattacks or leaks to the media. Canberra avoided publicly blaming any responsible actors. Morrison, well aware of dependence on trade with China, was reluctant to name and shame any Chinese APTs. More recently, Chinese economic coercion and threats following Canberra’s insistence on a study of the origins of the novel coronavirus may have tempered Morrison’s ability to blame China. Press reporting, by contrast, unambiguously tied China to the cyberassault.

The June cyberattack wasn’t the only factor that pushed Morrison to become more aggressive. China’s years of strategic and commercial assertiveness in the South China Sea, and its deepening investments in the Pacific Islands, also played a role in convincing the Australian government to act decisively on cyber and defense spending. During the pandemic, China has worked to further entrench its control over the South China Sea—a matter of great concern to Australia. The Morrison government’s conversion to this policy may also be born of abiding questions on the reliability of the United States’s regional commitment. An America First national security policy, along with U.S. hesitance to legally dispute China’s South China Sea actions until July 2020, left many Indo-Pacific nations doubting the durability of American ties to Asia. Canberra’s turn reveals a willingness to assert a more pronounced role in its own security, especially in safeguarding Australia’s cyber sovereignty.

With this newfound strategic imperative, CESAR aims to protect Australia’s cyber homeland. Minister for Defense Reynolds’s outline of CESAR illustrates Canberra’s goal of cultivating a new strategic culture for Australian cybersecurity. CESAR’s AU$1.35 billion allocated over the next 10 years lifts Australian cyber spending markedly from 2016’s four-year AU$230 million appropriation. The new funding promises to transform the Australian Cyber Security Centre and Australian Signals Directorate’s workforce, allowing the hiring of more than 500 new cyber specialists. The infusion of money will augment situational awareness of cybercriminals and state-based actors, strengthen threat intelligence sharing between private and public entities, invest in data science and emerging cyber technologies, and build capacity for defensive and offensive cyber operations.

But more than a middling improvement in capacity, the announcement telegraphs a reimagining of Australian cyberpower. Unlike ever before, Canberra is centralizing control over national cybersecurity to protect the economy, boost cyber resilience, deter malicious cyber actors and improve citizens’ cyber hygiene. The malicious activities of 2020 came to light as Australian policymakers formalized the country’s recently released 2020 Cyber Security Strategy. The 2020 report updates the 2016 Cyber Security Strategy, and the 2020 document identifies the country’s priority areas to meet the challenges of a dynamic cyberthreat ecosystem.

For Australian citizens, the 2020 report and CESAR respond to a debate on Australia’s potential as a cyberpower and growing public concern. A 2019 Lowy Poll found that 62 percent of Australians identified cyberattacks as a “critical threat to Australia’s vital interests.” Now that Morrison’s government is poised to act, Washington should meet the ally’s commitment. The U.S. is positioned to support Australia by drawing on a preexisting bilateral cybersecurity foundation as Australia commits to a new cybersecurity posture.

To anticipate bilateral cooperation on cyber, the U.S. and Australia should focus on three initiatives: resumption of high-level exchanges between policymakers on cybersecurity, restoring a cyber Track 1.5 Dialogue by 2021’s Australian-United States Ministerial Consultations (AUSMIN) meeting, and increasing cooperation between the Australian Cyber Security Centre and the United States’s Cyber Command and intelligence community.

Conversations between President Barack Obama and Australian Prime Minister Malcolm Turnbull in 2016 homed in on cybersecurity, laying the ground for a subsequent Track 1.5 Dialogue. The Track 1.5 meetings were convened in 2016 and 2018, with participants including Turnbull, former Director of Homeland Security Kirstjen Nielsen, and principals from both states’ broader cyber and policy community. Canberra and Washington should prioritize a resumption of the meetings.

Rebooting the Track 1.5 Cyber Dialogue and building off of past planning and joint exercises with Cyber Command can establish a baseline of security cooperation that will be adaptable to the cybersecurity threats confronting Australia. Chinese interference in Australian politics has expanded in recent years, and Beijing’s efforts to shape Indo-Pacific politics places Australia in a uniquely vulnerable position among America’s closest allies. The cyberattacks from 2020 reveal a pattern of behavior to use cybertools to spy on and pressure Canberra. American investments, however small, can advance efforts to repel meddling and boost Australia’s domestic public-private partnership.

The American intelligence community’s venture capital investments in Australia’s cyber and emerging technology sector should also be nurtured. The U.S. intelligence community’s venture capital arm, In-Q-Tel, first announced the opening of a Sydney office in 2018. In-Q-Tel’s seed funding for Australian companies since fall 2019 demonstrated a breadth of investment priorities, though few companies have received funding so far. In-Q-Tel’s first Series A recipients in November 2019 included Kasada’s anti-bot software along with robotics and GPS company Advanced Navigation. In 2020, In-Q-Tel invested in quantum computing start-ups QuintessenceLabs and Q-CTRL as well as Myriota, which maintains low Earth orbit satellites to provide secure “internet of things” connectivity.

Australia’s Five Eyes partnership leaves the country well suited for data sharing with the U.S. on cyber weapons and artificial intelligence (AI) interoperability. Although the use of AI in warfare is anticipated in the not so distant future, Australian and American defense officials could also seize the opportunity to plot a course for interoperability in AI in addition to offensive and defensive cyber operations. Interoperability requires both countries to harmonize the training, operational, and planning use of cyber weapons and AI. To see the battlefield of the future or deter rivals, military-to-military planning on AI and defensive and offensive cyber operations should be prioritized.

Sharing data and cybertools may collide with a reasonable apprehension about secrecy. Australia’s membership in the Five Eyes and decades of security cooperation should ease obstacles to joint exercises and technology transfer to prepare for the multidomain battlespace of the future. The Department of Defense’s Joint Artificial Intelligence Center (JAIC) is spearheading AI development, adoption, and partnering with allies. JAIC could be an ideal starting point for forging a future-oriented artificial intelligence partnership for the United States and Australia.

Other small, tangible commitments from the United States, such as a Fulbright Cyber Security Award, could facilitate Canberra’s strategic cyber initiative. A dedicated cybersecurity Fulbright for Australia—now available only for the United Kingdom—would open channels for American academic cyber thought leaders to collaborate with Australian counterparts in government, the private sector and academy.

Strategic exigencies and an uncertain American commitment forced Canberra to act on cyber in addition to its overall defense spending. To meet the present and certain future challenges, Washington should greet Morrison’s commitment to deterring Chinese cyber aggression with equal urgency. Joint planning and capacity building could pave the way to formulate an interoperable architecture for cyber defense and offense, artificial intelligence and data sharing. Canberra is signaling its commitment, and Washington should respond to an ally’s call for cooperation against China.

The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, Inc. (Document release number LLNL-JRNL-814458)