Offensive cyber attacks and operations

The International Cyber Policy Centre has released a policy brief titled Australia’s Offensive Cyber Capability. We explore how an offensive cyber operation is defined, examples of offensive cyber attacks, and the offensive cyber capabilities held by Australia as identified in the report.

 

What are offensive cyber operations?

The Department of the Prime Minister and Cabinet’s Cyber Lexicon project defines offensive cyber operations as ‘activities in cyberspace that manipulate, deny, disrupt, degrade or destroy targeted computers, information systems, or networks’.

Offensive cyber operations could encompass a range of cybercrimes including:

  • Removing computer accounts or changing passwords;
  • Altering databases either subtly or destructively;
  • Defacing web pages;
  • Encrypting or deleting data;
  • Attacks that affect critical infrastructure, such as electricity networks.

By contrast, cyber espionage is designed to gather intelligence without being detected.

 

What are some global examples of offensive cyber attacks?

Researchers have identified more than 100 states with military and intelligence cyber units. These include:

Russia: accused of using a range of online methods to influence the 2016 US presidential election

China: accused of stealing intellectual property

North Korea: accused of using cyber tools to steal money, including in a US$81 million heist on the Bangladesh central bank.

 

Does Australia have an offensive cyber capability?

In April 2016, Prime Minister Turnbull confirmed that Australia has an offensive cyber capability. Subsequent official communications have conveyed that Australia will use this capability against offshore cybercriminals.

This was the first time any state has announced such a policy. While some have commended the transparency of the announcement, there has also been confusion and misperception about how these tools will be used.

 

What are the main aims of Australia’s cyber offensive strategies?

The Australian Government has been very open in declaring the existence of its offensive cyber capability and its applications:

  • To target organised offshore cyber criminals
  • To respond to serious cyber attacks
  • To support military operations
  • To support law enforcement activities
  • To target Islamic state

The Government also has structures in place to ensure its compliance with international law.

 

Who is responsible for Australia’s cyber offensive capabilities?

Australia’s offensive cyber capability resides within the Australian Signals Directorate (ASD). While physically housed within ASD, the military and law enforcement applications have different chains of command and approvals processes.

 

What are the potential risks of cyber offensive activity?

When offensive cyber capabilities are used, there is the risk that:

  • Future effectiveness may be compromised – e.g. an information system might be protected from further cyberattacks through measures such as upgrades or configuration changes.
  • The Government could be identified as the source of the activity and face retaliation.

 

What are the strengths and weaknesses of offensive cyber capabilities?

The International Cyber Policy Centre presents the strengths and weaknesses of offensive cyber capabilities in their policy brief. Some of the key points identified include:

Strengths

  • For military tasks, they can be integrated with Australian Defence Force (ADF) operations
  • They can engage targets that can’t be reached with conventional capabilities.
  • They provide global reach.
  • They can be overt or clandestine, depending on the intended effect.

 

Weaknesses

  • Capabilities need to be highly tailored to be effective, meaning that they can be expensive to develop and lack flexibility.
  • Constant, costly investment is required as cybersecurity evolves.
  • Major, blunt attacks (such as Wannacry) are unusable by responsible state actors such as Australia.
  • Government must compete for top-tier talent with private industry.
  • Revealing specific capability can allow for defences to be repaired.
  • Target development can require intensive intelligence support and can take a very long time.

 

Key takeaways

Advanced technologies are changing the ways in which states take offensive action against countries to which they are hostile, or simply to advance state interests.

Australia has announced that it has an offensive cyber capability that it is prepared to use against offshore cybercriminals and terrorists, and to support military and law enforcement operations. Close attention needs to be paid to the ways in which these capabilities are communicated, to avoid any potential for confusion and misperception about how these capabilities will be used.

Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.

Contact us if you require assistance.