The USA’s Cyber Strategy and International Law

The commitment and resolve of the United States of America to assert its ‘military warfighting superiority’ extends beyond the fields of air, land, and sea, but also encompasses cyberspace.

Recently, the United States Department of Defense (‘DoD’) has published its 2018 Cyber Strategy aimed at presenting its vision for addressing threats posed through cyber technologies, and assertively defending United States interests both in and out of armed conflict.

 

What major cyber threats concern the United States?

The DoD lists various activities of its traditional adversaries – China, Russia, Iran, and North Korea – as significant in the need for vigilance in cyberspace to ‘preserve U.S. military advantages and to defend U.S. interests.’  As it is noted that the nation’s ever increasing reliance on activities within cyber-space for a host of civilian and military functions ‘makes this an urgent and unacceptable risk’.

 

What does the DoD identify as its objectives in cyberspace?

The Cyber Strategy lists the following five objectives of the DoD in this domain:

  1. Ensuring that military missions can be achieved in contested cyberspace;
  2. Strengthening its military through carrying out cyberspace operations that enhance United States military advantages;
  3. Defending national infrastructure from malicious cyber activity that could cause or contribute to a significant cyber incident;
  4. Securing its information and systems against malicious activities in cyberspace; and
  5. Expanding its cyber operations with inter-agency, industry, and international partners.

 

How does the United States intend to counteract the cyber activities of its adversaries?

The DoD’s first stated intention in relation to addressing cyber competition from hostile actors is ensuring that the United States military is able to ‘fight and win wars in any domain, including cyberspace.’  It also adds that pre-empting, defeating, or deterring malicious cyber activities aimed at disrupting infrastructure of the United States is a key priority.  Additionally, the Cyber Strategy recognised the importance of working with allies and partners on matters of cyber capacity, combined operations, and information sharing on this issue.

 

How will the United States put these policies into practice?

 

Military capabilities

The DoD states that it will accelerate its development of cyber capabilities, innovate to keep up to date with emerging cyber technologies and trends, utilise automation and large-scale data analysis, and employ commercial cyber capabilities as part of its own activities.

 

Competition and deterrence

The focus of the United States on deterring malicious cyberspace activity also extends to protections against actions directed at its allies and partners.  The DoD’s stated intention is also to defend ‘forward to intercept and halt cyber threats’.  Further, the DoD indicates that United States infrastructure will be strengthened.  It is noted that these actions are not envisaged in isolation: the United States recognises the need to coordinate its defence in this regard with the private sector and foreign allies.

 

International partnerships and alliances

First, this encompasses coordinating with players in the private sector, as the United States recognises that this is where the ‘frontlines’ of cyber activities lie.  Second, the DoD acknowledges that cyber capabilities of allied nations complement those of the United States.  On this note, an expressed focus is to work with, strengthen the capacity of, and share information with the allies in order to ‘leverage [their] unique skills, resources, capabilities, and perspectives.’  As stated by the DoD, coordination on these matters will enhance the ‘collective cybersecurity posture’ of the United States and its allies.

Further, the DoD asserts that it will ‘reinforce voluntary, non-binding norms of responsible state behaviour in cyberspace during peacetime.’  It is pointed out that the United States has actively engaged with work of United Nations bodies in this regard.  This has focused on principles including prohibiting damaging civilian infrastructure in peacetime, and preventing nation territory being permitted for use in hostile international cyber activity.

 

What are the potential implications for Australia?

Although the DoD’s policy naturally has an America-centric focus, its implications for Australia are real and significant.

First, as an ally of the United States, Australia will be one of the nations covered by the DoD’s references to engagement with international partners in this domain.  This may likely involve the alignment and coordination of the cyberspace activities of Australian and American agencies.

Second, there is potential for Australia to follow the lead of the United States in pursuing a cyber defence policy that is substantially in harmony with that of its major security ally.  In 2018 the Australian Government sent a Cyber Security Mission to the United States and the two nations are members of the Five Eyes group of intelligence partners.  Against this backdrop, the alignment of approaches to matters of cyber defence seems natural.

Nyman Gibson Miralis specialise in dealing with complex international cybercrime investigations. Contact us if you require assistance.