Clint Arizmendi & Chloe Diggins are from the Land Warfare Studies Centre. The views expressed are their own and do not reflect those of the Department of Defence or the Australian Government.
Recent cyber attacks on the Australian intelligence community serve as a timely reminder of the impact non-state actors can have in conducting politically motivated cyber attacks against the state. The emerging trend of unsanctioned non-state cyber actors (UNCAs) who claim to undertake malicious cyber activity on behalf of the state has implications for Australian national security policy and legislative frameworks.
UNCAs are an increasingly common phenomenon. A Chinese actor targeted US computer systems in 2003; a Russian UNCA targeted both Georgian and Estonian parliaments, ministries and banks; and an American UNCA recently targeted jihadist websites in the Middle East, the infamous Westboro Baptist Church and Wikileaks. While the unsanctioned and individual status of such actors has been disputed, their capacity to influence geopolitical situations has not.
When the interests and values of UNCAs align with the strategic objectives of the state, they can act as willing or unwitting proxies. Their actions of also have the potential to undermine diplomatic and political processes, cripple state infrastructure and act as a flashpoint for cyber or conventional war.
As a result, numerous challenges emerge for the state, such as hackers violating the right to free speech, disrupting federal investigations and facilitating the rise of cyber jihadists. Perhaps most challenging is the fact that lone wolves are unmanageable – any state receiving unsanctioned support from an UNCA runs the risk of being accused of initiating these attacks if they become publicised, or having them act against the state's strategic aims when the UNCA's interests no longer align with the state.
The exponential growth of global cyber connectivity – and the vulnerability that accompanies it – provides infinite opportunities for exploitation by UNCAs. Furthermore, as technological advances rapidly outpace legislative and policy protocols, it becomes increasingly difficult to resist and deter attacks. Preventing, investigating, and prosecuting malicious cyber activity is problematic, as UNCAs often act across and between jurisdictions through multinational servers and networks. This is further complicated in instances where there are no extradition treaties between the affected state and an UNCA's host country. Therefore, UNCAs can potentially exacerbate geopolitical problems and their actions may represent a potential flashpoint for a cyber-9/11.
From a national security perspective, the time is ripe to discuss the damage an UNCA can do. As the Australian Government seeks to protect its strategic interests it is essential that it safeguards the fifth domain against the uncertainty an UNCA represents. Australia has made progress through the establishment of the Cyber Security Policy and Coordination Committee and the development of the Cyber Security Operations Centre. However, these efforts must be consolidated in the forthcoming Cyber White Paper.
Photo by Flickr user formalfallacy @ Dublin.